From 269ad8cedbb07ca207a6f33af23085894dab4aa6 Mon Sep 17 00:00:00 2001
From: 648540858 <648540858@qq.com>
Date: 星期日, 23 四月 2023 14:36:13 +0800
Subject: [PATCH] 修身目录刷新,优化公网下远程IP端口的获取
---
src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java | 139 ++++++++++++++++++++++++----------------------
1 files changed, 72 insertions(+), 67 deletions(-)
diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
index aa642c6..1fbe3a4 100644
--- a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
@@ -1,7 +1,10 @@
package com.genersoft.iot.vmp.conf.security;
+import com.genersoft.iot.vmp.conf.UserSetting;
+import org.junit.jupiter.api.Order;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
@@ -12,31 +15,34 @@
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.CorsUtils;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import java.util.ArrayList;
+import java.util.Arrays;
/**
* 閰嶇疆Spring Security
+ * @author lin
*/
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
+@Order(1)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
- @Value("${userSettings.interfaceAuthentication}")
- private boolean interfaceAuthentication;
+ private final static Logger logger = LoggerFactory.getLogger(WebSecurityConfig.class);
+
+ @Autowired
+ private UserSetting userSetting;
@Autowired
private DefaultUserDetailsServiceImpl userDetailsService;
- /**
- * 鐧诲嚭鎴愬姛鐨勫鐞�
- */
- @Autowired
- private LoginFailureHandler loginFailureHandler;
- /**
- * 鐧诲綍鎴愬姛鐨勫鐞�
- */
- @Autowired
- private LoginSuccessHandler loginSuccessHandler;
/**
* 鐧诲嚭鎴愬姛鐨勫鐞�
*/
@@ -47,22 +53,8 @@
*/
@Autowired
private AnonymousAuthenticationEntryPoint anonymousAuthenticationEntryPoint;
-// /**
-// * 瓒呮椂澶勭悊
-// */
-// @Autowired
-// private InvalidSessionHandler invalidSessionHandler;
-
-// /**
-// * 椤跺彿澶勭悊
-// */
-// @Autowired
-// private SessionInformationExpiredHandler sessionInformationExpiredHandler;
-// /**
-// * 鐧诲綍鐢ㄦ埛娌℃湁鏉冮檺璁块棶璧勬簮
-// */
-// @Autowired
-// private LoginUserAccessDeniedHandler accessDeniedHandler;
+ @Autowired
+ private JwtAuthenticationFilter jwtAuthenticationFilter;
/**
@@ -70,20 +62,22 @@
**/
@Override
public void configure(WebSecurity web) {
-
- if (!interfaceAuthentication) {
- web.ignoring().antMatchers("**");
- }else {
+ if (userSetting.isInterfaceAuthentication()) {
+ ArrayList<String> matchers = new ArrayList<>();
+ matchers.add("/");
+ matchers.add("/#/**");
+ matchers.add("/static/**");
+ matchers.add("/index.html");
+ matchers.add("/doc.html");
+ matchers.add("/webjars/**");
+ matchers.add("/swagger-resources/**");
+ matchers.add("/v3/api-docs/**");
+ matchers.add("/js/**");
+ matchers.add("/api/device/query/snap/**");
+ matchers.add("/record_proxy/*/**");
+ matchers.addAll(userSetting.getInterfaceAuthenticationExcludes());
// 鍙互鐩存帴璁块棶鐨勯潤鎬佹暟鎹�
- web.ignoring()
- .antMatchers("/")
- .antMatchers("/static/**")
- .antMatchers("/index.html")
