绿满筐商城java服务
blame | 历史 | 原始文档
zxl
8 天以前 0fb6b9d8d414822668c401a2b507df1fe6d1fa2d 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

package cn.lili.security;


 


import cn.lili.cache.Cache;


import cn.lili.common.properties.IgnoredUrlsProperties;


import cn.lili.common.security.CustomAccessDeniedHandler;


import cn.lili.common.utils.SpringContextUtil;


import cn.lili.modules.member.service.ClerkService;


import cn.lili.modules.member.service.StoreMenuRoleService;


import cn.lili.modules.member.token.StoreTokenGenerate;


import lombok.extern.slf4j.Slf4j;


import org.springframework.beans.factory.annotation.Autowired;


import org.springframework.context.annotation.Configuration;


import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;


import org.springframework.security.config.annotation.web.builders.HttpSecurity;


import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;


import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;


import org.springframework.security.config.http.SessionCreationPolicy;


import org.springframework.web.cors.CorsConfigurationSource;


 


/**


 * spring Security 核心配置类 Store安全配置中心


 *


 * @author Chopper


 * @since 2020/11/14 16:20


 */


@Slf4j


@Configuration


@EnableGlobalMethodSecurity(prePostEnabled = true)


public class StoreSecurityConfig extends WebSecurityConfigurerAdapter {


 


    /**


     * 忽略验权配置


     */


    @Autowired


    private IgnoredUrlsProperties ignoredUrlsProperties;


 


    /**


     * spring security -》 权限不足处理


     */


    @Autowired


    private CustomAccessDeniedHandler accessDeniedHandler;


 


    @Autowired


    private Cache<String> cache;


 


    @Autowired


    private StoreTokenGenerate storeTokenGenerate;


 


    @Autowired


    private StoreMenuRoleService storeMenuRoleService;


 


    @Autowired


    private ClerkService clerkService;


 


 


    @Override


    protected void configure(HttpSecurity http) throws Exception {


 


        ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http


                .authorizeRequests();


        //配置的url 不需要授权


        for (String url : ignoredUrlsProperties.getUrls()) {


            registry.antMatchers(url).permitAll();


        }


        registry.and()


                //禁止网页iframe


                .headers().frameOptions().disable()


                .and()


                .logout()


                .permitAll()


                .and()


                .authorizeRequests()


                //任何请求


                .anyRequest()


                //需要身份认证


                .authenticated()


                .and()


                //允许跨域


                .cors().configurationSource((CorsConfigurationSource) SpringContextUtil.getBean("corsConfigurationSource")).and()


                //关闭跨站请求防护


                .csrf().disable()


                //前后端分离采用JWT 不需要session


                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)


                .and()


                //自定义权限拒绝处理类


                .exceptionHandling().accessDeniedHandler(accessDeniedHandler)


                .and()


                //添加JWT认证过滤器


                .addFilter(new StoreAuthenticationFilter(authenticationManager(), storeTokenGenerate, storeMenuRoleService, clerkService, cache));


    }


 


}