package com.calm.auth.config;
import com.calm.auth.filter.JwtTokenFilter;
import com.calm.auth.handle.*;
import com.calm.auth.service.CalmUserService;
import com.calm.common.auth.CurrentSecurityUserUtils;
import lombok.extern.slf4j.Slf4j;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
/**
* <p>
* explain:
* <p>
* 本质上是由多个过滤器链组成的
* FilterSecurityInterceptor 最后一个执行的过滤器
* ExceptionTranslationFilter 异常抛出的过滤器
* UsernamePasswordAuthenticationFilter 对login的post请求拦截,检验表单中的用户名和密码
*
* </p>
* <p>
* 学习视频达到第十五节:
* <p>
* https://www.bilibili.com/video/BV15a411A7kP?p=15
*
* @author wangjunming
* @since 2021/2/11 17:11
*/
@Slf4j
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
/**
* 未授权拦截器
*/
@Bean
public UnAuthenticationEntryPoint unAuthenticationEntryPoint() {
return new UnAuthenticationEntryPoint();
}
/**
* 登陆成功处理器
*/
@Bean
public AuthSuccessHandler authSuccessHandler() {
return new AuthSuccessHandler();
}
/**
* 登陆成功后,访问未授权接口
*/
@Bean
public UnAuthenticationHandler unAuthenticationHandler() {
return new UnAuthenticationHandler();
}
/**
* 登录失败处理器
*/
@Bean
public AuthFailureHandler authFailureHandler() {
return new AuthFailureHandler();
}
/**
* 退出登录成功处理器
*/
@Bean
public AuthLogoutHandler authLogoutHandler() {
return new AuthLogoutHandler();
}
/**
* 密码处理类
*/
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
/**
* security中的用户信息
*/
@Bean
public CalmUserService calmUserService() {
return new CalmUserService();
}
/**
* 自定义用户认证拦截器
*/
@Bean
public JwtTokenFilter jwtTokenFilter() throws Exception {
JwtTokenFilter jwtTokenFilter = new JwtTokenFilter(calmUserService(), passwordEncoder());
jwtTokenFilter.setAuthenticationSuccessHandler(authSuccessHandler());
jwtTokenFilter.setAuthenticationFailureHandler(authFailureHandler());
jwtTokenFilter.setAuthenticationManager(authenticationManager());
return jwtTokenFilter;
}
/**
* 自定义token认证拦截器,只要不是/login请求的则都需要在请求头上添加token
*/
// @Bean
// public JwtRequestFilter jwtRequestFilter() {
// return new JwtRequestFilter(calmUserService());
// }
@Bean
@Override
protected AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManager();
}
/**
* 身份验证管理器
*/
@Override
protected void configure(AuthenticationManagerBuilder manager) throws Exception {
manager
.userDetailsService(calmUserService())
.passwordEncoder(passwordEncoder());
}
/**
* 静态资源的请求路径
*/
private static final String[] IGNORING_MATCHERS = {"/css/**", "/error/**", "/static/**", "/instances/**", "/actuator/**",
"/font/**", "/icon/**", "/images/**", "/js/**", "/json/**", "/layui/**", "/favicon.ico"};
/**
* 放过静态资源的请求
*/
@Override
public void configure(WebSecurity web) {
web.ignoring().antMatchers(IGNORING_MATCHERS);
}
/**
* 安全拦截放过的URL路径:"/p/**"-服务内部进行请求的接口
*/
private static final String[] MATCHERS_PERMIT_ALL = {
"/instances/**", "/instances", "/actuator/**", "/actuator/health", "/details",
"/swagger-ui/**", "/swagger-resources/**", "/v2/api-docs/**",
"/favicon.ico",
"/login", "/"
};
/**
* 权限认证管理器