- .antMatchers("/doc.html") // "/webjars/**", "/swagger-resources/**", "/v3/api-docs/**"
- .antMatchers("/webjars/**")
- .antMatchers("/swagger-resources/**")
- .antMatchers("/v3/api-docs/**")
- .antMatchers("/js/**");
+ web.ignoring().antMatchers(matchers.toArray(new String[0]));
}
}
@@ -106,32 +100,43 @@
@Override
protected void configure(HttpSecurity http) throws Exception {
- http.cors().and().csrf().disable();
- // 璁剧疆鍏佽娣诲姞闈欐�佹枃浠�
- http.headers().contentTypeOptions().disable();
- http.authorizeRequests()
- // 鏀捐鎺ュ彛
- .antMatchers("/api/user/login","/index/hook/**").permitAll()
- // 闄や笂闈㈠鐨勬墍鏈夎姹傚叏閮ㄩ渶瑕侀壌鏉冭璇�
- .anyRequest().authenticated()
- // 寮傚父澶勭悊(鏉冮檺鎷掔粷銆佺櫥褰曞け鏁堢瓑)
- .and().exceptionHandling()
- .authenticationEntryPoint(anonymousAuthenticationEntryPoint)//鍖垮悕鐢ㄦ埛璁块棶鏃犳潈闄愯祫婧愭椂鐨勫紓甯稿鐞�
-// .accessDeniedHandler(accessDeniedHandler)//鐧诲綍鐢ㄦ埛娌℃湁鏉冮檺璁块棶璧勬簮
- // 鐧诲叆
- .and().formLogin().permitAll()//鍏佽鎵�鏈夌敤鎴�
- .successHandler(loginSuccessHandler)//鐧诲綍鎴愬姛澶勭悊閫昏緫
- .failureHandler(loginFailureHandler)//鐧诲綍澶辫触澶勭悊閫昏緫
- // 鐧诲嚭
- .and().logout().logoutUrl("/api/user/logout").permitAll()//鍏佽鎵�鏈夌敤鎴�
- .logoutSuccessHandler(logoutHandler)//鐧诲嚭鎴愬姛澶勭悊閫昏緫
- .deleteCookies("JSESSIONID")
- // 浼氳瘽绠$悊
-// .and().sessionManagement().invalidSessionStrategy(invalidSessionHandler) // 瓒呮椂澶勭悊
-// .maximumSessions(1)//鍚屼竴璐﹀彿鍚屾椂鐧诲綍鏈�澶х敤鎴锋暟
-// .expiredSessionStrategy(sessionInformationExpiredHandler) // 椤跺彿澶勭悊
- ;
+ http.headers().contentTypeOptions().disable()
+ .and().cors().configurationSource(configurationSource())
+ .and().csrf().disable()
+ .sessionManagement()
+ .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+ // 閰嶇疆鎷︽埅瑙勫垯
+ .and()
+ .authorizeRequests()
+ .requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
+ .antMatchers(userSetting.getInterfaceAuthenticationExcludes().toArray(new String[0])).permitAll()
+ .antMatchers("/api/user/login","/index/hook/**","/zlm_Proxy/FhTuMYqB2HeCuNOb/record/t/1/2023-03-25/16:35:07-16:35:16-9353.mp4").permitAll()
+ .anyRequest().authenticated()
+ // 寮傚父澶勭悊鍣�
+ .and()
+ .exceptionHandling()
+ .authenticationEntryPoint(anonymousAuthenticationEntryPoint)
+ .and().logout().logoutUrl("/api/user/logout").permitAll()
+ .logoutSuccessHandler(logoutHandler)
+ ;
+ http.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
+
+ }
+
+ CorsConfigurationSource configurationSource(){
+ // 閰嶇疆璺ㄥ煙
+ CorsConfiguration corsConfiguration = new CorsConfiguration();
+ corsConfiguration.setAllowedHeaders(Arrays.asList("*"));
+ corsConfiguration.setAllowedMethods(Arrays.asList("*"));
+ corsConfiguration.setMaxAge(3600L);
+ corsConfiguration.setAllowCredentials(true);
+ corsConfiguration.setAllowedOrigins(userSetting.getAllowedOrigins());
+ corsConfiguration.setExposedHeaders(Arrays.asList(JwtUtils.getHeader()));
+
+ UrlBasedCorsConfigurationSource url = new UrlBasedCorsConfigurationSource();
+ url.registerCorsConfiguration("/**",corsConfiguration);
+ return url;
}
/**
--
Gitblit v1.8.0