TASK:回退;
This commit is contained in:
shahaibo
@@ -3,7 +3,6 @@ package com.ai.da.common.security.config;
|
|||||||
import com.ai.da.common.security.*;
|
import com.ai.da.common.security.*;
|
||||||
import com.ai.da.common.security.filter.AuthenticationFilter;
|
import com.ai.da.common.security.filter.AuthenticationFilter;
|
||||||
import com.ai.da.common.security.filter.UserAuthenticationProcessingFilter;
|
import com.ai.da.common.security.filter.UserAuthenticationProcessingFilter;
|
||||||
import com.ai.da.mapper.AccountMapper;
|
|
||||||
import org.springframework.boot.context.properties.EnableConfigurationProperties;
|
import org.springframework.boot.context.properties.EnableConfigurationProperties;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.security.authentication.AuthenticationManager;
|
import org.springframework.security.authentication.AuthenticationManager;
|
||||||
@@ -20,7 +19,6 @@ import org.springframework.security.web.authentication.UsernamePasswordAuthentic
|
|||||||
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
|
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
|
||||||
|
|
||||||
import javax.annotation.Resource;
|
import javax.annotation.Resource;
|
||||||
import java.util.ArrayList;
|
|
||||||
|
|
||||||
@EnableWebSecurity
|
@EnableWebSecurity
|
||||||
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
||||||
@@ -49,8 +47,6 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|||||||
private AuthenticationFilter authenticationFilter;
|
private AuthenticationFilter authenticationFilter;
|
||||||
@Resource
|
@Resource
|
||||||
private UserPermissionEvaluator userPermissionEvaluator;
|
private UserPermissionEvaluator userPermissionEvaluator;
|
||||||
@Resource
|
|
||||||
private AccountMapper accountMapper;
|
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@@ -59,32 +55,27 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void configure(HttpSecurity httpSecurity) throws Exception {
|
protected void configure(HttpSecurity httpSecurity/*, WebSecurity web*/) throws Exception {
|
||||||
httpSecurity.cors().disable() // 禁用 CSRF
|
// web.ignoring().antMatchers("/test/**");//禁止所有过滤器
|
||||||
.authorizeRequests()
|
httpSecurity.cors().disable()//禁用 CSRF
|
||||||
.antMatchers(securityProperties.getIgnorePaths()).permitAll()
|
.authorizeRequests()//认证请求
|
||||||
// .antMatchers("/api/third/party/your-secured-endpoint").authenticated() // 需要验证的接口
|
.antMatchers(securityProperties.getIgnorePaths()).permitAll()//忽略的请求
|
||||||
.anyRequest().permitAll()
|
.anyRequest().authenticated()//其余所有的请求都需要认证
|
||||||
.and()
|
.and().headers().frameOptions().disable()// 防止iframe 造成跨域
|
||||||
.x509()
|
.and().x509().subjectPrincipalRegex("CN=(.*?)(?:,|$)").userDetailsService(userDetailsService())
|
||||||
.subjectPrincipalRegex("CN=(.*?)(?:,|$)")
|
.and().exceptionHandling().authenticationEntryPoint(userAuthenticationEntryPointHandler)//未登录请求处理
|
||||||
.userDetailsService(userDetailsService())
|
.accessDeniedHandler(userAuthAccessDeniedHandler)//无权限访问处理类 (此配置可以忽略,全局异常会先于Security框架处理异常,全局异常已特殊处理)
|
||||||
.and()
|
.and().formLogin().loginProcessingUrl(securityProperties.getAuthApi())//指定认证接口
|
||||||
.exceptionHandling()
|
.successHandler(userLoginSuccessHandler)//登录成功处理器
|
||||||
.authenticationEntryPoint(userAuthenticationEntryPointHandler)
|
.failureHandler(userLoginFailureHandler)//登录失败处理器
|
||||||
.accessDeniedHandler(userAuthAccessDeniedHandler)
|
.and().cors().and().csrf().disable();//允许跨域
|
||||||
.and()
|
//自定义过滤器在登录时认证用户名、密码
|
||||||
.formLogin()
|
httpSecurity.addFilterAt(userAuthenticationProcessingFilter, UsernamePasswordAuthenticationFilter.class)
|
||||||
.loginProcessingUrl(securityProperties.getAuthApi())
|
.addFilterBefore(authenticationFilter, BasicAuthenticationFilter.class);
|
||||||
.successHandler(userLoginSuccessHandler)
|
//不创建session会话
|
||||||
.failureHandler(userLoginFailureHandler)
|
httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
|
||||||
.and()
|
//取消头缓存控制
|
||||||
.addFilterAt(userAuthenticationProcessingFilter, UsernamePasswordAuthenticationFilter.class)
|
httpSecurity.headers().cacheControl();
|
||||||
.addFilterBefore(authenticationFilter, BasicAuthenticationFilter.class)
|
|
||||||
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
|
|
||||||
.and()
|
|
||||||
.headers().cacheControl()
|
|
||||||
;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
@@ -93,9 +84,9 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|||||||
handler.setPermissionEvaluator(userPermissionEvaluator);
|
handler.setPermissionEvaluator(userPermissionEvaluator);
|
||||||
return handler;
|
return handler;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
public UserDetailsService userDetailsService() {
|
public UserDetailsService userDetailsService() {
|
||||||
// return (UserDetailsService) accountMapper.selectById(88L);
|
|
||||||
return username -> {
|
return username -> {
|
||||||
// 这里可以根据用户名查找用户信息,例如从数据库中查询
|
// 这里可以根据用户名查找用户信息,例如从数据库中查询
|
||||||
// 返回 UserDetails 对象
|
// 返回 UserDetails 对象
|
||||||
|
|||||||
Reference in New Issue
Block a user