补充api授权认证

e56d5829 · zhouweidong · e3194413 · e56d5829
--- a/SLN/%PUBPRJ%-provider/%PUBPRJ%-provider-%SYSAPI_PKGPATH%/src/main/java/%SYS_PKGPATH%/%SYSAPI_PKGPATH%/config/%API%SecurityConfig.java.ftl
+++ b/SLN/%PUBPRJ%-provider/%PUBPRJ%-provider-%SYSAPI_PKGPATH%/src/main/java/%SYS_PKGPATH%/%SYSAPI_PKGPATH%/config/%API%SecurityConfig.java.ftl
@@ -70,7 +70,59 @@ public class ${item.codeName}SecurityConfig extends WebSecurityConfigurerAdapter
    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {

-               httpSecurity
+    @Autowired
+    private AuthenticationEntryPoint unauthorizedHandler;
+
+    @Autowired
+    private AuthenticationUserService userDetailsService;
+
+    /**
+     * 自定义基于JWT的安全过滤器
+     */
+    @Autowired
+    AuthorizationTokenFilter authenticationTokenFilter;
+
+    @Value("${r'${ibiz.auth.path:v7/login}"'})
+    private String loginPath;
+
+    @Value("${r'${ibiz.auth.logoutpath:v7/logout}"'})
+    private String logoutPath;
+
+    @Value("${r'${ibiz.file.uploadpath:ibizutil/upload}"'})
+    private String uploadpath;
+
+    @Value("${r'${ibiz.file.downloadpath:ibizutil/download}"'})
+    private String downloadpath;
+
+    @Value("${r'${ibiz.file.previewpath:ibizutil/preview}"'})
+    private String previewpath;
+
+    @Autowired
+    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoderBean());
+    }
+
+    @Bean
+    GrantedAuthorityDefaults grantedAuthorityDefaults() {
+        // Remove the ROLE_ prefix
+        return new GrantedAuthorityDefaults("");
+    }
+
+    @Bean
+    public PasswordEncoder passwordEncoderBean() {
+        return new BCryptPasswordEncoder();
+    }
+
+    @Bean
+    @Override
+    public AuthenticationManager authenticationManagerBean() throws Exception {
+        return super.authenticationManagerBean();
+    }
+
+    @Override
+    protected void configure(HttpSecurity httpSecurity) throws Exception {
+
+        httpSecurity
                // 禁用 CSRF
                .csrf().disable()
                // 授权异常
@@ -91,15 +143,21 @@ public class ${item.codeName}SecurityConfig extends WebSecurityConfigurerAdapter
                        "/**/fonts/**",
                        "/**/js/**",
                        "/**/img/**",
-                        "/",
-                        "/webjars/**",
-                        "/swagger-resources/**",
-                        "/v2/**"
+                        "/"
                ).permitAll()
-                // 服务中暂时只为重构用户身份，不进行身份认证
-                .anyRequest().permitAll()
+                //放行登录请求
+                .antMatchers( HttpMethod.POST,"/"+loginPath).permitAll()
+                //放行注销请求
+                .antMatchers( HttpMethod.GET,"/"+logoutPath).permitAll()
+                // 文件操作
+                .antMatchers("/"+downloadpath+"/**").permitAll()
+                .antMatchers("/"+uploadpath).permitAll()
+                .antMatchers("/"+previewpath+"/**").permitAll()
+                // 所有请求都需要认证
+                .anyRequest().authenticated()
                // 防止iframe 造成跨域
                .and().headers().frameOptions().disable();
+
        httpSecurity
                .addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
    }