智慧养老平台
blame | 历史 | 原始文档
xuefei
2020-12-10 eeeb7233935ea9b10e99043bdbf740ef86c9bf20 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123

package cn.cetc54.platform.core.config.security;


 


import cn.cetc54.platform.core.common.utils.SecurityUtil;


import cn.cetc54.platform.core.config.properties.IgnoredUrlsProperties;


import cn.cetc54.platform.core.config.properties.PlatformTokenProperties;


import cn.cetc54.platform.core.config.security.jwt.AuthenticationFailHandler;


import cn.cetc54.platform.core.config.security.jwt.AuthenticationSuccessHandler;


import cn.cetc54.platform.core.config.security.jwt.JWTAuthenticationFilter;


import cn.cetc54.platform.core.config.security.jwt.RestAccessDeniedHandler;


import cn.cetc54.platform.core.config.security.permission.MyFilterSecurityInterceptor;


import cn.cetc54.platform.core.config.security.validate.ImageValidateFilter;


import lombok.extern.slf4j.Slf4j;


import org.springframework.beans.factory.annotation.Autowired;


import org.springframework.context.annotation.Configuration;


import org.springframework.data.redis.core.StringRedisTemplate;


import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;


import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;


import org.springframework.security.config.annotation.web.builders.HttpSecurity;


import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;


import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;


import org.springframework.security.config.http.SessionCreationPolicy;


import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;


import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;


import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;


 


/**


 * Security 核心配置类


 * 开启注解控制权限至Controller


 * @author


 */


@Slf4j


@Configuration


@EnableGlobalMethodSecurity(prePostEnabled=true)


public class WebSecurityConfig extends WebSecurityConfigurerAdapter {


 


    @Autowired


    private PlatformTokenProperties tokenProperties;


 


    @Autowired


    private IgnoredUrlsProperties ignoredUrlsProperties;


 


    @Autowired


    private UserDetailsServiceImpl userDetailsService;


 


    @Autowired


    private AuthenticationSuccessHandler successHandler;


 


    @Autowired


    private AuthenticationFailHandler failHandler;


 


    @Autowired


    private RestAccessDeniedHandler accessDeniedHandler;


 


    @Autowired


    private MyFilterSecurityInterceptor myFilterSecurityInterceptor;


 


    @Autowired


    private ImageValidateFilter imageValidateFilter;


 


    @Autowired


    private StringRedisTemplate redisTemplate;


 


    @Autowired


    private SecurityUtil securityUtil;


 


    @Override


    protected void configure(AuthenticationManagerBuilder auth) throws Exception {


        auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());


    }


 


    @Override


    protected void configure(HttpSecurity http) throws Exception {


 


        ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http


                .authorizeRequests();


 


        // 除配置文件忽略路径其它所有请求都需经过认证和授权


        for(String url : ignoredUrlsProperties.getUrls()){


            registry.antMatchers(url).permitAll();


        }


 


        registry.and()


                // 表单登录方式


                .formLogin()


                .loginPage("/platform/common/needLogin")


                // 登录请求url


                .loginProcessingUrl("/platform/login")


                .permitAll()


                // 成功处理类


                .successHandler(successHandler)


                // 失败


                .failureHandler(failHandler)


                .and()


                // 允许网页iframe


                .headers().frameOptions().disable()


                .and()


                .logout()


                .permitAll()


                .and()


                .authorizeRequests()


                // 任何请求


                .anyRequest()


                // 需要身份认证


                .authenticated()


                .and()


                // 允许跨域


                .cors().and()


                // 关闭跨站请求防护


                .csrf().disable()


                // 前后端分离采用JWT 不需要session


                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)


                .and()


                // 自定义权限拒绝处理类


                .exceptionHandling().accessDeniedHandler(accessDeniedHandler)


                .and()


                // 图形验证码过滤器


                .addFilterBefore(imageValidateFilter, UsernamePasswordAuthenticationFilter.class)


                // 添加自定义权限过滤器


                .addFilterBefore(myFilterSecurityInterceptor, FilterSecurityInterceptor.class)


                // 添加JWT认证过滤器


                .addFilter(new JWTAuthenticationFilter(authenticationManager(), tokenProperties, redisTemplate, securityUtil));


    }


}