From 193e1a24a19b6bd97330a9a5cd3ea172d85d20ce Mon Sep 17 00:00:00 2001
From: 648540858 <648540858@qq.com>
Date: 星期四, 23 三月 2023 20:52:05 +0800
Subject: [PATCH] 优化对assist接口的代理
---
src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java | 131 ++++++++++++++++++++-----------------------
1 files changed, 60 insertions(+), 71 deletions(-)
diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
index cce0d11..c9a1233 100644
--- a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
@@ -15,9 +15,16 @@
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.CorsUtils;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
-import java.util.List;
+import java.util.ArrayList;
+import java.util.Arrays;
/**
* 閰嶇疆Spring Security
@@ -56,22 +63,8 @@
*/
@Autowired
private AnonymousAuthenticationEntryPoint anonymousAuthenticationEntryPoint;
-// /**
-// * 瓒呮椂澶勭悊
-// */
-// @Autowired
-// private InvalidSessionHandler invalidSessionHandler;
-
-// /**
-// * 椤跺彿澶勭悊
-// */
-// @Autowired
-// private SessionInformationExpiredHandler sessionInformationExpiredHandler;
-// /**
-// * 鐧诲綍鐢ㄦ埛娌℃湁鏉冮檺璁块棶璧勬簮
-// */
-// @Autowired
-// private LoginUserAccessDeniedHandler accessDeniedHandler;
+ @Autowired
+ private JwtAuthenticationFilter jwtAuthenticationFilter;
/**
@@ -80,31 +73,20 @@
@Override
public void configure(WebSecurity web) {
- if (!userSetting.isInterfaceAuthentication()) {
- web.ignoring().antMatchers("**");
- }else {
- // 鍙互鐩存帴璁块棶鐨勯潤鎬佹暟鎹�
- web.ignoring()
- .antMatchers("/")
- .antMatchers("/#/**")
- .antMatchers("/static/**")
- .antMatchers("/index.html")
- .antMatchers("/doc.html") // "/webjars/**", "/swagger-resources/**", "/v3/api-docs/**"
- .antMatchers("/webjars/**")
- .antMatchers("/swagger-resources/**")
- .antMatchers("/v3/api-docs/**")
- .antMatchers("/favicon.ico")
- .antMatchers("/js/**");
- List<String> interfaceAuthenticationExcludes = userSetting.getInterfaceAuthenticationExcludes();
- for (String interfaceAuthenticationExclude : interfaceAuthenticationExcludes) {
- if (interfaceAuthenticationExclude.split("/").length < 4 ) {
- logger.warn("{}涓嶆弧瓒充袱绾х洰褰曪紝宸插拷鐣�", interfaceAuthenticationExclude);
- }else {
- web.ignoring().antMatchers(interfaceAuthenticationExclude);
- }
-
- }
- }
+ ArrayList<String> matchers = new ArrayList<>();
+ matchers.add("/");
+ matchers.add("/#/**");
+ matchers.add("/static/**");
+ matchers.add("/index.html");
+ matchers.add("/doc.html");
+ matchers.add("/webjars/**");
+ matchers.add("/swagger-resources/**");
+ matchers.add("/v3/api-docs/**");
+ matchers.add("/js/**");
+ matchers.add("/api/device/query/snap/**");
+ matchers.addAll(userSetting.getInterfaceAuthenticationExcludes());
+ // 鍙互鐩存帴璁块棶鐨勯潤鎬佹暟鎹�
+ web.ignoring().antMatchers(matchers.toArray(new String[0]));
}
/**
@@ -126,36 +108,43 @@
@Override
protected void configure(HttpSecurity http) throws Exception {
- http.cors().and().csrf().disable();
- // 璁剧疆鍏佽娣诲姞闈欐�佹枃浠�
- http.headers().contentTypeOptions().disable();
- http.authorizeRequests()
- // 鏀捐鎺ュ彛
- .antMatchers("/api/user/login","/index/hook/**").permitAll()
- // 闄や笂闈㈠鐨勬墍鏈夎姹傚叏閮ㄩ渶瑕侀壌鏉冭璇�
- .anyRequest().authenticated()
- // 寮傚父澶勭悊(鏉冮檺鎷掔粷銆佺櫥褰曞け鏁堢瓑)
- .and().exceptionHandling()
- //鍖垮悕鐢ㄦ埛璁块棶鏃犳潈闄愯祫婧愭椂鐨勫紓甯稿鐞�
- .authenticationEntryPoint(anonymousAuthenticationEntryPoint)
-// .accessDeniedHandler(accessDeniedHandler)//鐧诲綍鐢ㄦ埛娌℃湁鏉冮檺璁块棶璧勬簮
- // 鐧诲叆 鍏佽鎵�鏈夌敤鎴�
- .and().formLogin().permitAll()
- //鐧诲綍鎴愬姛澶勭悊閫昏緫
- .successHandler(loginSuccessHandler)
- //鐧诲綍澶辫触澶勭悊閫昏緫
- .failureHandler(loginFailureHandler)
- // 鐧诲嚭
- .and().logout().logoutUrl("/api/user/logout").permitAll()
- //鐧诲嚭鎴愬姛澶勭悊閫昏緫
- .logoutSuccessHandler(logoutHandler)
- .deleteCookies("JSESSIONID")
- // 浼氳瘽绠$悊
-// .and().sessionManagement().invalidSessionStrategy(invalidSessionHandler) // 瓒呮椂澶勭悊
-// .maximumSessions(1)//鍚屼竴璐﹀彿鍚屾椂鐧诲綍鏈�澶х敤鎴锋暟
-// .expiredSessionStrategy(sessionInformationExpiredHandler) // 椤跺彿澶勭悊
- ;
+ http.headers().contentTypeOptions().disable()
+ .and().cors().configurationSource(configurationSource())
+ .and().csrf().disable()
+ .sessionManagement()
+ .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+ // 閰嶇疆鎷︽埅瑙勫垯
+ .and()
+ .authorizeRequests()
+ .requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
+ .antMatchers(userSetting.getInterfaceAuthenticationExcludes().toArray(new String[0])).permitAll()
+ .antMatchers("/api/user/login","/index/hook/**").permitAll()
+ .anyRequest().authenticated()
+ // 寮傚父澶勭悊鍣�
+ .and()
+ .exceptionHandling()
+ .authenticationEntryPoint(anonymousAuthenticationEntryPoint)
+ .and().logout().logoutUrl("/api/user/logout").permitAll()
+ .logoutSuccessHandler(logoutHandler)
+ ;
+ http.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
+
+ }
+
+ CorsConfigurationSource configurationSource(){
+ // 閰嶇疆璺ㄥ煙
+ CorsConfiguration corsConfiguration = new CorsConfiguration();
+ corsConfiguration.setAllowedHeaders(Arrays.asList("*"));
+ corsConfiguration.setAllowedMethods(Arrays.asList("*"));
+ corsConfiguration.setMaxAge(3600L);
+ corsConfiguration.setAllowCredentials(true);
+ corsConfiguration.setAllowedOrigins(userSetting.getAllowedOrigins());
+ corsConfiguration.setExposedHeaders(Arrays.asList(JwtUtils.getHeader()));
+
+ UrlBasedCorsConfigurationSource url = new UrlBasedCorsConfigurationSource();
+ url.registerCorsConfiguration("/**",corsConfiguration);
+ return url;
}
/**
--
Gitblit v1.8.0