From 42a2772d1aa7493bcc4fac3e24ee8eda4eebc23d Mon Sep 17 00:00:00 2001
From: xubinbin <1323875150@qq.com>
Date: 星期二, 12 十二月 2023 17:09:04 +0800
Subject: [PATCH] bugfix:请求头带token, SecurityUtils 获取用户id 一直为0 #1195
---
src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java | 142 ++++++++++++++++++++++-------------------------
1 files changed, 67 insertions(+), 75 deletions(-)
diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
index 47cfdab..9cb3a1f 100644
--- a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
@@ -6,6 +6,7 @@
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
@@ -14,16 +15,26 @@
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.CorsUtils;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
-import java.util.List;
+import java.util.ArrayList;
+import java.util.Arrays;
/**
* 閰嶇疆Spring Security
+ *
+ * @author lin
*/
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
+@Order(1)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private final static Logger logger = LoggerFactory.getLogger(WebSecurityConfig.class);
@@ -37,38 +48,14 @@
* 鐧诲嚭鎴愬姛鐨勫鐞�
*/
@Autowired
- private LoginFailureHandler loginFailureHandler;
- /**
- * 鐧诲綍鎴愬姛鐨勫鐞�
- */
- @Autowired
- private LoginSuccessHandler loginSuccessHandler;
- /**
- * 鐧诲嚭鎴愬姛鐨勫鐞�
- */
- @Autowired
private LogoutHandler logoutHandler;
/**
* 鏈櫥褰曠殑澶勭悊
*/
@Autowired
private AnonymousAuthenticationEntryPoint anonymousAuthenticationEntryPoint;
-// /**
-// * 瓒呮椂澶勭悊
-// */
-// @Autowired
-// private InvalidSessionHandler invalidSessionHandler;
-
-// /**
-// * 椤跺彿澶勭悊
-// */
-// @Autowired
-// private SessionInformationExpiredHandler sessionInformationExpiredHandler;
-// /**
-// * 鐧诲綍鐢ㄦ埛娌℃湁鏉冮檺璁块棶璧勬簮
-// */
-// @Autowired
-// private LoginUserAccessDeniedHandler accessDeniedHandler;
+ @Autowired
+ private JwtAuthenticationFilter jwtAuthenticationFilter;
/**
@@ -76,35 +63,29 @@
**/
@Override
public void configure(WebSecurity web) {
-
- if (!userSetting.isInterfaceAuthentication()) {
- web.ignoring().antMatchers("**");
- }else {
+ if (userSetting.isInterfaceAuthentication()) {
+ ArrayList<String> matchers = new ArrayList<>();
+ matchers.add("/");
+ matchers.add("/#/**");
+ matchers.add("/static/**");
+ matchers.add("/index.html");
+ matchers.add("/doc.html");
+ matchers.add("/webjars/**");
+ matchers.add("/swagger-resources/**");
+ matchers.add("/v3/api-docs/**");
+ matchers.add("/js/**");
+ matchers.add("/api/device/query/snap/**");
+ matchers.add("/record_proxy/*/**");
+ matchers.add("/api/emit");
+ matchers.addAll(userSetting.getInterfaceAuthenticationExcludes());
// 鍙互鐩存帴璁块棶鐨勯潤鎬佹暟鎹�
- web.ignoring()
- .antMatchers("/")
- .antMatchers("/#/**")
- .antMatchers("/static/**")
- .antMatchers("/index.html")
- .antMatchers("/doc.html") // "/webjars/**", "/swagger-resources/**", "/v3/api-docs/**"
- .antMatchers("/webjars/**")
- .antMatchers("/swagger-resources/**")
- .antMatchers("/v3/api-docs/**")
- .antMatchers("/js/**");
- List<String> interfaceAuthenticationExcludes = userSetting.getInterfaceAuthenticationExcludes();
