security配置
import com.yineng.corpsysland.security.*; import com.yineng.corpsysland.web.filter.AuthorizationActiveFilter; import com.yineng.corpsysland.web.filter.AuthorizationExpiredFilter; import com.yineng.corpsysland.web.filter.CsrfCookieGeneratorFilter; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.env.Environment; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.data.repository.query.SecurityEvaluationContextExtension; import org.springframework.security.web.authentication.AuthenticationFailureHandler; import org.springframework.security.web.authentication.RememberMeServices; import org.springframework.security.web.csrf.CsrfFilter; import javax.inject.Inject; import javax.servlet.Filter; @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true) public class SecurityConfiguration extends WebSecurityConfigurerAdapter { @Inject private Environment env; @Inject private AjaxAuthenticationSuccessHandler ajaxAuthenticationSuccessHandler; @Inject private AjaxLogoutSuccessHandler ajaxLogoutSuccessHandler; @Inject private AuthenticationProvider authenticationProvider; @Inject private RememberMeServices rememberMeServices; @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } @Inject public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth.authenticationProvider(authenticationProvider); } @Override public void configure(WebSecurity web) throws Exception { web.ignoring() .antMatchers("/oauth/**"); } @Override protected void configure(HttpSecurity http) throws Exception { http .csrf() .ignoringAntMatchers("/websocket/**") .ignoringAntMatchers("/api/authentication/**") .ignoringAntMatchers("/api/logout/**") .and() .addFilterAfter(new CsrfCookieGeneratorFilter(), CsrfFilter.class) .addFilterBefore(authorizationActiveFilter(), AuthenticationFilter.class) .addFilterAfter(authorizationExpiredFilter(), AuthenticationFilter.class) .rememberMe() .rememberMeServices(rememberMeServices) .rememberMeParameter("remember-me") .key(env.getProperty("jhipster.security.rememberme.key")) .and() .formLogin().loginPage("/login.html") .loginProcessingUrl("/api/authentication") .successHandler(ajaxAuthenticationSuccessHandler) .failureHandler(authenticationFailureHandler()) .usernameParameter("j_username") .passwordParameter("j_password") .permitAll() .and() .logout() .logoutUrl("/api/logout") .logoutSuccessHandler(ajaxLogoutSuccessHandler) .deleteCookies("JSESSIONID") .permitAll() .and() .headers() .frameOptions() .disable() .and() .authorizeRequests().anyRequest().authenticated() .antMatchers("/activeSystem").permitAll() .antMatchers("/api/register").permitAll() .antMatchers("/api/activate").permitAll() .antMatchers("/api/authenticate").permitAll() .antMatchers("/api/account/reset_password/init").permitAll() .antMatchers("/api/account/reset_password/finish").permitAll() .antMatchers("/api/logs/**").hasAuthority(AuthoritiesConstants.ADMIN) .antMatchers("/api/**").authenticated() .antMatchers("/metrics/**").hasAuthority(AuthoritiesConstants.ADMIN) .antMatchers("/health/**").hasAuthority(AuthoritiesConstants.ADMIN) .antMatchers("/trace/**").hasAuthority(AuthoritiesConstants.ADMIN) .antMatchers("/dump/**").hasAuthority(AuthoritiesConstants.ADMIN) .antMatchers("/shutdown/**").hasAuthority(AuthoritiesConstants.ADMIN) .antMatchers("/beans/**").hasAuthority(AuthoritiesConstants.ADMIN) .antMatchers("/configprops/**").hasAuthority(AuthoritiesConstants.ADMIN) .antMatchers("/info/**").hasAuthority(AuthoritiesConstants.ADMIN) .antMatchers("/autoconfig/**").hasAuthority(AuthoritiesConstants.ADMIN) .antMatchers("/env/**").hasAuthority(AuthoritiesConstants.ADMIN) .antMatchers("/trace/**").hasAuthority(AuthoritiesConstants.ADMIN) .antMatchers("/api-docs/**").hasAuthority(AuthoritiesConstants.ADMIN) .antMatchers("/protected/**").authenticated(); } @Bean public SecurityEvaluationContextExtension securityEvaluationContextExtension() { return new SecurityEvaluationContextExtension(); } @Bean public AuthenticationFailureHandler authenticationFailureHandler() { return new AjaxAuthenticationFailureHandler("/activeSystem"); } @Bean public Filter authorizationActiveFilter() { return new AuthorizationActiveFilter(authenticationFailureHandler()); } @Bean public Filter authorizationExpiredFilter() { return new AuthorizationExpiredFilter(authenticationFailureHandler()); } }
配置拦截器
import com.yineng.corpsysland.config.locale.AngularCookieLocaleResolver; import com.yineng.corpsysland.security.TokenAuthHandler; import org.springframework.boot.bind.RelaxedPropertyResolver; import org.springframework.context.EnvironmentAware; import org.springframework.context.MessageSource; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.support.ReloadableResourceBundleMessageSource; import org.springframework.core.env.Environment; import org.springframework.web.servlet.LocaleResolver; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; import org.springframework.web.servlet.i18n.LocaleChangeInterceptor; @Configuration public class MyConfiguration extends WebMvcConfigurerAdapter{ @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(new TokenAuthHandler()).addPathPatterns("/third/**"); } }
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {