TASK:证书接收测试;
This commit is contained in:
shahaibo
@@ -3,6 +3,7 @@ package com.ai.da.common.security.config;
|
|||||||
import com.ai.da.common.security.*;
|
import com.ai.da.common.security.*;
|
||||||
import com.ai.da.common.security.filter.AuthenticationFilter;
|
import com.ai.da.common.security.filter.AuthenticationFilter;
|
||||||
import com.ai.da.common.security.filter.UserAuthenticationProcessingFilter;
|
import com.ai.da.common.security.filter.UserAuthenticationProcessingFilter;
|
||||||
|
import com.ai.da.mapper.AccountMapper;
|
||||||
import org.springframework.boot.context.properties.EnableConfigurationProperties;
|
import org.springframework.boot.context.properties.EnableConfigurationProperties;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.security.authentication.AuthenticationManager;
|
import org.springframework.security.authentication.AuthenticationManager;
|
||||||
@@ -12,11 +13,14 @@ import org.springframework.security.config.annotation.web.builders.WebSecurity;
|
|||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||||
|
import org.springframework.security.core.userdetails.User;
|
||||||
|
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||||
import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler;
|
import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler;
|
||||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||||
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
|
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
|
||||||
|
|
||||||
import javax.annotation.Resource;
|
import javax.annotation.Resource;
|
||||||
|
import java.util.ArrayList;
|
||||||
|
|
||||||
@EnableWebSecurity
|
@EnableWebSecurity
|
||||||
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
||||||
@@ -45,6 +49,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|||||||
private AuthenticationFilter authenticationFilter;
|
private AuthenticationFilter authenticationFilter;
|
||||||
@Resource
|
@Resource
|
||||||
private UserPermissionEvaluator userPermissionEvaluator;
|
private UserPermissionEvaluator userPermissionEvaluator;
|
||||||
|
@Resource
|
||||||
|
private AccountMapper accountMapper;
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@@ -53,26 +59,32 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void configure(HttpSecurity httpSecurity/*, WebSecurity web*/) throws Exception {
|
protected void configure(HttpSecurity httpSecurity) throws Exception {
|
||||||
// web.ignoring().antMatchers("/test/**");//禁止所有过滤器
|
httpSecurity.cors().disable() // 禁用 CSRF
|
||||||
httpSecurity.cors().disable()//禁用 CSRF
|
.authorizeRequests()
|
||||||
.authorizeRequests()//认证请求
|
.antMatchers(securityProperties.getIgnorePaths()).permitAll()
|
||||||
.antMatchers(securityProperties.getIgnorePaths()).permitAll()//忽略的请求
|
.antMatchers("/api/third/party/your-secured-endpoint").authenticated() // 需要验证的接口
|
||||||
.anyRequest().authenticated()//其余所有的请求都需要认证
|
.anyRequest().permitAll()
|
||||||
.and().headers().frameOptions().disable()// 防止iframe 造成跨域
|
.and()
|
||||||
.and().exceptionHandling().authenticationEntryPoint(userAuthenticationEntryPointHandler)//未登录请求处理
|
.x509()
|
||||||
.accessDeniedHandler(userAuthAccessDeniedHandler)//无权限访问处理类 (此配置可以忽略,全局异常会先于Security框架处理异常,全局异常已特殊处理)
|
.subjectPrincipalRegex("CN=(.*?)(?:,|$)")
|
||||||
.and().formLogin().loginProcessingUrl(securityProperties.getAuthApi())//指定认证接口
|
.userDetailsService(userDetailsService())
|
||||||
.successHandler(userLoginSuccessHandler)//登录成功处理器
|
.and()
|
||||||
.failureHandler(userLoginFailureHandler)//登录失败处理器
|
.exceptionHandling()
|
||||||
.and().cors().and().csrf().disable();//允许跨域
|
.authenticationEntryPoint(userAuthenticationEntryPointHandler)
|
||||||
//自定义过滤器在登录时认证用户名、密码
|
.accessDeniedHandler(userAuthAccessDeniedHandler)
|
||||||
httpSecurity.addFilterAt(userAuthenticationProcessingFilter, UsernamePasswordAuthenticationFilter.class)
|
.and()
|
||||||
.addFilterBefore(authenticationFilter, BasicAuthenticationFilter.class);
|
.formLogin()
|
||||||
//不创建session会话
|
.loginProcessingUrl(securityProperties.getAuthApi())
|
||||||
httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
|
.successHandler(userLoginSuccessHandler)
|
||||||
//取消头缓存控制
|
.failureHandler(userLoginFailureHandler)
|
||||||
httpSecurity.headers().cacheControl();
|
.and()
|
||||||
|
.addFilterAt(userAuthenticationProcessingFilter, UsernamePasswordAuthenticationFilter.class)
|
||||||
|
.addFilterBefore(authenticationFilter, BasicAuthenticationFilter.class)
|
||||||
|
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
|
||||||
|
.and()
|
||||||
|
.headers().cacheControl()
|
||||||
|
;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
@@ -81,4 +93,13 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|||||||
handler.setPermissionEvaluator(userPermissionEvaluator);
|
handler.setPermissionEvaluator(userPermissionEvaluator);
|
||||||
return handler;
|
return handler;
|
||||||
}
|
}
|
||||||
|
@Bean
|
||||||
|
public UserDetailsService userDetailsService() {
|
||||||
|
// return (UserDetailsService) accountMapper.selectById(88L);
|
||||||
|
return username -> {
|
||||||
|
// 这里可以根据用户名查找用户信息,例如从数据库中查询
|
||||||
|
// 返回 UserDetails 对象
|
||||||
|
return new User(username, "", new ArrayList<>());
|
||||||
|
};
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -7,11 +7,14 @@ import com.ai.da.service.AccountService;
|
|||||||
import io.swagger.annotations.Api;
|
import io.swagger.annotations.Api;
|
||||||
import io.swagger.annotations.ApiOperation;
|
import io.swagger.annotations.ApiOperation;
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
|
import org.springframework.security.core.annotation.AuthenticationPrincipal;
|
||||||
|
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
|
||||||
import org.springframework.web.bind.annotation.*;
|
import org.springframework.web.bind.annotation.*;
|
||||||
|
|
||||||
import javax.annotation.Resource;
|
import javax.annotation.Resource;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.validation.Valid;
|
import javax.validation.Valid;
|
||||||
|
import java.security.cert.X509Certificate;
|
||||||
|
|
||||||
|
|
||||||
@Api(tags = "Third Party Modules")
|
@Api(tags = "Third Party Modules")
|
||||||
@@ -62,4 +65,22 @@ public class ThirdPartyController {
|
|||||||
public Response<Boolean> existNoLoginRequired(@RequestBody NoLoginRequiredDTO noLoginRequiredDTO) {
|
public Response<Boolean> existNoLoginRequired(@RequestBody NoLoginRequiredDTO noLoginRequiredDTO) {
|
||||||
return Response.success(accountService.existNoLoginRequired(noLoginRequiredDTO));
|
return Response.success(accountService.existNoLoginRequired(noLoginRequiredDTO));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@GetMapping("/your-secured-endpoint")
|
||||||
|
// @PreAuthorize("hasRole('ROLE_USER')")
|
||||||
|
public String securedEndpoint(HttpServletRequest request, @AuthenticationPrincipal PreAuthenticatedAuthenticationToken authenticationToken) {
|
||||||
|
// 从请求属性中获取证书
|
||||||
|
X509Certificate[] certificates = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
|
||||||
|
if (certificates != null && certificates.length > 0) {
|
||||||
|
X509Certificate clientCertificate = certificates[0];
|
||||||
|
// 可以从 clientCertificate 中获取证书信息,例如主题、颁发者等
|
||||||
|
String subject = clientCertificate.getSubjectX500Principal().getName();
|
||||||
|
String issuer = clientCertificate.getIssuerX500Principal().getName();
|
||||||
|
// 处理逻辑
|
||||||
|
return "Secured Endpoint. Client Subject: " + subject + ", Issuer: " + issuer;
|
||||||
|
} else {
|
||||||
|
// 证书不存在或获取失败
|
||||||
|
return "Failed to retrieve client certificate.";
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user