94 lines
3.4 KiB
Java
94 lines
3.4 KiB
Java
package com.youlai.system.config;
|
|
|
|
import com.youlai.system.framework.security.filter.JwtAuthenticationFilter;
|
|
import com.youlai.system.framework.security.exception.MyAccessDeniedHandler;
|
|
import com.youlai.system.framework.security.exception.MyAuthenticationEntryPoint;
|
|
import com.youlai.system.framework.security.JwtTokenManager;
|
|
import lombok.RequiredArgsConstructor;
|
|
import org.springframework.context.annotation.Bean;
|
|
import org.springframework.context.annotation.Configuration;
|
|
import org.springframework.security.authentication.AuthenticationManager;
|
|
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
|
|
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
|
|
import org.springframework.security.config.http.SessionCreationPolicy;
|
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
|
import org.springframework.security.web.SecurityFilterChain;
|
|
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
|
|
|
/**
|
|
* Spring Security 权限配置
|
|
*
|
|
* @author haoxr
|
|
* @date 2023/2/17
|
|
*/
|
|
@Configuration
|
|
@EnableWebSecurity
|
|
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
|
@RequiredArgsConstructor
|
|
public class SecurityConfig {
|
|
|
|
private final MyAuthenticationEntryPoint myAuthenticationEntryPoint;
|
|
private final MyAccessDeniedHandler myAccessDeniedHandler;
|
|
private final JwtTokenManager jwtTokenManager;
|
|
|
|
@Bean
|
|
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
|
http
|
|
.csrf().disable()
|
|
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
|
|
.and()
|
|
.authorizeHttpRequests()
|
|
.anyRequest().authenticated()
|
|
.and()
|
|
.exceptionHandling()
|
|
.authenticationEntryPoint(myAuthenticationEntryPoint)
|
|
.accessDeniedHandler(myAccessDeniedHandler)
|
|
;
|
|
|
|
// disable cache
|
|
http.headers().cacheControl();
|
|
|
|
http.addFilterBefore(new JwtAuthenticationFilter(jwtTokenManager), UsernamePasswordAuthenticationFilter.class);
|
|
|
|
return http.build();
|
|
}
|
|
|
|
@Bean
|
|
public WebSecurityCustomizer webSecurityCustomizer() {
|
|
return (web) -> web.ignoring()
|
|
.requestMatchers(
|
|
"/api/v1/auth/login",
|
|
"/webjars/**",
|
|
"/doc.html",
|
|
"/swagger-resources/**",
|
|
"/v3/api-docs/**",
|
|
"/swagger-ui/**"
|
|
);
|
|
}
|
|
|
|
/**
|
|
* 密码编码器
|
|
*/
|
|
@Bean
|
|
public PasswordEncoder passwordEncoder() {
|
|
return new BCryptPasswordEncoder();
|
|
}
|
|
|
|
/**
|
|
* 无法直接注入 AuthenticationManager
|
|
*
|
|
* @param authenticationConfiguration
|
|
* @return
|
|
* @throws Exception
|
|
*/
|
|
@Bean
|
|
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
|
|
return authenticationConfiguration.getAuthenticationManager();
|
|
}
|
|
|
|
}
|