| package com.genersoft.iot.vmp.conf.security; | 
|   | 
| import com.genersoft.iot.vmp.conf.UserSetting; | 
| import org.slf4j.Logger; | 
| import org.slf4j.LoggerFactory; | 
| import org.springframework.beans.factory.annotation.Autowired; | 
| import org.springframework.context.annotation.Bean; | 
| import org.springframework.context.annotation.Configuration; | 
| import org.springframework.core.annotation.Order; | 
| import org.springframework.security.authentication.AuthenticationManager; | 
| import org.springframework.security.authentication.dao.DaoAuthenticationProvider; | 
| import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; | 
| import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; | 
| import org.springframework.security.config.annotation.web.builders.HttpSecurity; | 
| import org.springframework.security.config.annotation.web.builders.WebSecurity; | 
| import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; | 
| import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; | 
| import org.springframework.security.config.http.SessionCreationPolicy; | 
| import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; | 
| import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; | 
| import org.springframework.web.cors.CorsConfiguration; | 
| import org.springframework.web.cors.CorsConfigurationSource; | 
| import org.springframework.web.cors.CorsUtils; | 
| import org.springframework.web.cors.UrlBasedCorsConfigurationSource; | 
|   | 
| import java.util.ArrayList; | 
| import java.util.Arrays; | 
| import java.util.Collections; | 
|   | 
| /** | 
|  * 配置Spring Security | 
|  * | 
|  * @author lin | 
|  */ | 
| @Configuration | 
| @EnableWebSecurity | 
| @EnableGlobalMethodSecurity(prePostEnabled = true) | 
| @Order(1) | 
| public class WebSecurityConfig extends WebSecurityConfigurerAdapter { | 
|   | 
|     private final static Logger logger = LoggerFactory.getLogger(WebSecurityConfig.class); | 
|   | 
|     @Autowired | 
|     private UserSetting userSetting; | 
|   | 
|     @Autowired | 
|     private DefaultUserDetailsServiceImpl userDetailsService; | 
|     /** | 
|      * 登出成功的处理 | 
|      */ | 
|     @Autowired | 
|     private LogoutHandler logoutHandler; | 
|     /** | 
|      * 未登录的处理 | 
|      */ | 
|     @Autowired | 
|     private AnonymousAuthenticationEntryPoint anonymousAuthenticationEntryPoint; | 
|     @Autowired | 
|     private JwtAuthenticationFilter jwtAuthenticationFilter; | 
|   | 
|   | 
|     /** | 
|      * 描述: 静态资源放行,这里的放行,是不走 Spring Security 过滤器链 | 
|      **/ | 
|     @Override | 
|     public void configure(WebSecurity web) { | 
|         if (userSetting.isInterfaceAuthentication()) { | 
|             ArrayList<String> matchers = new ArrayList<>(); | 
|             matchers.add("/"); | 
|             matchers.add("/#/**"); | 
|             matchers.add("/static/**"); | 
|             matchers.add("/swagger-ui.html"); | 
|             matchers.add("/swagger-ui/"); | 
|             matchers.add("/index.html"); | 
|             matchers.add("/doc.html"); | 
|             matchers.add("/webjars/**"); | 
|             matchers.add("/swagger-resources/**"); | 
|             matchers.add("/v3/api-docs/**"); | 
|             matchers.add("/js/**"); | 
|             matchers.add("/api/device/query/snap/**"); | 
|             matchers.add("/record_proxy/*/**"); | 
|             matchers.add("/api/emit"); | 
|             matchers.add("/favicon.ico"); | 
|             // 可以直接访问的静态数据 | 
|             web.ignoring().antMatchers(matchers.toArray(new String[0])); | 
|         } | 
|     } | 
|   | 
|     /** | 
|      * 配置认证方式 | 
|      * | 
|      * @param auth | 
|      * @throws Exception | 
|      */ | 
|     @Override | 
|     protected void configure(AuthenticationManagerBuilder auth) throws Exception { | 
|         DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); | 
|         // 设置不隐藏 未找到用户异常 | 
|         provider.setHideUserNotFoundExceptions(true); | 
|         // 用户认证service - 查询数据库的逻辑 | 
|         provider.setUserDetailsService(userDetailsService); | 
|         // 设置密码加密算法 | 
|         provider.setPasswordEncoder(passwordEncoder()); | 
|         auth.authenticationProvider(provider); | 
|     } | 
|   | 
|     @Override | 
|     protected void configure(HttpSecurity http) throws Exception { | 
|         http.headers().contentTypeOptions().disable() | 
|                 .and().cors().configurationSource(configurationSource()) | 
|                 .and().csrf().disable() | 
|                 .sessionManagement() | 
|                 .sessionCreationPolicy(SessionCreationPolicy.STATELESS) | 
|   | 
|                 // 配置拦截规则 | 
|                 .and() | 
|                 .authorizeRequests() | 
|                 .requestMatchers(CorsUtils::isPreFlightRequest).permitAll() | 
|                 .antMatchers(userSetting.getInterfaceAuthenticationExcludes().toArray(new String[0])).permitAll() | 
|                 .antMatchers("/api/user/login", "/index/hook/**", "/swagger-ui/**", "/doc.html").permitAll() | 
|                 .anyRequest().authenticated() | 
|                 // 异常处理器 | 
|                 .and() | 
|                 .exceptionHandling() | 
|                 .authenticationEntryPoint(anonymousAuthenticationEntryPoint) | 
|                 .and().logout().logoutUrl("/api/user/logout").permitAll() | 
|                 .logoutSuccessHandler(logoutHandler) | 
|         ; | 
|         http.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class); | 
|   | 
|     } | 
|   | 
|     CorsConfigurationSource configurationSource() { | 
|         // 配置跨域 | 
|         CorsConfiguration corsConfiguration = new CorsConfiguration(); | 
|         corsConfiguration.setAllowedHeaders(Arrays.asList("*")); | 
|         corsConfiguration.setAllowedMethods(Arrays.asList("*")); | 
|         corsConfiguration.setMaxAge(3600L); | 
|         if (userSetting.getAllowedOrigins() != null && !userSetting.getAllowedOrigins().isEmpty()) { | 
|             corsConfiguration.setAllowCredentials(true); | 
|             corsConfiguration.setAllowedOrigins(userSetting.getAllowedOrigins()); | 
|         }else { | 
|             corsConfiguration.setAllowCredentials(false); | 
|             corsConfiguration.setAllowedOrigins(Collections.singletonList(CorsConfiguration.ALL)); | 
|         } | 
|   | 
|         corsConfiguration.setExposedHeaders(Arrays.asList(JwtUtils.getHeader())); | 
|   | 
|         UrlBasedCorsConfigurationSource url = new UrlBasedCorsConfigurationSource(); | 
|         url.registerCorsConfiguration("/**", corsConfiguration); | 
|         return url; | 
|     } | 
|   | 
|     /** | 
|      * 描述: 密码加密算法 BCrypt 推荐使用 | 
|      **/ | 
|     @Bean | 
|     public BCryptPasswordEncoder passwordEncoder() { | 
|         return new BCryptPasswordEncoder(); | 
|     } | 
|   | 
|     /** | 
|      * 描述: 注入AuthenticationManager管理器 | 
|      **/ | 
|     @Override | 
|     @Bean | 
|     public AuthenticationManager authenticationManager() throws Exception { | 
|         return super.authenticationManager(); | 
|     } | 
| } |