| ¶Ô±ÈÐÂÎļþ |
| | |
|---|
| | | package com.ruoyi.framework.config; |
|---|
| | | |
|---|
| | | import org.springframework.beans.factory.annotation.Autowired; |
|---|
| | | import org.springframework.context.annotation.Bean; |
|---|
| | | import org.springframework.http.HttpMethod; |
|---|
| | | import org.springframework.security.authentication.AuthenticationManager; |
|---|
| | | import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; |
|---|
| | | import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; |
|---|
| | | import org.springframework.security.config.annotation.web.builders.HttpSecurity; |
|---|
| | | import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; |
|---|
| | | import org.springframework.security.config.http.SessionCreationPolicy; |
|---|
| | | import org.springframework.security.core.userdetails.UserDetailsService; |
|---|
| | | import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; |
|---|
| | | import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; |
|---|
| | | import com.ruoyi.framework.security.filter.JwtAuthenticationTokenFilter; |
|---|
| | | import com.ruoyi.framework.security.handle.AuthenticationEntryPointImpl; |
|---|
| | | import com.ruoyi.framework.security.handle.LogoutSuccessHandlerImpl; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * spring securityé
ç½® |
|---|
| | | * |
|---|
| | | * @author ruoyi |
|---|
| | | */ |
|---|
| | | @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true) |
|---|
| | | public class SecurityConfig extends WebSecurityConfigurerAdapter |
|---|
| | | { |
|---|
| | | /** |
|---|
| | | * èªå®ä¹ç¨æ·è®¤è¯é»è¾ |
|---|
| | | */ |
|---|
| | | @Autowired |
|---|
| | | private UserDetailsService userDetailsService; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 认è¯å¤±è´¥å¤çç±» |
|---|
| | | */ |
|---|
| | | @Autowired |
|---|
| | | private AuthenticationEntryPointImpl unauthorizedHandler; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * éåºå¤çç±» |
|---|
| | | */ |
|---|
| | | @Autowired |
|---|
| | | private LogoutSuccessHandlerImpl logoutSuccessHandler; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * token认è¯è¿æ»¤å¨ |
|---|
| | | */ |
|---|
| | | @Autowired |
|---|
| | | private JwtAuthenticationTokenFilter authenticationTokenFilter; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * è§£å³ æ æ³ç´æ¥æ³¨å
¥ AuthenticationManager |
|---|
| | | * |
|---|
| | | * @return |
|---|
| | | * @throws Exception |
|---|
| | | */ |
|---|
| | | @Bean |
|---|
| | | @Override |
|---|
| | | public AuthenticationManager authenticationManagerBean() throws Exception |
|---|
| | | { |
|---|
| | | return super.authenticationManagerBean(); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * anyRequest | å¹é
ææ请æ±è·¯å¾ |
|---|
| | | * access | SpringEl表达å¼ç»æ为trueæ¶å¯ä»¥è®¿é® |
|---|
| | | * anonymous | å¿åå¯ä»¥è®¿é® |
|---|
| | | * denyAll | ç¨æ·ä¸è½è®¿é® |
|---|
| | | * fullyAuthenticated | ç¨æ·å®å
¨è®¤è¯å¯ä»¥è®¿é®ï¼éremember-meä¸èªå¨ç»å½ï¼ |
|---|
| | | * hasAnyAuthority | å¦ææåæ°ï¼åæ°è¡¨ç¤ºæéï¼åå
¶ä¸ä»»ä½ä¸ä¸ªæéå¯ä»¥è®¿é® |
|---|
| | | * hasAnyRole | å¦ææåæ°ï¼åæ°è¡¨ç¤ºè§è²ï¼åå
¶ä¸ä»»ä½ä¸ä¸ªè§è²å¯ä»¥è®¿é® |
|---|
| | | * hasAuthority | å¦ææåæ°ï¼åæ°è¡¨ç¤ºæéï¼åå
¶æéå¯ä»¥è®¿é® |
|---|
| | | * hasIpAddress | å¦ææåæ°ï¼åæ°è¡¨ç¤ºIPå°åï¼å¦æç¨æ·IPååæ°å¹é
ï¼åå¯ä»¥è®¿é® |
|---|
| | | * hasRole | å¦ææåæ°ï¼åæ°è¡¨ç¤ºè§è²ï¼åå
¶è§è²å¯ä»¥è®¿é® |
|---|
| | | * permitAll | ç¨æ·å¯ä»¥ä»»æè®¿é® |
|---|
| | | * rememberMe | å
许éè¿remember-meç»å½çç¨æ·è®¿é® |
|---|
| | | * authenticated | ç¨æ·ç»å½åå¯è®¿é® |
|---|
| | | */ |
|---|
| | | @Override |
|---|
| | | protected void configure(HttpSecurity httpSecurity) throws Exception |
|---|
| | | { |
|---|
| | | httpSecurity |
|---|
| | | // CRSFç¦ç¨ï¼å 为ä¸ä½¿ç¨session |
|---|
| | | .csrf().disable() |
|---|
| | | // 认è¯å¤±è´¥å¤çç±» |
|---|
| | | .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and() |
|---|
| | | // åºäºtokenï¼æ以ä¸éè¦session |
|---|
| | | .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() |
|---|
| | | // è¿æ»¤è¯·æ± |
|---|
| | | .authorizeRequests() |
|---|
| | | // 对äºç»å½login éªè¯ç captchaImage å
许å¿åè®¿é® |
|---|
| | | .antMatchers("/login", "/captchaImage").anonymous() |
|---|
| | | .antMatchers( |
|---|
| | | HttpMethod.GET, |
|---|
| | | "/*.html", |
|---|
| | | "/**/*.html", |
|---|
| | | "/**/*.css", |
|---|
| | | "/**/*.js" |
|---|
| | | ).permitAll() |
|---|
| | | .antMatchers("/profile/**").anonymous() |
|---|
| | | .antMatchers("/common/download**").anonymous() |
|---|
| | | .antMatchers("/common/download/resource**").anonymous() |
|---|
| | | .antMatchers("/swagger-ui.html").anonymous() |
|---|
| | | .antMatchers("/swagger-resources/**").anonymous() |
|---|
| | | .antMatchers("/webjars/**").anonymous() |
|---|
| | | .antMatchers("/*/api-docs").anonymous() |
|---|
| | | .antMatchers("/druid/**").anonymous() |
|---|
| | | // é¤ä¸é¢å¤çææ请æ±å
¨é¨éè¦é´æè®¤è¯ |
|---|
| | | .anyRequest().authenticated() |
|---|
| | | .and() |
|---|
| | | .headers().frameOptions().disable(); |
|---|
| | | httpSecurity.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler); |
|---|
| | | // æ·»å JWT filter |
|---|
| | | httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class); |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 强æ£ååå¸å å¯å®ç° |
|---|
| | | */ |
|---|
| | | @Bean |
|---|
| | | public BCryptPasswordEncoder bCryptPasswordEncoder() |
|---|
| | | { |
|---|
| | | return new BCryptPasswordEncoder(); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 身份认è¯æ¥å£ |
|---|
| | | */ |
|---|
| | | @Override |
|---|
| | | protected void configure(AuthenticationManagerBuilder auth) throws Exception |
|---|
| | | { |
|---|
| | | auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder()); |
|---|
| | | } |
|---|
| | | } |
|---|