- for (String interfaceAuthenticationExclude : interfaceAuthenticationExcludes) {
- if (interfaceAuthenticationExclude.split("/").length < 4 ) {
- logger.warn("{}涓嶆弧瓒充袱绾х洰褰曪紝宸插拷鐣�", interfaceAuthenticationExclude);
- }else {
- web.ignoring().antMatchers(interfaceAuthenticationExclude);
- }
-
- }
+ web.ignoring().antMatchers(matchers.toArray(new String[0]));
}
}
/**
* 閰嶇疆璁よ瘉鏂瑰紡
+ *
* @param auth
* @throws Exception
*/
@@ -122,32 +103,43 @@
@Override
protected void configure(HttpSecurity http) throws Exception {
- http.cors().and().csrf().disable();
- // 璁剧疆鍏佽娣诲姞闈欐�佹枃浠�
- http.headers().contentTypeOptions().disable();
- http.authorizeRequests()
- // 鏀捐鎺ュ彛
- .antMatchers("/api/user/login","/index/hook/**").permitAll()
- // 闄や笂闈㈠鐨勬墍鏈夎姹傚叏閮ㄩ渶瑕侀壌鏉冭璇�
- .anyRequest().authenticated()
- // 寮傚父澶勭悊(鏉冮檺鎷掔粷銆佺櫥褰曞け鏁堢瓑)
- .and().exceptionHandling()
- .authenticationEntryPoint(anonymousAuthenticationEntryPoint)//鍖垮悕鐢ㄦ埛璁块棶鏃犳潈闄愯祫婧愭椂鐨勫紓甯稿鐞�
-// .accessDeniedHandler(accessDeniedHandler)//鐧诲綍鐢ㄦ埛娌℃湁鏉冮檺璁块棶璧勬簮
- // 鐧诲叆
- .and().formLogin().permitAll()//鍏佽鎵�鏈夌敤鎴�
- .successHandler(loginSuccessHandler)//鐧诲綍鎴愬姛澶勭悊閫昏緫
- .failureHandler(loginFailureHandler)//鐧诲綍澶辫触澶勭悊閫昏緫
- // 鐧诲嚭
- .and().logout().logoutUrl("/api/user/logout").permitAll()//鍏佽鎵�鏈夌敤鎴�
- .logoutSuccessHandler(logoutHandler)//鐧诲嚭鎴愬姛澶勭悊閫昏緫
- .deleteCookies("JSESSIONID")
- // 浼氳瘽绠$悊
-// .and().sessionManagement().invalidSessionStrategy(invalidSessionHandler) // 瓒呮椂澶勭悊
-// .maximumSessions(1)//鍚屼竴璐﹀彿鍚屾椂鐧诲綍鏈�澶х敤鎴锋暟
-// .expiredSessionStrategy(sessionInformationExpiredHandler) // 椤跺彿澶勭悊
- ;
+ http.headers().contentTypeOptions().disable()
+ .and().cors().configurationSource(configurationSource())
+ .and().csrf().disable()
+ .sessionManagement()
+ .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+ // 閰嶇疆鎷︽埅瑙勫垯
+ .and()
+ .authorizeRequests()
+ .requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
+ .antMatchers(userSetting.getInterfaceAuthenticationExcludes().toArray(new String[0])).permitAll()
+ .antMatchers("/api/user/login", "/index/hook/**").permitAll()
+ .anyRequest().authenticated()
+ // 寮傚父澶勭悊鍣�
+ .and()
+ .exceptionHandling()
+ .authenticationEntryPoint(anonymousAuthenticationEntryPoint)
+ .and().logout().logoutUrl("/api/user/logout").permitAll()
+ .logoutSuccessHandler(logoutHandler)
+ ;
+ http.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
+
+ }
+
+ CorsConfigurationSource configurationSource() {
+ // 閰嶇疆璺ㄥ煙
+ CorsConfiguration corsConfiguration = new CorsConfiguration();
+ corsConfiguration.setAllowedHeaders(Arrays.asList("*"));
+ corsConfiguration.setAllowedMethods(Arrays.asList("*"));
+ corsConfiguration.setMaxAge(3600L);
+ corsConfiguration.setAllowCredentials(true);
+ corsConfiguration.setAllowedOrigins(userSetting.getAllowedOrigins());
+ corsConfiguration.setExposedHeaders(Arrays.asList(JwtUtils.getHeader()));
+
+ UrlBasedCorsConfigurationSource url = new UrlBasedCorsConfigurationSource();
+ url.registerCorsConfiguration("/**", corsConfiguration);
+ return url;
}
/**
--
Gitblit v1.8.0