| package com.vincent.rsf.server.common.security; | 
|   | 
| import com.vincent.rsf.server.common.constant.Constants; | 
| import com.vincent.rsf.server.common.utils.CommonUtil; | 
| import org.springframework.context.annotation.Bean; | 
| import org.springframework.context.annotation.Configuration; | 
| import org.springframework.http.HttpMethod; | 
| import org.springframework.security.access.AccessDeniedException; | 
| import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; | 
| import org.springframework.security.config.annotation.web.builders.HttpSecurity; | 
| import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; | 
| import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; | 
| import org.springframework.security.config.http.SessionCreationPolicy; | 
| import org.springframework.security.core.AuthenticationException; | 
| import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; | 
| import org.springframework.security.web.AuthenticationEntryPoint; | 
| import org.springframework.security.web.access.AccessDeniedHandler; | 
| import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; | 
| import org.springframework.stereotype.Component; | 
|   | 
| import javax.annotation.Resource; | 
| import javax.servlet.ServletException; | 
| import javax.servlet.http.HttpServletRequest; | 
| import javax.servlet.http.HttpServletResponse; | 
| import java.io.IOException; | 
|   | 
| /** | 
|  * Spring Security配置 | 
|  * | 
|  */ | 
| @Configuration | 
| @EnableWebSecurity | 
| @EnableGlobalMethodSecurity(prePostEnabled = true) | 
| public class SecurityConfig extends WebSecurityConfigurerAdapter { | 
|   | 
|     public static final String[] FILTER_PATH = new String[]{ | 
|             "/demo/**", | 
|             "/test/**", | 
|             "/system/info", | 
|             "/tenant/list", | 
|             "/email/code", | 
|             "/pda/login", | 
|             "/erp/**", | 
|             "/login", | 
|             "/register", | 
|             "/druid/**", | 
|             "/doc.html", | 
|             "/swagger-ui.html", | 
|             "/swagger-resources/**", | 
|             "/webjars/**", | 
|             "/v2/api-docs/**", | 
|             "/v3/api-docs/**", | 
|             "/swagger-ui/**", | 
|             "/ws/**" | 
|     }; | 
|   | 
|     @Resource | 
|     private JwtAccessDeniedHandler jwtAccessDeniedHandler; | 
|     @Resource | 
|     private JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint; | 
|     @Resource | 
|     private JwtAuthenticationFilter jwtAuthenticationFilter; | 
|   | 
|     @Override | 
|     protected void configure(HttpSecurity http) throws Exception { | 
|         http.authorizeRequests() | 
|                 .antMatchers(HttpMethod.OPTIONS, "/**") | 
|                 .permitAll() | 
|                 .antMatchers(HttpMethod.GET, "/file/**", "/captcha", "/") | 
|                 .permitAll() | 
|                 .antMatchers(FILTER_PATH) | 
|                 .permitAll() | 
|                 .anyRequest() | 
|                 .authenticated() | 
|                 .and() | 
|                 .sessionManagement() | 
|                 .sessionCreationPolicy(SessionCreationPolicy.STATELESS) | 
|                 .and() | 
|                 .csrf() | 
|                 .disable() | 
|                 .cors() | 
|                 .and() | 
|                 .logout() | 
|                 .disable() | 
|                 .headers() | 
|                 .frameOptions() | 
|                 .disable() | 
|                 .and() | 
|                 .exceptionHandling() | 
|                 .accessDeniedHandler(jwtAccessDeniedHandler) | 
|                 .authenticationEntryPoint(jwtAuthenticationEntryPoint) | 
|                 .and() | 
|                 .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class); | 
|     } | 
|   | 
|     @Bean | 
|     public BCryptPasswordEncoder bCryptPasswordEncoder() { | 
|         return new BCryptPasswordEncoder(); | 
|     } | 
|   | 
|     // 没有访问权限异常处理 | 
|     @Component | 
|     static class JwtAccessDeniedHandler implements AccessDeniedHandler { | 
|   | 
|         @Override | 
|         public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException e) | 
|                 throws IOException, ServletException { | 
|             CommonUtil.responseError(response, Constants.UNAUTHORIZED_CODE, Constants.UNAUTHORIZED_MSG, e.getMessage()); | 
|         } | 
|   | 
|     } | 
|   | 
|     // 没有登录异常处理 | 
|     @Component | 
|     static class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint { | 
|   | 
|         @Override | 
|         public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException e) | 
|                 throws IOException, ServletException { | 
|             CommonUtil.responseError(response, Constants.UNAUTHENTICATED_CODE, Constants.UNAUTHENTICATED_MSG, | 
|                     e.getMessage()); | 
|         } | 
|   | 
|     } | 
|   | 
| } |