@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
private final JsonToUrlEncodedAuthenticationFilter jsonFilter;
private final LogFilter logFilter;
private final HLandraySsoFilter hLandraySsoFilter;
@Autowired
public ResourceServerConfig(JsonToUrlEncodedAuthenticationFilter jsonFilter, LogFilter logFilter, HLandraySsoFilter hLandraySsoFilter) {
this.jsonFilter = jsonFilter;
this.logFilter = logFilter;
this.hLandraySsoFilter = hLandraySsoFilter;
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.requestMatchers().antMatchers("/api/**", "/token/**", "/sso/**",
"/hSsoCallback**", "/hOldSsoCallback**", "/hOldSsoRedirect**")
.and() //允许上面这些接口访问
.authorizeRequests().antMatchers("/api/aes/**").permitAll().and() //"/api/aes/**"的接口请求不需要auth校验
.authorizeRequests()
.antMatchers("/api/**").authenticated(); //"/api/**"需要auth校验
//-2147483648
http.addFilterBefore(logFilter, ChannelProcessingFilter.class);
//未配置@Order ,默认为ChannelProcessingFilter.class的Order减1
http.addFilterBefore(new ClientInfoFilter(), ChannelProcessingFilter.class);
//0x80000000(16进制)=2147483648(十进制)
http.addFilterBefore(jsonFilter, ChannelProcessingFilter.class);
http.addFilterBefore(new SimpleCorsFilter(), ChannelProcessingFilter.class);
http.addFilterBefore(hLandraySsoFilter, ChannelProcessingFilter.class); } }