package com.vincent.rsf.server.common.security;
|
|
import com.vincent.rsf.server.common.constant.Constants;
|
import com.vincent.rsf.server.common.utils.CommonUtil;
|
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Configuration;
|
import org.springframework.http.HttpMethod;
|
import org.springframework.security.access.AccessDeniedException;
|
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
import org.springframework.security.config.http.SessionCreationPolicy;
|
import org.springframework.security.core.AuthenticationException;
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
import org.springframework.security.web.AuthenticationEntryPoint;
|
import org.springframework.security.web.access.AccessDeniedHandler;
|
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
import org.springframework.stereotype.Component;
|
|
import javax.annotation.Resource;
|
import javax.servlet.ServletException;
|
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletResponse;
|
import java.io.IOException;
|
|
/**
|
* Spring Security配置
|
*
|
*/
|
@Configuration
|
@EnableWebSecurity
|
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|
public static final String[] FILTER_PATH = new String[]{
|
"/demo/**",
|
"/test/**",
|
"/system/info",
|
"/tenant/list",
|
"/email/code",
|
"/pda/login",
|
"/erp/**",
|
"/login",
|
"/register",
|
"/druid/**",
|
"/doc.html",
|
"/swagger-ui.html",
|
"/swagger-resources/**",
|
"/webjars/**",
|
"/v2/api-docs/**",
|
"/v3/api-docs/**",
|
"/swagger-ui/**",
|
"/ws/**",
|
"/wcs/**",
|
"/mcp/**"
|
};
|
|
@Resource
|
private JwtAccessDeniedHandler jwtAccessDeniedHandler;
|
@Resource
|
private JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
|
@Resource
|
private JwtAuthenticationFilter jwtAuthenticationFilter;
|
|
@Override
|
protected void configure(HttpSecurity http) throws Exception {
|
http.authorizeRequests()
|
.antMatchers(HttpMethod.OPTIONS, "/**")
|
.permitAll()
|
.antMatchers(HttpMethod.GET, "/file/**", "/captcha", "/")
|
.permitAll()
|
.antMatchers(FILTER_PATH)
|
.permitAll()
|
.anyRequest()
|
.authenticated()
|
.and()
|
.sessionManagement()
|
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
|
.and()
|
.csrf()
|
.disable()
|
.cors()
|
.and()
|
.logout()
|
.disable()
|
.headers()
|
.frameOptions()
|
.disable()
|
.and()
|
.exceptionHandling()
|
.accessDeniedHandler(jwtAccessDeniedHandler)
|
.authenticationEntryPoint(jwtAuthenticationEntryPoint)
|
.and()
|
.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
|
}
|
|
@Bean
|
public BCryptPasswordEncoder bCryptPasswordEncoder() {
|
return new BCryptPasswordEncoder();
|
}
|
|
// 没有访问权限异常处理
|
@Component
|
static class JwtAccessDeniedHandler implements AccessDeniedHandler {
|
|
@Override
|
public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException e)
|
throws IOException, ServletException {
|
CommonUtil.responseError(response, Constants.UNAUTHORIZED_CODE, Constants.UNAUTHORIZED_MSG, e.getMessage());
|
}
|
|
}
|
|
// 没有登录异常处理
|
@Component
|
static class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint {
|
|
@Override
|
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException e)
|
throws IOException, ServletException {
|
CommonUtil.responseError(response, Constants.UNAUTHENTICATED_CODE, Constants.UNAUTHENTICATED_MSG,
|
e.getMessage());
|
}
|
|
}
|
|
}
|
