|  |  |  | 
|---|
|  |  |  | package com.genersoft.iot.vmp.conf.security; | 
|---|
|  |  |  |  | 
|---|
|  |  |  | import com.genersoft.iot.vmp.conf.UserSetting; | 
|---|
|  |  |  | import org.junit.jupiter.api.Order; | 
|---|
|  |  |  | import org.slf4j.Logger; | 
|---|
|  |  |  | import org.slf4j.LoggerFactory; | 
|---|
|  |  |  | import org.springframework.beans.factory.annotation.Autowired; | 
|---|
|  |  |  | import org.springframework.context.annotation.Bean; | 
|---|
|  |  |  | import org.springframework.context.annotation.Configuration; | 
|---|
|  |  |  | import org.springframework.core.annotation.Order; | 
|---|
|  |  |  | import org.springframework.security.authentication.AuthenticationManager; | 
|---|
|  |  |  | import org.springframework.security.authentication.dao.DaoAuthenticationProvider; | 
|---|
|  |  |  | import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; | 
|---|
|  |  |  | 
|---|
|  |  |  |  | 
|---|
|  |  |  | import java.util.ArrayList; | 
|---|
|  |  |  | import java.util.Arrays; | 
|---|
|  |  |  | import java.util.Collections; | 
|---|
|  |  |  |  | 
|---|
|  |  |  | /** | 
|---|
|  |  |  | * 配置Spring Security | 
|---|
|  |  |  | * | 
|---|
|  |  |  | * @author lin | 
|---|
|  |  |  | */ | 
|---|
|  |  |  | @Configuration | 
|---|
|  |  |  | 
|---|
|  |  |  | * 登出成功的处理 | 
|---|
|  |  |  | */ | 
|---|
|  |  |  | @Autowired | 
|---|
|  |  |  | private LoginFailureHandler loginFailureHandler; | 
|---|
|  |  |  | /** | 
|---|
|  |  |  | * 登录成功的处理 | 
|---|
|  |  |  | */ | 
|---|
|  |  |  | @Autowired | 
|---|
|  |  |  | private LoginSuccessHandler loginSuccessHandler; | 
|---|
|  |  |  | /** | 
|---|
|  |  |  | * 登出成功的处理 | 
|---|
|  |  |  | */ | 
|---|
|  |  |  | @Autowired | 
|---|
|  |  |  | private LogoutHandler logoutHandler; | 
|---|
|  |  |  | /** | 
|---|
|  |  |  | * 未登录的处理 | 
|---|
|  |  |  | 
|---|
|  |  |  | **/ | 
|---|
|  |  |  | @Override | 
|---|
|  |  |  | public void configure(WebSecurity web) { | 
|---|
|  |  |  |  | 
|---|
|  |  |  | if (!userSetting.isInterfaceAuthentication()) { | 
|---|
|  |  |  | web.ignoring().antMatchers("**"); | 
|---|
|  |  |  | }else { | 
|---|
|  |  |  | if (userSetting.isInterfaceAuthentication()) { | 
|---|
|  |  |  | ArrayList<String> matchers = new ArrayList<>(); | 
|---|
|  |  |  | matchers.add("/"); | 
|---|
|  |  |  | matchers.add("/#/**"); | 
|---|
|  |  |  | matchers.add("/static/**"); | 
|---|
|  |  |  | matchers.add("/swagger-ui.html"); | 
|---|
|  |  |  | matchers.add("/swagger-ui/"); | 
|---|
|  |  |  | matchers.add("/index.html"); | 
|---|
|  |  |  | matchers.add("/doc.html"); | 
|---|
|  |  |  | matchers.add("/webjars/**"); | 
|---|
|  |  |  | matchers.add("/swagger-resources/**"); | 
|---|
|  |  |  | matchers.add("/v3/api-docs/**"); | 
|---|
|  |  |  | matchers.add("/js/**"); | 
|---|
