From 7e48d847402d2ea4da85af582529de676f30dc38 Mon Sep 17 00:00:00 2001
From: 648540858 <648540858@qq.com>
Date: 星期一, 08 五月 2023 17:56:56 +0800
Subject: [PATCH] Merge pull request #844 from xiaoQQya/wvp-28181-2.0

---
 src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java |  141 ++++++++++++++++++++--------------------------
 1 files changed, 61 insertions(+), 80 deletions(-)

diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
index cce0d11..1fbe3a4 100644
--- a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
@@ -15,9 +15,16 @@
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.CorsUtils;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
-import java.util.List;
+import java.util.ArrayList;
+import java.util.Arrays;
 
 /**
  * 閰嶇疆Spring Security
@@ -40,38 +47,14 @@
      * 鐧诲嚭鎴愬姛鐨勫鐞�
      */
     @Autowired
-    private LoginFailureHandler loginFailureHandler;
-    /**
-     * 鐧诲綍鎴愬姛鐨勫鐞�
-     */
-    @Autowired
-    private LoginSuccessHandler loginSuccessHandler;
-    /**
-     * 鐧诲嚭鎴愬姛鐨勫鐞�
-     */
-    @Autowired
     private LogoutHandler logoutHandler;
     /**
      * 鏈櫥褰曠殑澶勭悊
      */
     @Autowired
     private AnonymousAuthenticationEntryPoint anonymousAuthenticationEntryPoint;
-//    /**
-//     * 瓒呮椂澶勭悊
-//     */
-//    @Autowired
-//    private InvalidSessionHandler invalidSessionHandler;
-
-//    /**
-//     * 椤跺彿澶勭悊
-//     */
-//    @Autowired
-//    private SessionInformationExpiredHandler sessionInformationExpiredHandler;
-//    /**
-//     * 鐧诲綍鐢ㄦ埛娌℃湁鏉冮檺璁块棶璧勬簮
-//     */
-//    @Autowired
-//    private LoginUserAccessDeniedHandler accessDeniedHandler;
+    @Autowired
+    private JwtAuthenticationFilter jwtAuthenticationFilter;
 
 
     /**
@@ -79,31 +62,22 @@
      **/
     @Override
     public void configure(WebSecurity web) {
-
-        if (!userSetting.isInterfaceAuthentication()) {
-            web.ignoring().antMatchers("**");
-        }else {
+        if (userSetting.isInterfaceAuthentication()) {
+            ArrayList<String> matchers = new ArrayList<>();
+            matchers.add("/");
+            matchers.add("/#/**");
+            matchers.add("/static/**");
+            matchers.add("/index.html");
+            matchers.add("/doc.html");
+            matchers.add("/webjars/**");
+            matchers.add("/swagger-resources/**");
+            matchers.add("/v3/api-docs/**");
+            matchers.add("/js/**");
+            matchers.add("/api/device/query/snap/**");
+            matchers.add("/record_proxy/*/**");
+            matchers.addAll(userSetting.getInterfaceAuthenticationExcludes());
             // 鍙互鐩存帴璁块棶鐨勯潤鎬佹暟鎹�
-            web.ignoring()
-                    .antMatchers("/")
-                    .antMatchers("/#/**")
-                    .antMatchers("/static/**")
-                    .antMatchers("/index.html")
-                    .antMatchers("/doc.html") // "/webjars/**", "/swagger-resources/**", "/v3/api-docs/**"
-                    .antMatchers("/webjars/**")
-                    .antMatchers("/swagger-resources/**")
-                    .antMatchers("/v3/api-docs/**")
-                    .antMatchers("/favicon.ico")
-                    .antMatchers("/js/**");
-            List<String> interfaceAuthenticationExcludes = userSetting.getInterfaceAuthenticationExcludes();
-            for (String interfaceAuthenticationExclude : interfaceAuthenticationExcludes) {
-                if (interfaceAuthenticationExclude.split("/").length < 4 ) {
-                    logger.warn("{}涓嶆弧瓒充袱绾х洰褰曪紝宸插拷鐣�", interfaceAuthenticationExclude);
-                }else {
-                    web.ignoring().antMatchers(interfaceAuthenticationExclude);
-                }
-
-            }
+            web.ignoring().antMatchers(matchers.toArray(new String[0]));
         }
     }
 
