From 4069aa1d01bb4ce98ea154940a46d5c014252897 Mon Sep 17 00:00:00 2001
From: zrj <646384940@qq.com>
Date: Tue, 11 Jun 2024 11:21:41 +0800
Subject: [PATCH] 鉴权调整
---
blade-auth/src/main/java/org/springblade/auth/config/SecurityConfiguration.java | 52 ++++++++++++++++++++++++++++++++--------------------
1 files changed, 32 insertions(+), 20 deletions(-)
diff --git a/blade-auth/src/main/java/org/springblade/auth/config/SecurityConfiguration.java b/blade-auth/src/main/java/org/springblade/auth/config/SecurityConfiguration.java
index ec68cc2..e4a5fe3 100644
--- a/blade-auth/src/main/java/org/springblade/auth/config/SecurityConfiguration.java
+++ b/blade-auth/src/main/java/org/springblade/auth/config/SecurityConfiguration.java
@@ -1,24 +1,11 @@
-/*
- * Copyright (c) 2018-2028, Chill Zhuang All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * Neither the name of the dreamlu.net developer nor the names of its
- * contributors may be used to endorse or promote products derived from
- * this software without specific prior written permission.
- * Author: Chill 庄骞 (smallchill@163.com)
- */
package org.springblade.auth.config;
import lombok.AllArgsConstructor;
import lombok.SneakyThrows;
+import org.springblade.auth.constant.Oauth2Constants;
+import org.springblade.auth.handle.TokenFilterHandle;
import org.springblade.auth.support.BladePasswordEncoderFactories;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
@@ -27,6 +14,8 @@
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import javax.annotation.Resource;
/**
* Security配置
@@ -37,6 +26,13 @@
@AllArgsConstructor
@Order(1)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
+
+ @Resource
+ private Oauth2Constants oauth2Constants;
+
+ @Autowired
+ private TokenFilterHandle tokenFilterHandle;
+
@Bean
@Override
@@ -53,14 +49,30 @@
@Override
@SneakyThrows
protected void configure(HttpSecurity http) {
-// http.headers().frameOptions().disable();
-// http.httpBasic().and().csrf().disable();
- http.formLogin().loginPage("/oauth/login").loginProcessingUrl("/oauth/form");
+ http.headers().frameOptions().disable();
+ http.csrf().disable();
+ http.formLogin()
+ //自定义认证成功跳转
+ .successHandler(new CustomAuthenticationSuccessHandler(oauth2Constants.getAuthorizeUrl()))
+ // 自定义登录页面
+ .loginPage(oauth2Constants.getLoginPage())
+ // 自定义登录接口url
+ .loginProcessingUrl(oauth2Constants.getLoginProcessingUrl())
+ // 自定义登录失败处理
+ .failureHandler(new CustomAuthenticationFailureHandler())
+ ;
+ // 认证失败自定义登录页跳转
+ http.exceptionHandling()
+ .authenticationEntryPoint(new CustomAuthenticationEntryPoint(oauth2Constants.getLoginPage()));
+
+ //token 校验在前
+ http.addFilterBefore(tokenFilterHandle, UsernamePasswordAuthenticationFilter.class);
+
}
@Override
public void configure(WebSecurity web) {
- web.ignoring().antMatchers("/js/*.js", "/css/*.css");
+ web.ignoring().antMatchers("/templates/**","/js/*.js", "/css/*.css");
}
}
--
Gitblit v1.9.3