| | |
|---|
| | | package com.genersoft.iot.vmp.conf.security; |
|---|
| | | |
|---|
| | | import com.genersoft.iot.vmp.conf.UserSetting; |
|---|
| | | import org.junit.jupiter.api.Order; |
|---|
| | | import org.slf4j.Logger; |
|---|
| | | import org.slf4j.LoggerFactory; |
|---|
| | | import org.springframework.beans.factory.annotation.Autowired; |
|---|
| | | import org.springframework.context.annotation.Bean; |
|---|
| | | import org.springframework.context.annotation.Configuration; |
|---|
| | | import org.springframework.core.annotation.Order; |
|---|
| | | import org.springframework.security.authentication.AuthenticationManager; |
|---|
| | | import org.springframework.security.authentication.dao.DaoAuthenticationProvider; |
|---|
| | | import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; |
|---|
| | |
|---|
| | | |
|---|
| | | import java.util.ArrayList; |
|---|
| | | import java.util.Arrays; |
|---|
| | | import java.util.Collections; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 配置Spring Security |
|---|
| | | * |
|---|
| | | * @author lin |
|---|
| | | */ |
|---|
| | | @Configuration |
|---|
| | |
|---|
| | | * 登出成功的处理 |
|---|
| | | */ |
|---|
| | | @Autowired |
|---|
| | | private LoginFailureHandler loginFailureHandler; |
|---|
| | | /** |
|---|
| | | * 登录成功的处理 |
|---|
| | | */ |
|---|
| | | @Autowired |
|---|
| | | private LoginSuccessHandler loginSuccessHandler; |
|---|
| | | /** |
|---|
| | | * 登出成功的处理 |
|---|
| | | */ |
|---|
| | | @Autowired |
|---|
| | | private LogoutHandler logoutHandler; |
|---|
| | | /** |
|---|
| | | * 未登录的处理 |
|---|
| | |
|---|
| | | **/ |
|---|
| | | @Override |
|---|
| | | public void configure(WebSecurity web) { |
|---|
| | | |
|---|
| | | ArrayList<String> matchers = new ArrayList<>(); |
|---|
| | | matchers.add("/"); |
|---|
| | | matchers.add("/#/**"); |
|---|
| | | matchers.add("/static/**"); |
|---|
| | | matchers.add("/index.html"); |
|---|
| | | matchers.add("/doc.html"); |
|---|
| | | matchers.add("/webjars/**"); |
|---|
| | | matchers.add("/swagger-resources/**"); |
|---|
| | | matchers.add("/v3/api-docs/**"); |
|---|
| | | matchers.add("/js/**"); |
|---|
| | | matchers.add("/api/device/query/snap/**"); |
|---|
| | | matchers.addAll(userSetting.getInterfaceAuthenticationExcludes()); |
|---|
| | | // 可以直接访问的静态数据 |
|---|
| | | web.ignoring().antMatchers(matchers.toArray(new String[0])); |
|---|
| | | if (userSetting.isInterfaceAuthentication()) { |
|---|
| | | ArrayList<String> matchers = new ArrayList<>(); |
|---|
| | | matchers.add("/"); |
|---|
| | | matchers.add("/#/**"); |
|---|
| | | matchers.add("/static/**"); |
|---|
| | | matchers.add("/swagger-ui.html"); |
|---|
| | | matchers.add("/swagger-ui/"); |
|---|
| | | matchers.add("/index.html"); |
|---|
| | | matchers.add("/doc.html"); |
|---|
| | | matchers.add("/webjars/**"); |
|---|
| | | matchers.add("/swagger-resources/**"); |
|---|
| | | matchers.add("/v3/api-docs/**"); |
|---|
| | | matchers.add("/js/**"); |
|---|
| | | matchers.add("/api/device/query/snap/**"); |
|---|
| | | matchers.add("/record_proxy/*/**"); |
|---|
| | | matchers.add("/api/emit"); |
|---|
| | | matchers.add("/favicon.ico"); |
|---|
| | | // 可以直接访问的静态数据 |
|---|
| | | web.ignoring().antMatchers(matchers.toArray(new String[0])); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 配置认证方式 |
|---|
| | | * |
|---|
| | | * @param auth |
|---|
| | | * @throws Exception |
|---|
| | | */ |
|---|
| | |
|---|
| | | .authorizeRequests() |
|---|
| | | .requestMatchers(CorsUtils::isPreFlightRequest).permitAll() |
|---|
| | | .antMatchers(userSetting.getInterfaceAuthenticationExcludes().toArray(new String[0])).permitAll() |
|---|
| | | .antMatchers("/api/user/login","/index/hook/**").permitAll() |
|---|
| | | .antMatchers("/api/device/query/devices/**","/api/play/start/img/**", "/api/user/login", "/index/hook/**","/index/hook/abl/**", "/swagger-ui/**", "/doc.html#/**").permitAll() |
|---|
| | | .anyRequest().authenticated() |
|---|
| | | // 异常处理器 |
|---|
| | | .and() |
|---|
| | |
|---|
| | | |
|---|
| | | } |
|---|
| | | |
|---|
| | | CorsConfigurationSource configurationSource(){ |
|---|
| | | CorsConfigurationSource configurationSource() { |
|---|
| | | // 配置跨域 |
|---|
| | | CorsConfiguration corsConfiguration = new CorsConfiguration(); |
|---|
| | | corsConfiguration.setAllowedHeaders(Arrays.asList("*")); |
|---|
| | | corsConfiguration.setAllowedMethods(Arrays.asList("*")); |
|---|
| | | corsConfiguration.setMaxAge(3600L); |
|---|
| | | corsConfiguration.setAllowCredentials(true); |
|---|
| | | corsConfiguration.setAllowedOrigins(userSetting.getAllowedOrigins()); |
|---|
| | | if (userSetting.getAllowedOrigins() != null && !userSetting.getAllowedOrigins().isEmpty()) { |
|---|
| | | corsConfiguration.setAllowCredentials(true); |
|---|
| | | corsConfiguration.setAllowedOrigins(userSetting.getAllowedOrigins()); |
|---|
| | | }else { |
|---|
| | | corsConfiguration.setAllowCredentials(false); |
|---|
| | | corsConfiguration.setAllowedOrigins(Collections.singletonList(CorsConfiguration.ALL)); |
|---|
| | | } |
|---|
| | | |
|---|
| | | corsConfiguration.setExposedHeaders(Arrays.asList(JwtUtils.getHeader())); |
|---|
| | | |
|---|
| | | UrlBasedCorsConfigurationSource url = new UrlBasedCorsConfigurationSource(); |
|---|
| | | url.registerCorsConfiguration("/**",corsConfiguration); |
|---|
| | | url.registerCorsConfiguration("/**", corsConfiguration); |
|---|
| | | return url; |
|---|
| | | } |
|---|
| | | |
|---|