@@ -126,36 +100,43 @@
 
     @Override
     protected void configure(HttpSecurity http) throws Exception {
-        http.cors().and().csrf().disable();
-        // 璁剧疆鍏佽娣诲姞闈欐�佹枃浠�
-        http.headers().contentTypeOptions().disable();
-        http.authorizeRequests()
-                // 鏀捐鎺ュ彛
-                .antMatchers("/api/user/login","/index/hook/**").permitAll()
-                // 闄や笂闈㈠鐨勬墍鏈夎姹傚叏閮ㄩ渶瑕侀壌鏉冭璇�
-                .anyRequest().authenticated()
-                // 寮傚父澶勭悊(鏉冮檺鎷掔粷銆佺櫥褰曞け鏁堢瓑)
-                .and().exceptionHandling()
-                //鍖垮悕鐢ㄦ埛璁块棶鏃犳潈闄愯祫婧愭椂鐨勫紓甯稿鐞�
-                .authenticationEntryPoint(anonymousAuthenticationEntryPoint)
-//                .accessDeniedHandler(accessDeniedHandler)//鐧诲綍鐢ㄦ埛娌℃湁鏉冮檺璁块棶璧勬簮
-                // 鐧诲叆 鍏佽鎵�鏈夌敤鎴�
-                .and().formLogin().permitAll()
-                //鐧诲綍鎴愬姛澶勭悊閫昏緫
-                .successHandler(loginSuccessHandler)
-                //鐧诲綍澶辫触澶勭悊閫昏緫
-                .failureHandler(loginFailureHandler)
-                // 鐧诲嚭
-                .and().logout().logoutUrl("/api/user/logout").permitAll()
-                //鐧诲嚭鎴愬姛澶勭悊閫昏緫
-                .logoutSuccessHandler(logoutHandler)
-                .deleteCookies("JSESSIONID")
-                // 浼氳瘽绠＄悊
-//                .and().sessionManagement().invalidSessionStrategy(invalidSessionHandler) // 瓒呮椂澶勭悊
-//                .maximumSessions(1)//鍚屼竴璐﹀彿鍚屾椂鐧诲綍鏈�澶х敤鎴锋暟
-//                .expiredSessionStrategy(sessionInformationExpiredHandler) // 椤跺彿澶勭悊
-        ;
+        http.headers().contentTypeOptions().disable()
+                .and().cors().configurationSource(configurationSource())
+                .and().csrf().disable()
+                .sessionManagement()
+                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
 
+                // 閰嶇疆鎷︽埅瑙勫垯
+                .and()
+                .authorizeRequests()
+                .requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
+                .antMatchers(userSetting.getInterfaceAuthenticationExcludes().toArray(new String[0])).permitAll()
+                .antMatchers("/api/user/login","/index/hook/**","/zlm_Proxy/FhTuMYqB2HeCuNOb/record/t/1/2023-03-25/16:35:07-16:35:16-9353.mp4").permitAll()
+                .anyRequest().authenticated()
+                // 寮傚父澶勭悊鍣�
+                .and()
+                .exceptionHandling()
+                .authenticationEntryPoint(anonymousAuthenticationEntryPoint)
+                .and().logout().logoutUrl("/api/user/logout").permitAll()
+                .logoutSuccessHandler(logoutHandler)
+        ;
+        http.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
+
+    }
+
+    CorsConfigurationSource configurationSource(){
+        // 閰嶇疆璺ㄥ煙
+        CorsConfiguration corsConfiguration = new CorsConfiguration();
+        corsConfiguration.setAllowedHeaders(Arrays.asList("*"));
+        corsConfiguration.setAllowedMethods(Arrays.asList("*"));
+        corsConfiguration.setMaxAge(3600L);
+        corsConfiguration.setAllowCredentials(true);
+        corsConfiguration.setAllowedOrigins(userSetting.getAllowedOrigins());
+        corsConfiguration.setExposedHeaders(Arrays.asList(JwtUtils.getHeader()));
+
+        UrlBasedCorsConfigurationSource url = new UrlBasedCorsConfigurationSource();
+        url.registerCorsConfiguration("/**",corsConfiguration);
+        return url;
     }
 
     /**

--
Gitblit v1.8.0