|  |  |  | matchers.addAll(userSetting.getInterfaceAuthenticationExcludes()); | 
|---|
|  |  |  | matchers.add("/api/device/query/snap/**"); | 
|---|
|  |  |  | matchers.add("/record_proxy/*/**"); | 
|---|
|  |  |  | matchers.add("/api/emit"); | 
|---|
|  |  |  | matchers.add("/favicon.ico"); | 
|---|
|  |  |  | // 可以直接访问的静态数据 | 
|---|
|  |  |  | web.ignoring().antMatchers(matchers.toArray(new String[0])); | 
|---|
|  |  |  | } | 
|---|
|  |  |  | 
|---|
|  |  |  |  | 
|---|
|  |  |  | /** | 
|---|
|  |  |  | * 配置认证方式 | 
|---|
|  |  |  | * | 
|---|
|  |  |  | * @param auth | 
|---|
|  |  |  | * @throws Exception | 
|---|
|  |  |  | */ | 
|---|
|  |  |  | 
|---|
|  |  |  | .authorizeRequests() | 
|---|
|  |  |  | .requestMatchers(CorsUtils::isPreFlightRequest).permitAll() | 
|---|
|  |  |  | .antMatchers(userSetting.getInterfaceAuthenticationExcludes().toArray(new String[0])).permitAll() | 
|---|
|  |  |  | .antMatchers("/api/user/login","/index/hook/**").permitAll() | 
|---|
|  |  |  | .antMatchers("/api/user/login", "/index/hook/**", "/swagger-ui/**", "/doc.html").permitAll() | 
|---|
|  |  |  | .anyRequest().authenticated() | 
|---|
|  |  |  | // 异常处理器 | 
|---|
|  |  |  | .and() | 
|---|
|  |  |  | 
|---|
|  |  |  |  | 
|---|
|  |  |  | } | 
|---|
|  |  |  |  | 
|---|
|  |  |  | CorsConfigurationSource configurationSource(){ | 
|---|
|  |  |  | CorsConfigurationSource configurationSource() { | 
|---|
|  |  |  | // 配置跨域 | 
|---|
|  |  |  | CorsConfiguration corsConfiguration = new CorsConfiguration(); | 
|---|
|  |  |  | corsConfiguration.setAllowedHeaders(Arrays.asList("*")); | 
|---|
|  |  |  | corsConfiguration.setAllowedMethods(Arrays.asList("*")); | 
|---|
|  |  |  | corsConfiguration.setMaxAge(3600L); | 
|---|
|  |  |  | corsConfiguration.setAllowCredentials(true); | 
|---|
|  |  |  | corsConfiguration.setAllowedOrigins(userSetting.getAllowedOrigins()); | 
|---|
|  |  |  | if (userSetting.getAllowedOrigins() != null && !userSetting.getAllowedOrigins().isEmpty()) { | 
|---|
|  |  |  | corsConfiguration.setAllowCredentials(true); | 
|---|
|  |  |  | corsConfiguration.setAllowedOrigins(userSetting.getAllowedOrigins()); | 
|---|
|  |  |  | }else { | 
|---|
|  |  |  | corsConfiguration.setAllowCredentials(false); | 
|---|
|  |  |  | corsConfiguration.setAllowedOrigins(Collections.singletonList(CorsConfiguration.ALL)); | 
|---|
|  |  |  | } | 
|---|
|  |  |  |  | 
|---|
|  |  |  | corsConfiguration.setExposedHeaders(Arrays.asList(JwtUtils.getHeader())); | 
|---|
|  |  |  |  | 
|---|
|  |  |  | UrlBasedCorsConfigurationSource url = new UrlBasedCorsConfigurationSource(); | 
|---|
|  |  |  | url.registerCorsConfiguration("/**",corsConfiguration); | 
|---|
|  |  |  | url.registerCorsConfiguration("/**", corsConfiguration); | 
|---|
|  |  |  | return url; | 
|---|
|  |  |  | } | 
|---|
|  |  |  |  | 
|---|