lijianfu
/
chws
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
中央热水项目
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
85 Commits
5 Branches
0 Tags
3.7 MiB
 
Tree: c04d960ad3
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c04d960ad3'
${ noResults }
chws/user-service/src/main/java/com/mh/user/config/WebSecurityConfig.java

81 lines
3.7 KiB
Raw Blame History

package com.mh.user.config;
import com.mh.user.security.JwtAuthenticationFilter;
import com.mh.user.security.JwtAuthenticationProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler;
import org.springframework.web.cors.CorsUtils;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
/**
* Spring Security配置
* @author Louis
* @date Jan 14, 2019
*/
@Configuration
@EnableWebSecurity // 开启Spring Security
//@EnableGlobalMethodSecurity(prePostEnabled = true) // 开启权限注解,如:@PreAuthorize注解
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Qualifier("userDetailsServiceImpl")
@Autowired
private UserDetailsService userDetailsService;
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
// 使用自定义身份验证组件
auth.authenticationProvider(new JwtAuthenticationProvider(userDetailsService));
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// 禁用 csrf, 由于使用的是JWT,我们这里不需要csrf
// http.cors().and().csrf().disable()
// .authorizeRequests()
// // 跨域预检请求
// .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
// // web jars
// .antMatchers("/webjars/**").permitAll()
// // 查看SQL监控(druid)
// .antMatchers("/druid/**").permitAll()
// // 首页和登录页面
// .antMatchers("/").permitAll()
// .antMatchers("/login").permitAll()
// // swagger
// .antMatchers("/swagger-ui.html").permitAll()
// .antMatchers("/swagger-resources/**").permitAll()
// .antMatchers("/v2/api-docs").permitAll()
// .antMatchers("/webjars/springfox-swagger-ui/**").permitAll()
// // 验证码
// .antMatchers("/captcha.jpg**").permitAll()
// // 服务监控
// .antMatchers("/actuator/**").permitAll()
// // 其他所有请求需要身份认证
// .anyRequest().authenticated();
// // 退出登录处理器
// http.logout().logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler());
// // token验证过滤器
// http.addFilterBefore(new JwtAuthenticationFilter(authenticationManager()), UsernamePasswordAuthenticationFilter.class);
// 禁用token验证
http.csrf().disable().authorizeRequests().anyRequest().permitAll().and().logout().permitAll();
}
@Bean
@Override
public AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManager();
}
}