能源管控
blame | 历史 | 原始文档
liulingling.177216
2024-08-26 349f1cfc5fa77fbc636d542df0d8050fddec48c2 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

package com.dingzhuo.energy.framework.config;


 


import com.dingzhuo.energy.framework.security.filter.JwtAuthenticationTokenFilter;


import com.dingzhuo.energy.framework.security.handle.AuthenticationEntryPointImpl;


import com.dingzhuo.energy.framework.security.handle.LogoutSuccessHandlerImpl;


import org.springframework.beans.factory.annotation.Autowired;


import org.springframework.context.annotation.Bean;


import org.springframework.http.HttpMethod;


import org.springframework.security.authentication.AuthenticationManager;


import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;


import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;


import org.springframework.security.config.annotation.web.builders.HttpSecurity;


import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;


import org.springframework.security.config.http.SessionCreationPolicy;


import org.springframework.security.core.userdetails.UserDetailsService;


import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;


import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;


 


/**


 * spring security配置


 *


 * @author ruoyi


 */


@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)


public class SecurityConfig extends WebSecurityConfigurerAdapter {


 


  /**


   * 自定义用户认证逻辑


   */


  @Autowired


  private UserDetailsService userDetailsService;


 


  /**


   * 认证失败处理类


   */


  @Autowired


  private AuthenticationEntryPointImpl unauthorizedHandler;


 


  /**


   * 退出处理类


   */


  @Autowired


  private LogoutSuccessHandlerImpl logoutSuccessHandler;


 


  /**


   * token认证过滤器


   */


  @Autowired


  private JwtAuthenticationTokenFilter authenticationTokenFilter;


 


  /**


   * 解决 无法直接注入 AuthenticationManager


   *


   * @return


   * @throws Exception


   */


  @Bean


  @Override


  public AuthenticationManager authenticationManagerBean() throws Exception {


    return super.authenticationManagerBean();


  }


 


  /**


   * anyRequest          |   匹配所有请求路径 access              |   SpringEl表达式结果为true时可以访问 anonymous |


   * 匿名可以访问 denyAll             |   用户不能访问 fullyAuthenticated  | 用户完全认证可以访问(非remember-me下自动登录)


   * hasAnyAuthority     |   如果有参数,参数表示权限,则其中任何一个权限可以访问 hasAnyRole |   如果有参数,参数表示角色,则其中任何一个角色可以访问


   * hasAuthority        |   如果有参数,参数表示权限,则其权限可以访问 hasIpAddress |   如果有参数,参数表示IP地址,如果用户IP和参数匹配,则可以访问


   * hasRole             |   如果有参数,参数表示角色,则其角色可以访问 permitAll           |   用户可以任意访问 rememberMe


   * |   允许通过remember-me登录的用户访问 authenticated |   用户登录后可访问


   */


  @Override


  protected void configure(HttpSecurity httpSecurity) throws Exception {


    httpSecurity


        // CRSF禁用,因为不使用session


        .csrf().disable()


        // 认证失败处理类


        .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()


        // 基于token,所以不需要session


        .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()


        // 过滤请求


        .authorizeRequests()


        // 对于登录login 验证码captchaImage 允许匿名访问


        .antMatchers("/login", "/captchaImage").anonymous()


        .antMatchers(


            HttpMethod.GET,


            "/*.html",


            "/**/*.html",


            "/**/*.css",


            "/**/*.js"


        ).permitAll()


        .antMatchers("/profile/**").anonymous()


        .antMatchers("/common/download**").anonymous()


        .antMatchers("/swagger-ui.html").anonymous()


        .antMatchers("/swagger-resources/**").anonymous()


        .antMatchers("/webjars/**").anonymous()


        .antMatchers("/*/api-docs").anonymous()


        .antMatchers("/druid/**").anonymous()


//                .antMatchers("/energyAlarm/**").anonymous()


        // 除上面外的所有请求全部需要鉴权认证


        .anyRequest().authenticated()


//        .anyRequest().anonymous()


        .and()


        .headers().frameOptions().disable();


    httpSecurity.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);


    // 添加JWT filter


    httpSecurity


        .addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);


  }


 


 


  /**


   * 强散列哈希加密实现


   */


  @Bean


  public BCryptPasswordEncoder bCryptPasswordEncoder() {


    return new BCryptPasswordEncoder();


  }


 


  /**


   * 身份认证接口


   */


  @Override


  protected void configure(AuthenticationManagerBuilder auth) throws Exception {


    auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());


  }


}