青阳考试系统
blame | 历史 | 原始文档
xiangpei
2024-03-08 c50e176c4a6b9331d2d1c0520bafb18f54f0dee6 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133

package com.mindskip.xzs.configuration.spring.security;


 


import com.mindskip.xzs.configuration.property.CookieConfig;


import com.mindskip.xzs.configuration.property.SystemConfig;


import com.mindskip.xzs.domain.enums.RoleEnum;


import org.springframework.beans.factory.annotation.Autowired;


import org.springframework.context.annotation.Bean;


import org.springframework.context.annotation.Configuration;


import org.springframework.security.config.annotation.web.builders.HttpSecurity;


import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;


import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;


import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;


import org.springframework.web.cors.CorsConfiguration;


import org.springframework.web.cors.CorsConfigurationSource;


import org.springframework.web.cors.UrlBasedCorsConfigurationSource;


 


import java.util.Collections;


import java.util.List;


 


 


 


@Configuration


@EnableWebSecurity


public class SecurityConfigurer {


 


    /**


     * The type Form login web security configurer adapter.


     */


    @Configuration


    public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {


 


        private final SystemConfig systemConfig;


        private final LoginAuthenticationEntryPoint restAuthenticationEntryPoint;


        private final RestAuthenticationProvider restAuthenticationProvider;


        private final RestDetailsServiceImpl formDetailsService;


        private final RestAuthenticationSuccessHandler restAuthenticationSuccessHandler;


        private final RestAuthenticationFailureHandler restAuthenticationFailureHandler;


        private final RestLogoutSuccessHandler restLogoutSuccessHandler;


        private final RestAccessDeniedHandler restAccessDeniedHandler;


 


        /**


         * Instantiates a new Form login web security configurer adapter.


         *


         * @param systemConfig                     the system config


         * @param restAuthenticationEntryPoint     the rest authentication entry point


         * @param restAuthenticationProvider       the rest authentication provider


         * @param formDetailsService               the form details service


         * @param restAuthenticationSuccessHandler the rest authentication success handler


         * @param restAuthenticationFailureHandler the rest authentication failure handler


         * @param restLogoutSuccessHandler         the rest logout success handler


         * @param restAccessDeniedHandler          the rest access denied handler


         */


        @Autowired


        public FormLoginWebSecurityConfigurerAdapter(SystemConfig systemConfig, LoginAuthenticationEntryPoint restAuthenticationEntryPoint, RestAuthenticationProvider restAuthenticationProvider, RestDetailsServiceImpl formDetailsService, RestAuthenticationSuccessHandler restAuthenticationSuccessHandler, RestAuthenticationFailureHandler restAuthenticationFailureHandler, RestLogoutSuccessHandler restLogoutSuccessHandler, RestAccessDeniedHandler restAccessDeniedHandler) {


            this.systemConfig = systemConfig;


            this.restAuthenticationEntryPoint = restAuthenticationEntryPoint;


            this.restAuthenticationProvider = restAuthenticationProvider;


            this.formDetailsService = formDetailsService;


            this.restAuthenticationSuccessHandler = restAuthenticationSuccessHandler;


            this.restAuthenticationFailureHandler = restAuthenticationFailureHandler;


            this.restLogoutSuccessHandler = restLogoutSuccessHandler;


            this.restAccessDeniedHandler = restAccessDeniedHandler;


        }


 


        /**


         * @param http http


         * @throws Exception exception


         *                   csrf is the from submit get method


         */


        @Override


        protected void configure(HttpSecurity http) throws Exception {


            http.headers().frameOptions().disable();


 


            List<String> securityIgnoreUrls = systemConfig.getSecurityIgnoreUrls();


            String[] ignores = new String[securityIgnoreUrls.size()];


            http


                    .addFilterAt(authenticationFilter(), UsernamePasswordAuthenticationFilter.class)


                    .exceptionHandling().authenticationEntryPoint(restAuthenticationEntryPoint)


                    .and().authenticationProvider(restAuthenticationProvider)


                    .authorizeRequests()


                    .antMatchers(securityIgnoreUrls.toArray(ignores)).permitAll()


                    .antMatchers("/api/admin/department/list", "/api/admin/video/getList","/api/admin/user/conversion","/api/admin/examPaperGrade/updates").permitAll()


                    // todo 设置部门管理员可以看的请求


                    .antMatchers("/api/admin/**").hasAnyRole(RoleEnum.ADMIN.getName(), RoleEnum.DEPT_ADMIN.getName())


                    .antMatchers("/api/student/**").hasRole(RoleEnum.STUDENT.getName())


                    .anyRequest().permitAll()


                    .and().exceptionHandling().accessDeniedHandler(restAccessDeniedHandler)


                    .and().formLogin().successHandler(restAuthenticationSuccessHandler).failureHandler(restAuthenticationFailureHandler)


                    .and().logout().logoutUrl("/api/user/logout").logoutSuccessHandler(restLogoutSuccessHandler).invalidateHttpSession(true)


                    .and().rememberMe().key(CookieConfig.getName()).tokenValiditySeconds(CookieConfig.getInterval()).userDetailsService(formDetailsService)


                    .and().csrf().disable()


                    .cors();


        }


 


 


        /**


         * Cors configuration source cors configuration source.


         *


         * @return the cors configuration source


         */


        @Bean


        public CorsConfigurationSource corsConfigurationSource() {


            final CorsConfiguration configuration = new CorsConfiguration();


            configuration.setMaxAge(3600L);


            configuration.setAllowedOrigins(Collections.singletonList("*"));


            configuration.setAllowedMethods(Collections.singletonList("*"));


            configuration.setAllowCredentials(true);


            configuration.setAllowedHeaders(Collections.singletonList("*"));


            final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();


            source.registerCorsConfiguration("/api/**", configuration);


            return source;


        }


 


 


        /**


         * Authentication filter rest login authentication filter.


         *


         * @return the rest login authentication filter


         * @throws Exception the exception


         */


        @Bean


        public RestLoginAuthenticationFilter authenticationFilter() throws Exception {


            RestLoginAuthenticationFilter authenticationFilter = new RestLoginAuthenticationFilter();


            authenticationFilter.setAuthenticationSuccessHandler(restAuthenticationSuccessHandler);


            authenticationFilter.setAuthenticationFailureHandler(restAuthenticationFailureHandler);


            authenticationFilter.setAuthenticationManager(authenticationManagerBean());


            authenticationFilter.setUserDetailsService(formDetailsService);


            return authenticationFilter;


        }


 


 


    }


}