| | |
|---|
| | | package com.ruoyi.framework.config; |
|---|
| | | |
|---|
| | | import com.ruoyi.framework.security.filter.JwtAuthenticationTokenFilter; |
|---|
| | | import com.ruoyi.framework.security.handle.AuthenticationEntryPointImpl; |
|---|
| | | import com.ruoyi.framework.security.handle.LogoutSuccessHandlerImpl; |
|---|
| | | import de.codecentric.boot.admin.server.config.AdminServerProperties; |
|---|
| | | import org.springframework.beans.factory.annotation.Autowired; |
|---|
| | | import org.springframework.context.annotation.Bean; |
|---|
| | | import org.springframework.http.HttpMethod; |
|---|
| | |
|---|
| | | import org.springframework.security.core.userdetails.UserDetailsService; |
|---|
| | | import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; |
|---|
| | | import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; |
|---|
| | | import com.ruoyi.framework.security.filter.JwtAuthenticationTokenFilter; |
|---|
| | | import com.ruoyi.framework.security.handle.AuthenticationEntryPointImpl; |
|---|
| | | import com.ruoyi.framework.security.handle.LogoutSuccessHandlerImpl; |
|---|
| | | import org.springframework.security.web.authentication.logout.LogoutFilter; |
|---|
| | | import org.springframework.web.filter.CorsFilter; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * spring security配置 |
|---|
| | |
|---|
| | | */ |
|---|
| | | @Autowired |
|---|
| | | private JwtAuthenticationTokenFilter authenticationTokenFilter; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 跨域过滤器 |
|---|
| | | */ |
|---|
| | | @Autowired |
|---|
| | | private CorsFilter corsFilter; |
|---|
| | | |
|---|
| | | @Autowired |
|---|
| | | private AdminServerProperties adminServerProperties; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 解决 无法直接注入 AuthenticationManager |
|---|
| | |
|---|
| | | protected void configure(HttpSecurity httpSecurity) throws Exception |
|---|
| | | { |
|---|
| | | httpSecurity |
|---|
| | | // CRSF禁用,因为不使用session |
|---|
| | | // CSRF禁用,因为不使用session |
|---|
| | | .csrf().disable() |
|---|
| | | // 认证失败处理类 |
|---|
| | | .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and() |
|---|
| | |
|---|
| | | .antMatchers("/webjars/**").anonymous() |
|---|
| | | .antMatchers("/*/api-docs").anonymous() |
|---|
| | | .antMatchers("/druid/**").anonymous() |
|---|
| | | // Spring Boot Admin Server 的安全配置 |
|---|
| | | .antMatchers(adminServerProperties.getContextPath()).anonymous() |
|---|
| | | .antMatchers(adminServerProperties.getContextPath() + "/**").anonymous() |
|---|
| | | // Spring Boot Actuator 的安全配置 |
|---|
| | | .antMatchers("/actuator").anonymous() |
|---|
| | | .antMatchers("/actuator/**").anonymous() |
|---|
| | | // 除上面外的所有请求全部需要鉴权认证 |
|---|
| | | .anyRequest().authenticated() |
|---|
| | | .and() |
|---|
| | |
|---|
| | | httpSecurity.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler); |
|---|
| | | // 添加JWT filter |
|---|
| | | httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class); |
|---|
| | | // 添加CORS filter |
|---|
| | | httpSecurity.addFilterBefore(corsFilter, JwtAuthenticationTokenFilter.class); |
|---|
| | | httpSecurity.addFilterBefore(corsFilter, LogoutFilter.class); |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
