package org.springblade.auth.config;
|
|
import lombok.AllArgsConstructor;
|
import lombok.SneakyThrows;
|
import org.springblade.auth.constant.Oauth2Constants;
|
import org.springblade.auth.handle.TokenFilterHandle;
|
import org.springblade.auth.support.BladePasswordEncoderFactories;
|
import org.springblade.core.secure.registry.SecureRegistry;
|
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Configuration;
|
import org.springframework.core.annotation.Order;
|
import org.springframework.security.authentication.AuthenticationManager;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.WebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
|
import javax.annotation.Resource;
|
|
/**
|
* Security配置
|
*
|
* @author Chill
|
*/
|
@Configuration(proxyBeanMethods = false)
|
@AllArgsConstructor
|
@Order(1)
|
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
|
|
@Resource
|
private Oauth2Constants oauth2Constants;
|
|
@Autowired
|
private TokenFilterHandle tokenFilterHandle;
|
|
/**
|
* 安全框架配置
|
*/
|
@Bean
|
public SecureRegistry secureRegistry() {
|
SecureRegistry secureRegistry = new SecureRegistry();
|
// secureRegistry.setEnabled(false);
|
secureRegistry.setEnabled(true);
|
secureRegistry.excludePathPatterns("/oauth/login");
|
secureRegistry.excludePathPatterns("/oauth/authorize");
|
secureRegistry.excludePathPatterns("/oauth/form");
|
secureRegistry.excludePathPatterns("/blade-system/menu/routes");
|
secureRegistry.excludePathPatterns("/blade-system/menu/auth-routes");
|
secureRegistry.excludePathPatterns("/blade-system/menu/top-menu");
|
secureRegistry.excludePathPatterns("/blade-system/tenant/info");
|
secureRegistry.excludePathPatterns("/blade-flow/process/resource-view");
|
secureRegistry.excludePathPatterns("/blade-flow/process/diagram-view");
|
secureRegistry.excludePathPatterns("/blade-flow/manager/check-upload");
|
secureRegistry.excludePathPatterns("/doc.html");
|
secureRegistry.excludePathPatterns("/js/**");
|
secureRegistry.excludePathPatterns("/webjars/**");
|
secureRegistry.excludePathPatterns("/swagger-resources/**");
|
secureRegistry.excludePathPatterns("/druid/**");
|
return secureRegistry;
|
}
|
|
@Bean
|
@Override
|
@SneakyThrows
|
public AuthenticationManager authenticationManagerBean() {
|
return super.authenticationManagerBean();
|
}
|
|
@Bean
|
public PasswordEncoder passwordEncoder() {
|
return BladePasswordEncoderFactories.createDelegatingPasswordEncoder();
|
}
|
|
@Override
|
@SneakyThrows
|
protected void configure(HttpSecurity http) {
|
http.headers().frameOptions().disable();
|
http.csrf().disable();
|
http.formLogin()
|
//自定义认证成功跳转
|
.successHandler(new CustomAuthenticationSuccessHandler(oauth2Constants.getAuthorizeUrl()))
|
// 自定义登录页面
|
.loginPage(oauth2Constants.getLoginPage())
|
// 自定义登录接口url
|
.loginProcessingUrl(oauth2Constants.getLoginProcessingUrl())
|
// 自定义登录失败处理
|
.failureHandler(new CustomAuthenticationFailureHandler())
|
;
|
// 认证失败自定义登录页跳转
|
http.exceptionHandling()
|
.authenticationEntryPoint(new CustomAuthenticationEntryPoint(oauth2Constants.getLoginPage()));
|
|
//token 校验在前
|
http.addFilterBefore(tokenFilterHandle, UsernamePasswordAuthenticationFilter.class);
|
|
}
|
|
@Override
|
public void configure(WebSecurity web) {
|
web.ignoring().antMatchers("/templates/**","/js/*.js", "/css/*.css");
|
}
|
|
}
|
