From 1de344674afd6bb35b51b165bbad76dbe6299b7e Mon Sep 17 00:00:00 2001
From: 648540858 <648540858@qq.com>
Date: 星期四, 28 三月 2024 18:08:33 +0800
Subject: [PATCH] 使用冒号分隔redis的key
---
src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java | 132 ++++++++++++++++++-------------------------
1 files changed, 55 insertions(+), 77 deletions(-)
diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
index c700b8c..ad959d6 100644
--- a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
@@ -1,12 +1,12 @@
package com.genersoft.iot.vmp.conf.security;
import com.genersoft.iot.vmp.conf.UserSetting;
-import org.junit.jupiter.api.Order;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
@@ -18,11 +18,18 @@
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.CorsUtils;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
-import java.util.List;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
/**
* 閰嶇疆Spring Security
+ *
* @author lin
*/
@Configuration
@@ -42,16 +49,6 @@
* 鐧诲嚭鎴愬姛鐨勫鐞�
*/
@Autowired
- private LoginFailureHandler loginFailureHandler;
- /**
- * 鐧诲綍鎴愬姛鐨勫鐞�
- */
- @Autowired
- private LoginSuccessHandler loginSuccessHandler;
- /**
- * 鐧诲嚭鎴愬姛鐨勫鐞�
- */
- @Autowired
private LogoutHandler logoutHandler;
/**
* 鏈櫥褰曠殑澶勭悊
@@ -61,48 +58,37 @@
@Autowired
private JwtAuthenticationFilter jwtAuthenticationFilter;
-// @Bean
-// JwtAuthenticationFilter jwtAuthenticationFilter() throws Exception {
-// JwtAuthenticationFilter jwtAuthenticationFilter = new JwtAuthenticationFilter(authenticationManager());
-// return jwtAuthenticationFilter;
-// }
-
/**
* 鎻忚堪: 闈欐�佽祫婧愭斁琛岋紝杩欓噷鐨勬斁琛岋紝鏄笉璧� Spring Security 杩囨护鍣ㄩ摼
**/
@Override
public void configure(WebSecurity web) {
-
- if (!userSetting.isInterfaceAuthentication()) {
- web.ignoring().antMatchers("**");
- }else {
+ if (userSetting.isInterfaceAuthentication()) {
+ ArrayList<String> matchers = new ArrayList<>();
+ matchers.add("/");
+ matchers.add("/#/**");
+ matchers.add("/static/**");
+ matchers.add("/swagger-ui.html");
+ matchers.add("/swagger-ui/");
+ matchers.add("/index.html");
+ matchers.add("/doc.html");
+ matchers.add("/webjars/**");
+ matchers.add("/swagger-resources/**");
+ matchers.add("/v3/api-docs/**");
+ matchers.add("/js/**");
+ matchers.add("/api/device/query/snap/**");
+ matchers.add("/record_proxy/*/**");
+ matchers.add("/api/emit");
+ matchers.add("/favicon.ico");
// 鍙互鐩存帴璁块棶鐨勯潤鎬佹暟鎹�
- web.ignoring()
- .antMatchers("/")
- .antMatchers("/#/**")
- .antMatchers("/static/**")
- .antMatchers("/index.html")
- .antMatchers("/doc.html") // "/webjars/**", "/swagger-resources/**", "/v3/api-docs/**"
- .antMatchers("/webjars/**")
- .antMatchers("/swagger-resources/**")
- .antMatchers("/v3/api-docs/**")
- .antMatchers("/favicon.ico")
- .antMatchers("/js/**");
- List<String> interfaceAuthenticationExcludes = userSetting.getInterfaceAuthenticationExcludes();
- for (String interfaceAuthenticationExclude : interfaceAuthenticationExcludes) {
- if (interfaceAuthenticationExclude.split("/").length < 4 ) {
- logger.warn("{}涓嶆弧瓒充袱绾х洰褰曪紝宸插拷鐣�", interfaceAuthenticationExclude);
- }else {
- web.ignoring().antMatchers(interfaceAuthenticationExclude);
- }
-
- }
