package com.monkeylessey.framework.config;
|
|
import com.monkeylessey.framework.security.filter.JwtTokenFilter;
|
import com.monkeylessey.framework.security.handler.CustomLogoutSuccessHandler;
|
import com.monkeylessey.framework.security.handler.exception.AccessHandler;
|
import com.monkeylessey.framework.security.handler.exception.AuthenticationException;
|
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
|
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Configuration;
|
import org.springframework.http.HttpMethod;
|
import org.springframework.security.authentication.AuthenticationManager;
|
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.WebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
import org.springframework.security.config.http.SessionCreationPolicy;
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
|
|
/**
|
* @author 29443
|
* @date 2022/4/4
|
*/
|
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
@Configuration
|
@ConditionalOnProperty(prefix = "xp-start.security", name = "session", havingValue = "false")
|
public class TokenSecurityConfig extends WebSecurityConfigurerAdapter {
|
|
@Autowired
|
private CustomLogoutSuccessHandler customLogoutSuccessHandler;
|
|
@Autowired
|
private AccessHandler accessHandler;
|
|
@Autowired
|
private AuthenticationException authenticationException;
|
|
|
@Override
|
@Bean
|
public AuthenticationManager authenticationManagerBean() throws Exception {
|
return super.authenticationManagerBean();
|
}
|
|
@Bean
|
public JwtTokenFilter jwtTokenFilter() throws Exception {
|
JwtTokenFilter jwtTokenFilter = new JwtTokenFilter(authenticationManagerBean());
|
return jwtTokenFilter;
|
}
|
|
@Bean
|
public PasswordEncoder passwordEncoder() {
|
return new BCryptPasswordEncoder();
|
}
|
|
@Override
|
protected void configure(HttpSecurity http) throws Exception {
|
http.formLogin();
|
|
// 使用自定义异常处理
|
http.exceptionHandling()
|
.accessDeniedHandler(accessHandler)
|
.authenticationEntryPoint(authenticationException);
|
|
http.authorizeRequests()
|
.antMatchers(HttpMethod.POST, "/xpstart/login").permitAll()
|
.antMatchers("/sys-table/columns/**").permitAll()
|
.antMatchers("/ws/**").permitAll()
|
.antMatchers("/register", "/captcha", "/sms", "/file/**").permitAll()
|
.antMatchers("/doc.html", "/webjars/**", "/img.icons/**", "/swagger-resources/**", "/v2/api-docs", "/files/**").permitAll()
|
.anyRequest().authenticated();
|
|
// 退出登录
|
http.logout()
|
.logoutUrl("/logout")
|
.logoutSuccessHandler(customLogoutSuccessHandler);
|
|
// 暂时先关闭跨站请求伪造
|
http.csrf().disable();
|
// 开启跨域
|
http.cors();
|
|
// 不会创建session
|
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
|
|
// 添加jwt过滤器
|
http.addFilter(jwtTokenFilter());
|
|
|
}
|
|
//忽略websocket拦截
|
@Override
|
public void configure(WebSecurity webSecurity){
|
webSecurity.ignoring().antMatchers(
|
"/ws/**"
|
);
|
}
|
|
}
|
