wvp-pro.git - Gitblit

			@@ -1,5 +1,8 @@
			package com.genersoft.iot.vmp.conf.security;

			import com.genersoft.iot.vmp.conf.UserSetting;
			import org.slf4j.Logger;
			import org.slf4j.LoggerFactory;
			import org.springframework.beans.factory.annotation.Autowired;
			import org.springframework.context.annotation.Bean;
			import org.springframework.context.annotation.Configuration;
			@@ -13,13 +16,21 @@
			import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
			import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

			import java.util.List;

			/**
			* 配置Spring Security
			* @author lin
			*/
			@Configuration
			@EnableWebSecurity
			@EnableGlobalMethodSecurity(prePostEnabled = true)
			public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

			private final static Logger logger = LoggerFactory.getLogger(WebSecurityConfig.class);

			@Autowired
			private UserSetting userSetting;

			@Autowired
			private DefaultUserDetailsServiceImpl userDetailsService;
			@@ -66,18 +77,32 @@
			**/
			@Override
			public void configure(WebSecurity web) {
			// 可以直接访问的静态数据
			web.ignoring()
			.antMatchers("/")
			.antMatchers("/css/**")
			.antMatchers("/img/**")
			.antMatchers("/fonts/**")
			.antMatchers("/index.html")
			.antMatchers("/doc.html") // "/webjars/", "/swagger-resources/", "/v3/api-docs/**"
			.antMatchers("/webjars/**")
			.antMatchers("/swagger-resources/**")
			.antMatchers("/v3/api-docs/**")
			.antMatchers("/js/**");

			if (!userSetting.isInterfaceAuthentication()) {
			web.ignoring().antMatchers("**");
			}else {
			// 可以直接访问的静态数据
			web.ignoring()
			.antMatchers("/")
			.antMatchers("/#/**")
			.antMatchers("/static/**")
			.antMatchers("/index.html")
			.antMatchers("/doc.html") // "/webjars/", "/swagger-resources/", "/v3/api-docs/**"
			.antMatchers("/webjars/**")
			.antMatchers("/swagger-resources/**")
			.antMatchers("/v3/api-docs/**")
			.antMatchers("/favicon.ico")
			.antMatchers("/js/**");
			List<String> interfaceAuthenticationExcludes = userSetting.getInterfaceAuthenticationExcludes();
			for (String interfaceAuthenticationExclude : interfaceAuthenticationExcludes) {
			if (interfaceAuthenticationExclude.split("/").length < 4 ) {
			logger.warn("{}不满足两级目录，已忽略", interfaceAuthenticationExclude);
			}else {
			web.ignoring().antMatchers(interfaceAuthenticationExclude);
			}

			}
			}
			}

			/**
			@@ -100,6 +125,8 @@
			@Override
			protected void configure(HttpSecurity http) throws Exception {
			http.cors().and().csrf().disable();
			// 设置允许添加静态文件
			http.headers().contentTypeOptions().disable();
			http.authorizeRequests()
			// 放行接口
			.antMatchers("/api/user/login","/index/hook/**").permitAll()
			@@ -107,15 +134,19 @@
			.anyRequest().authenticated()
			// 异常处理(权限拒绝、登录失效等)
			.and().exceptionHandling()
			.authenticationEntryPoint(anonymousAuthenticationEntryPoint)//匿名用户访问无权限资源时的异常处理
			//匿名用户访问无权限资源时的异常处理
			.authenticationEntryPoint(anonymousAuthenticationEntryPoint)
			// .accessDeniedHandler(accessDeniedHandler)//登录用户没有权限访问资源
			// 登入
			.and().formLogin().permitAll()//允许所有用户
			.successHandler(loginSuccessHandler)//登录成功处理逻辑
			.failureHandler(loginFailureHandler)//登录失败处理逻辑
			// 登入允许所有用户
			.and().formLogin().permitAll()
			//登录成功处理逻辑
			.successHandler(loginSuccessHandler)
			//登录失败处理逻辑
			.failureHandler(loginFailureHandler)
			// 登出
			.and().logout().logoutUrl("/api/user/logout").permitAll()//允许所有用户
			.logoutSuccessHandler(logoutHandler)//登出成功处理逻辑
			.and().logout().logoutUrl("/api/user/logout").permitAll()
			//登出成功处理逻辑
			.logoutSuccessHandler(logoutHandler)
			.deleteCookies("JSESSIONID")
			// 会话管理
			// .and().sessionManagement().invalidSessionStrategy(invalidSessionHandler) // 超时处理