package me.zhengjie.core.config; import me.zhengjie.core.security.JwtAuthenticationEntryPoint; import me.zhengjie.core.security.JwtAuthorizationTokenFilter; import me.zhengjie.core.service.JwtUserDetailsService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpMethod; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private JwtAuthenticationEntryPoint unauthorizedHandler; @Autowired private JwtUserDetailsService jwtUserDetailsService; /** * 自定义基于JWT的安全过滤器 */ @Autowired JwtAuthorizationTokenFilter authenticationTokenFilter; @Value("${jwt.header}") private String tokenHeader; @Value("${jwt.auth.path}") private String authenticationPath; @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth .userDetailsService(jwtUserDetailsService) .passwordEncoder(passwordEncoderBean()); } @Bean public PasswordEncoder passwordEncoderBean() { return new BCryptPasswordEncoder(); } @Bean @Override public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } @Override protected void configure(HttpSecurity httpSecurity) throws Exception { httpSecurity // 禁用 CSRF .csrf().disable() // 授权异常 .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and() // 不创建会话 .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() .authorizeRequests() .antMatchers("/auth/**").permitAll() .antMatchers("/websocket/**").permitAll() .antMatchers("/druid/**").anonymous() // 支付宝回调 .antMatchers("/api/aliPay/return").anonymous() .antMatchers("/api/aliPay/notify").anonymous() // swagger start .antMatchers("/swagger-ui.html").anonymous() .antMatchers("/swagger-resources/**").anonymous() .antMatchers("/webjars/**").anonymous() .antMatchers("/*/api-docs").anonymous() // swagger end .antMatchers("/test/**").anonymous() .antMatchers(HttpMethod.OPTIONS, "/**").anonymous() // 所有请求都需要认证 .anyRequest().authenticated(); httpSecurity .addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class); } @Override public void configure(WebSecurity web) throws Exception { // AuthenticationTokenFilter will ignore the below paths web.ignoring() .antMatchers( HttpMethod.POST, authenticationPath ) // allow anonymous resource requests .and() .ignoring() .antMatchers( HttpMethod.GET, "/*.html", "/**/*.html", "/**/*.css", "/**/*.js" ); } }