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
//可以指定未授权时所跳转的路径,即自定义403页面
http.exceptionHandling().accessDeniedPage("/index");
//处理前端请求跨域的问题,参考:https://blog.csdn.net/davylee2008/article/details/61420751
http.headers().frameOptions().sameOrigin();
//配置退出登录
http.logout()
.logoutUrl(CurrentSecurityUserUtils.LOGOUT_URL)
//退出登录的处理--不能与logoutSuccessUrl同时使用,如果同时配置,则优先使用logoutSuccessUrl的配置。此配置主要是将pc端的cookie中用户信息进行清除
.logoutSuccessHandler(authLogoutHandler())
.and()
//不需要登录认证的路径
.authorizeRequests().antMatchers(MATCHERS_PERMIT_ALL).permitAll()
//其余请求都需要登录认证通过
.anyRequest().authenticated()
//跨域
.and().cors()
//禁用跨站csrf攻击防御
.and().csrf().disable();
http.exceptionHandling()
//登录但未授权拦截
.accessDeniedHandler(unAuthenticationHandler())
//未登录拦截
.authenticationEntryPoint(unAuthenticationEntryPoint());
//表示Spring Security永远不会创建一个session,也不会通过sessionID获取用户信息
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
//关于springsecurity中过滤器的执行顺序详细讲解
// 参考:1、https://www.cnblogs.com/summerday152/p/13635948.html
// 2、https://blog.csdn.net/qq_36882793/article/details/102869583
//在验证token之前进行验证
// http.addFilterBefore(jwtRequestFilter(), JwtTokenFilter.class);
//在这里也就意味着,会先执行 jwtTokenFilter 再次执行 UsernamePasswordAuthenticationFilter
http.addFilterAt(jwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
http.rememberMe();
}
}
calm-cloud:实践搭建:springcloud + nacos +网关+ springsecurity
5星 · 超过95%的资源 需积分: 37 36 浏览量
2021-03-30
11:31:22
上传
评论
收藏 8.14MB ZIP 举报 
calm-cloud:实践搭建:springcloud + nacos +网关+ springsecurity (499个子文件) 
bootstrap.min.css 138KB bootstrap.min.css 138KB bootstrap.min.css 122KB okadmin.animate.css 86KB material-design-iconic-font.css 83KB util.css 82KB layui.css 73KB iconfont.css 72KB material-design-iconic-font.min.css 69KB font-awesome.css 37KB font-awesome.min.css 30KB okadmin.css 20KB layer.css 14KB layx.min.css 11KB layui.mobile.css 10KB main.css 8KB demo.css 8KB laydate.css 7KB toastr.min.css 7KB oksub.css 5KB common.css 4KB style.css 4KB style.css 4KB okadmin.theme.css 3KB okLoading.css 2KB nprogress.css 1KB code.css 1KB jquery.contextMenu.css 1KB fontawesome-webfont.eot 162KB iconfont.eot 91KB iconfont.eot 46KB Material-Design-Iconic-Font.eot 41KB
59.gif 10KB 22.gif 10KB 24.gif 8KB 13.gif 7KB 16.gif 7KB 39.gif 6KB 64.gif 6KB 63.gif 6KB 50.gif 6KB loading-0.gif 6KB 4.gif 6KB 1.gif 5KB 42.gif 5KB 71.gif 5KB 21.gif 5KB 20.gif 5KB 29.gif 5KB 70.gif 4KB 5.gif 4KB 17.gif 4KB 27.gif 4KB 9.gif 4KB 44.gif 4KB 11.gif 4KB 8.gif 4KB 3.gif 4KB 23.gif 4KB 34.gif 4KB 41.gif 4KB 38.gif 4KB 65.gif 3KB 32.gif 3KB 45.gif 3KB 7.gif 3KB 12.gif 3KB 26.gif 3KB 60.gif 3KB 2.gif 3KB 40.gif 3KB 25.gif 3KB 19.gif 3KB 66.gif 3KB 18.gif 3KB 46.gif 3KB 10.gif 3KB 28.gif 3KB 51.gif 3KB 57.gif 3KB 67.gif 3KB 0.gif 3KB 48.gif 3KB 43.gif 3KB 30.gif 2KB 61.gif 2KB 33.gif 2KB 69.gif 2KB 14.gif 2KB 47.gif 2KB 36.gif 2KB 49.gif 2KB 58.gif 2KB 6.gif 2KB 54.gif 2KB 53.gif 2KB 56.gif 2KB 62.gif 2KB 31.gif 2KB 55.gif 2KB共 499 条
- 1
- 2
- 3
- 4
- 5
评论5