From 62fdbdb8371cb2572d6fb0ca02cd11bdf8ac8098 Mon Sep 17 00:00:00 2001
From: zrj <646384940@qq.com>
Date: Fri, 07 Jun 2024 18:08:49 +0800
Subject: [PATCH] 无权限异常处理
---
blade-auth/src/main/java/org/springblade/auth/config/SecurityConfiguration.java | 79 ++++++++++++++++++++++++++++++---------
1 files changed, 60 insertions(+), 19 deletions(-)
diff --git a/blade-auth/src/main/java/org/springblade/auth/config/SecurityConfiguration.java b/blade-auth/src/main/java/org/springblade/auth/config/SecurityConfiguration.java
index 44440ef..b071ddd 100644
--- a/blade-auth/src/main/java/org/springblade/auth/config/SecurityConfiguration.java
+++ b/blade-auth/src/main/java/org/springblade/auth/config/SecurityConfiguration.java
@@ -1,31 +1,23 @@
-/*
- * Copyright (c) 2018-2028, Chill Zhuang All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * Neither the name of the dreamlu.net developer nor the names of its
- * contributors may be used to endorse or promote products derived from
- * this software without specific prior written permission.
- * Author: Chill 庄骞 (smallchill@163.com)
- */
package org.springblade.auth.config;
import lombok.AllArgsConstructor;
import lombok.SneakyThrows;
+import org.springblade.auth.constant.Oauth2Constants;
+import org.springblade.auth.handle.TokenFilterHandle;
import org.springblade.auth.support.BladePasswordEncoderFactories;
+import org.springblade.core.secure.registry.SecureRegistry;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+import javax.annotation.Resource;
/**
* Security配置
@@ -34,7 +26,40 @@
*/
@Configuration(proxyBeanMethods = false)
@AllArgsConstructor
+@Order(1)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
+
+ @Resource
+ private Oauth2Constants oauth2Constants;
+
+ @Autowired
+ private TokenFilterHandle tokenFilterHandle;
+
+ /**
+ * 安全框架配置
+ */
+ @Bean
+ public SecureRegistry secureRegistry() {
+ SecureRegistry secureRegistry = new SecureRegistry();
+ secureRegistry.setEnabled(true);
+ secureRegistry.excludePathPatterns("/oauth/login");
+ secureRegistry.excludePathPatterns("/oauth/authorize");
+ secureRegistry.excludePathPatterns("/oauth/form");
+ secureRegistry.excludePathPatterns("/oauth/token");
+ secureRegistry.excludePathPatterns("/blade-system/menu/routes");
+ secureRegistry.excludePathPatterns("/blade-system/menu/auth-routes");
+ secureRegistry.excludePathPatterns("/blade-system/menu/top-menu");
+ secureRegistry.excludePathPatterns("/blade-system/tenant/info");
+ secureRegistry.excludePathPatterns("/blade-flow/process/resource-view");
+ secureRegistry.excludePathPatterns("/blade-flow/process/diagram-view");
+ secureRegistry.excludePathPatterns("/blade-flow/manager/check-upload");
+ secureRegistry.excludePathPatterns("/doc.html");
+ secureRegistry.excludePathPatterns("/js/**");
+ secureRegistry.excludePathPatterns("/webjars/**");
+ secureRegistry.excludePathPatterns("/swagger-resources/**");
+ secureRegistry.excludePathPatterns("/druid/**");
+ return secureRegistry;
+ }
@Bean
@Override
@@ -52,13 +77,29 @@
@SneakyThrows
protected void configure(HttpSecurity http) {
http.headers().frameOptions().disable();
- http.httpBasic().and().csrf().disable();
- http.formLogin().loginPage("/oauth/login").loginProcessingUrl("/oauth/form");
+ http.csrf().disable();
+ http.formLogin()
+ //自定义认证成功跳转
+ .successHandler(new CustomAuthenticationSuccessHandler(oauth2Constants.getAuthorizeUrl()))
+ // 自定义登录页面
+ .loginPage(oauth2Constants.getLoginPage())
+ // 自定义登录接口url
+ .loginProcessingUrl(oauth2Constants.getLoginProcessingUrl())
+ // 自定义登录失败处理
+ .failureHandler(new CustomAuthenticationFailureHandler())
+ ;
+ // 认证失败自定义登录页跳转
+ http.exceptionHandling()
+ .authenticationEntryPoint(new CustomAuthenticationEntryPoint(oauth2Constants.getLoginPage()));
+
+ //token 校验在前
+ http.addFilterBefore(tokenFilterHandle, UsernamePasswordAuthenticationFilter.class);
+
}
@Override
public void configure(WebSecurity web) {
- web.ignoring().antMatchers("/js/*.js", "/css/*.css");
+ web.ignoring().antMatchers("/templates/**","/js/*.js", "/css/*.css");
}
}
--
Gitblit v1.9.3