From 62fdbdb8371cb2572d6fb0ca02cd11bdf8ac8098 Mon Sep 17 00:00:00 2001
From: zrj <646384940@qq.com>
Date: Fri, 07 Jun 2024 18:08:49 +0800
Subject: [PATCH] 无权限异常处理

---
 blade-auth/src/main/java/org/springblade/auth/config/SecurityConfiguration.java |   79 ++++++++++++++++++++++++++++++---------
 1 files changed, 60 insertions(+), 19 deletions(-)

diff --git a/blade-auth/src/main/java/org/springblade/auth/config/SecurityConfiguration.java b/blade-auth/src/main/java/org/springblade/auth/config/SecurityConfiguration.java
index 44440ef..b071ddd 100644
--- a/blade-auth/src/main/java/org/springblade/auth/config/SecurityConfiguration.java
+++ b/blade-auth/src/main/java/org/springblade/auth/config/SecurityConfiguration.java
@@ -1,31 +1,23 @@
-/*
- *      Copyright (c) 2018-2028, Chill Zhuang All rights reserved.
- *
- *  Redistribution and use in source and binary forms, with or without
- *  modification, are permitted provided that the following conditions are met:
- *
- *  Redistributions of source code must retain the above copyright notice,
- *  this list of conditions and the following disclaimer.
- *  Redistributions in binary form must reproduce the above copyright
- *  notice, this list of conditions and the following disclaimer in the
- *  documentation and/or other materials provided with the distribution.
- *  Neither the name of the dreamlu.net developer nor the names of its
- *  contributors may be used to endorse or promote products derived from
- *  this software without specific prior written permission.
- *  Author: Chill 庄骞 (smallchill@163.com)
- */
 package org.springblade.auth.config;
 
 import lombok.AllArgsConstructor;
 import lombok.SneakyThrows;
+import org.springblade.auth.constant.Oauth2Constants;
+import org.springblade.auth.handle.TokenFilterHandle;
 import org.springblade.auth.support.BladePasswordEncoderFactories;
+import org.springblade.core.secure.registry.SecureRegistry;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+import javax.annotation.Resource;
 
 /**
  * Security配置
@@ -34,7 +26,40 @@
  */
 @Configuration(proxyBeanMethods = false)
 @AllArgsConstructor
+@Order(1)
 public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
+
+	@Resource
+	private Oauth2Constants oauth2Constants;
+
+	@Autowired
+	private TokenFilterHandle tokenFilterHandle;
+
+	/**
+	 * 安全框架配置
+	 */
+	@Bean
+	public SecureRegistry secureRegistry() {
+		SecureRegistry secureRegistry = new SecureRegistry();
+		secureRegistry.setEnabled(true);
+		secureRegistry.excludePathPatterns("/oauth/login");
+		secureRegistry.excludePathPatterns("/oauth/authorize");
+		secureRegistry.excludePathPatterns("/oauth/form");
+		secureRegistry.excludePathPatterns("/oauth/token");
+		secureRegistry.excludePathPatterns("/blade-system/menu/routes");
+		secureRegistry.excludePathPatterns("/blade-system/menu/auth-routes");
+		secureRegistry.excludePathPatterns("/blade-system/menu/top-menu");
+		secureRegistry.excludePathPatterns("/blade-system/tenant/info");
+		secureRegistry.excludePathPatterns("/blade-flow/process/resource-view");
+		secureRegistry.excludePathPatterns("/blade-flow/process/diagram-view");
+		secureRegistry.excludePathPatterns("/blade-flow/manager/check-upload");
+		secureRegistry.excludePathPatterns("/doc.html");
+		secureRegistry.excludePathPatterns("/js/**");
+		secureRegistry.excludePathPatterns("/webjars/**");
+		secureRegistry.excludePathPatterns("/swagger-resources/**");
+		secureRegistry.excludePathPatterns("/druid/**");
+		return secureRegistry;
+	}
 
 	@Bean
 	@Override
@@ -52,13 +77,29 @@
 	@SneakyThrows
 	protected void configure(HttpSecurity http) {
 		http.headers().frameOptions().disable();
-		http.httpBasic().and().csrf().disable();
-		http.formLogin().loginPage("/oauth/login").loginProcessingUrl("/oauth/form");
+		http.csrf().disable();
+		http.formLogin()
+			//自定义认证成功跳转
+			.successHandler(new CustomAuthenticationSuccessHandler(oauth2Constants.getAuthorizeUrl()))
+			// 自定义登录页面
+			.loginPage(oauth2Constants.getLoginPage())
+			// 自定义登录接口url
+			.loginProcessingUrl(oauth2Constants.getLoginProcessingUrl())
+			// 自定义登录失败处理
+			.failureHandler(new CustomAuthenticationFailureHandler())
+		;
+		// 认证失败自定义登录页跳转
+		http.exceptionHandling()
+			.authenticationEntryPoint(new CustomAuthenticationEntryPoint(oauth2Constants.getLoginPage()));
+
+		//token 校验在前
+		http.addFilterBefore(tokenFilterHandle, UsernamePasswordAuthenticationFilter.class);
+
 	}
 
 	@Override
 	public void configure(WebSecurity web) {
-		web.ignoring().antMatchers("/js/*.js", "/css/*.css");
+		web.ignoring().antMatchers("/templates/**","/js/*.js", "/css/*.css");
 	}
 
 }

--
Gitblit v1.9.3