blame | 历史 | 补丁 | 提交 | 提交对比 | ignore whitespace
skyouc
2025-08-07 d52bab61f91056e75e60ddeda76a72cd1bd63615 
 zy-asrs-wms/src/main/java/com/zy/asrs/wms/common/security/SecurityConfig.java


@@ -1,120 +1,120 @@


package com.zy.asrs.wms.common.security;




import com.zy.asrs.wms.common.constant.Constants;


import com.zy.asrs.wms.utils.HttpUtils;


import org.springframework.context.annotation.Bean;


import org.springframework.context.annotation.Configuration;


import org.springframework.http.HttpMethod;


import org.springframework.security.access.AccessDeniedException;


import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;


import org.springframework.security.config.annotation.web.builders.HttpSecurity;


import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;


import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;


import org.springframework.security.config.http.SessionCreationPolicy;


import org.springframework.security.core.AuthenticationException;


import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;


import org.springframework.security.web.AuthenticationEntryPoint;


import org.springframework.security.web.access.AccessDeniedHandler;


import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;


import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;


import org.springframework.stereotype.Component;




import javax.annotation.Resource;


import javax.servlet.http.HttpServletRequest;


import javax.servlet.http.HttpServletResponse;




/**


 * Spring Security配置


 *


 */


@Configuration


@EnableWebSecurity


@EnableGlobalMethodSecurity(prePostEnabled = true)


public class SecurityConfig extends WebSecurityConfigurerAdapter {




    public static final String[] FILTER_PATH = new String[]{


            "/api/auth/host",


            "/api/language/json",


            "/test/**",


            "/api/login",


            "/api/code/auth",


            "/druid/**",


            "/swagger-ui.html",


            "/swagger-resources/**",


            "/webjars/**",


            "/v2/api-docs",


            "/v3/api-docs",


            "/swagger-ui/**"


    };




    @Resource


    private JwtAccessDeniedHandler jwtAccessDeniedHandler;


    @Resource


    private JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;


    @Resource


    private JwtAuthenticationFilter jwtAuthenticationFilter;


    @Resource


    private CacheFilter cacheFilter;




    @Override


    protected void configure(HttpSecurity http) throws Exception {


        http.authorizeRequests()


                .antMatchers(HttpMethod.OPTIONS, "/**")


                .permitAll()


                .antMatchers(HttpMethod.GET, "/api/file/**", "/api/captcha", "/")


                .permitAll()


                .antMatchers(FILTER_PATH)


                .permitAll()


                .anyRequest()


                .authenticated()


                .and()


                .sessionManagement()


                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)


                .and()


                .csrf()


                .disable()


                .cors()


                .and()


                .logout()


                .disable()


                .headers()


                .frameOptions()


                .disable()


                .and()


                .exceptionHandling()


                .accessDeniedHandler(jwtAccessDeniedHandler)


                .authenticationEntryPoint(jwtAuthenticationEntryPoint)


                .and()


                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)


                .addFilterBefore(cacheFilter, BasicAuthenticationFilter.class);


    }




    @Bean


    public BCryptPasswordEncoder bCryptPasswordEncoder() {


        return new BCryptPasswordEncoder();


    }




    // 没有访问权限异常处理


    @Component


    static class JwtAccessDeniedHandler implements AccessDeniedHandler {




        @Override


        public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException e) {


            HttpUtils.responseError(response, Constants.UNAUTHORIZED_CODE, Constants.UNAUTHORIZED_MSG, e.getMessage());


        }




    }




    // 没有登录异常处理


    @Component


    static class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint {




        @Override


        public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException e) {


            HttpUtils.responseError(response, Constants.UNAUTHENTICATED_CODE, Constants.UNAUTHENTICATED_MSG,


                    e.getMessage());


        }




    }




}


package com.zy.asrs.wms.common.security;







import com.zy.asrs.wms.common.constant.Constants;



import com.zy.asrs.wms.utils.HttpUtils;



import org.springframework.context.annotation.Bean;



import org.springframework.context.annotation.Configuration;



import org.springframework.http.HttpMethod;



import org.springframework.security.access.AccessDeniedException;



import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;



import org.springframework.security.config.annotation.web.builders.HttpSecurity;



import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;



import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;



import org.springframework.security.config.http.SessionCreationPolicy;



import org.springframework.security.core.AuthenticationException;



import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;



import org.springframework.security.web.AuthenticationEntryPoint;



import org.springframework.security.web.access.AccessDeniedHandler;



import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;



import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;



import org.springframework.stereotype.Component;







import javax.annotation.Resource;



import javax.servlet.http.HttpServletRequest;



import javax.servlet.http.HttpServletResponse;







/**



 * Spring Security配置



 *



 */



@Configuration



@EnableWebSecurity



@EnableGlobalMethodSecurity(prePostEnabled = true)



public class SecurityConfig extends WebSecurityConfigurerAdapter {







    public static final String[] FILTER_PATH = new String[]{



            "/api/auth/host",



            "/api/language/json",



            "/test/**",



            "/api/login",



            "/api/code/auth",



            "/druid/**",



            "/swagger-ui.html",



            "/swagger-resources/**",



            "/webjars/**",



            "/v2/api-docs",



            "/v3/api-docs",



            "/swagger-ui/**"



    };







    @Resource



    private JwtAccessDeniedHandler jwtAccessDeniedHandler;



    @Resource



    private JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;



    @Resource



    private JwtAuthenticationFilter jwtAuthenticationFilter;



    @Resource



    private CacheFilter cacheFilter;







    @Override



    protected void configure(HttpSecurity http) throws Exception {



        http.authorizeRequests()



                .antMatchers("/**").permitAll()



                .antMatchers(HttpMethod.GET, "/api/file/**", "/api/captcha", "/")



                .permitAll()



                .antMatchers(FILTER_PATH)



                .permitAll()



                .anyRequest()



                .authenticated()



                .and()



                .sessionManagement()



                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)



                .and()



                .csrf()



                .disable()



                .cors()



                .and()



                .logout()



                .disable()



                .headers()



                .frameOptions()



                .disable()



                .and()



                .exceptionHandling()



                .accessDeniedHandler(jwtAccessDeniedHandler)



                .authenticationEntryPoint(jwtAuthenticationEntryPoint)



                .and()



                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)



                .addFilterBefore(cacheFilter, BasicAuthenticationFilter.class);



    }











    @Bean



    public BCryptPasswordEncoder bCryptPasswordEncoder() {



        return new BCryptPasswordEncoder();



    }







    // 没有访问权限异常处理



    @Component



    static class JwtAccessDeniedHandler implements AccessDeniedHandler {







        @Override



        public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException e) {



            HttpUtils.responseError(response, Constants.UNAUTHORIZED_CODE, Constants.UNAUTHORIZED_MSG, e.getMessage());



        }







    }







    // 没有登录异常处理



    @Component



    static class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint {







        @Override



        public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException e) {



            HttpUtils.responseError(response, Constants.UNAUTHENTICATED_CODE, Constants.UNAUTHENTICATED_MSG,



                    e.getMessage());



        }







    }







}