+ web.ignoring().antMatchers(matchers.toArray(new String[0]));
}
}
/**
* 閰嶇疆璁よ瘉鏂瑰紡
+ *
* @param auth
* @throws Exception
*/
@@ -121,7 +107,7 @@
@Override
protected void configure(HttpSecurity http) throws Exception {
http.headers().contentTypeOptions().disable()
- .and().cors()
+ .and().cors().configurationSource(configurationSource())
.and().csrf().disable()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
@@ -129,50 +115,42 @@
// 閰嶇疆鎷︽埅瑙勫垯
.and()
.authorizeRequests()
- .antMatchers("/api/user/login","/index/hook/**").permitAll()
+ .requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
+ .antMatchers(userSetting.getInterfaceAuthenticationExcludes().toArray(new String[0])).permitAll()
+ .antMatchers("/api/user/login", "/index/hook/**", "/swagger-ui/**", "/doc.html").permitAll()
.anyRequest().authenticated()
// 寮傚父澶勭悊鍣�
.and()
.exceptionHandling()
.authenticationEntryPoint(anonymousAuthenticationEntryPoint)
-// .accessDeniedHandler(jwtAccessDeniedHandler)
- // 閰嶇疆鑷畾涔夌殑杩囨护鍣�
-// .and()
-// .addFilter(jwtAuthenticationFilter)
- // 楠岃瘉鐮佽繃婊ゅ櫒鏀惧湪UsernamePassword杩囨护鍣ㄤ箣鍓�
-// .addFilterBefore(captchaFilter, UsernamePasswordAuthenticationFilter.class)
+ .and().logout().logoutUrl("/api/user/logout").permitAll()
+ .logoutSuccessHandler(logoutHandler)
;
http.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
-// // 璁剧疆鍏佽娣诲姞闈欐�佹枃浠�
-// http.headers().contentTypeOptions().disable();
-// http.authorizeRequests()
-// // 鏀捐鎺ュ彛
-// .antMatchers("/api/user/login","/index/hook/**").permitAll()
-// // 闄や笂闈㈠鐨勬墍鏈夎姹傚叏閮ㄩ渶瑕侀壌鏉冭璇�
-// .anyRequest().authenticated()
-// // 绂佺敤session
-// .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-// // 寮傚父澶勭悊(鏉冮檺鎷掔粷銆佺櫥褰曞け鏁堢瓑)
-// .and().exceptionHandling()
-// // 鍖垮悕鐢ㄦ埛璁块棶鏃犳潈闄愯祫婧愭椂鐨勫紓甯稿鐞�
-// .authenticationEntryPoint(anonymousAuthenticationEntryPoint)
-// // 鐧诲綍 鍏佽鎵�鏈夌敤鎴�
-// .and().formLogin()
-// // 鐧诲綍鎴愬姛澶勭悊閫昏緫 鍦ㄨ繖閲岀粰鍑篔WT
-// .successHandler(loginSuccessHandler)
-// // 鐧诲綍澶辫触澶勭悊閫昏緫
-// .failureHandler(loginFailureHandler)
-// // 鐧诲嚭
-// .and().logout().logoutUrl("/api/user/logout").permitAll()
-// // 鐧诲嚭鎴愬姛澶勭悊閫昏緫
-// .logoutSuccessHandler(logoutHandler)
-// // 閰嶇疆鑷畾涔夌殑杩囨护鍣�
-// .and()
-// .addFilter(jwtAuthenticationFilter())
-// ;
}
+ CorsConfigurationSource configurationSource() {
+ // 閰嶇疆璺ㄥ煙
+ CorsConfiguration corsConfiguration = new CorsConfiguration();
+ corsConfiguration.setAllowedHeaders(Arrays.asList("*"));
+ corsConfiguration.setAllowedMethods(Arrays.asList("*"));
+ corsConfiguration.setMaxAge(3600L);
+ if (userSetting.getAllowedOrigins() != null && !userSetting.getAllowedOrigins().isEmpty()) {
+ corsConfiguration.setAllowCredentials(true);
+ corsConfiguration.setAllowedOrigins(userSetting.getAllowedOrigins());
+ }else {
+ corsConfiguration.setAllowCredentials(false);
+ corsConfiguration.setAllowedOrigins(Collections.singletonList(CorsConfiguration.ALL));
+ }
+
+ corsConfiguration.setExposedHeaders(Arrays.asList(JwtUtils.getHeader()));
+
+ UrlBasedCorsConfigurationSource url = new UrlBasedCorsConfigurationSource();
+ url.registerCorsConfiguration("/**", corsConfiguration);
+ return url;
+ }
+
/**
* 鎻忚堪: 瀵嗙爜鍔犲瘑绠楁硶 BCrypt 鎺ㄨ崘浣跨敤
**/
--
Gitblit v1.8.0