package me.zhengjie.core.config;

import me.zhengjie.core.security.JwtAuthenticationEntryPoint;
import me.zhengjie.core.security.JwtAuthorizationTokenFilter;
import me.zhengjie.core.service.JwtUserDetailsService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; @Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired
private JwtAuthenticationEntryPoint unauthorizedHandler; @Autowired
private JwtUserDetailsService jwtUserDetailsService; /**
* 自定义基于JWT的安全过滤器
*/
@Autowired
JwtAuthorizationTokenFilter authenticationTokenFilter; @Value("${jwt.header}")
private String tokenHeader; @Value("${jwt.auth.path}")
private String authenticationPath; @Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(jwtUserDetailsService)
.passwordEncoder(passwordEncoderBean());
} @Bean
public PasswordEncoder passwordEncoderBean() {
return new BCryptPasswordEncoder();
} @Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
} @Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity // 禁用 CSRF
.csrf().disable() // 授权异常
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and() // 不创建会话
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests() .antMatchers("/auth/**").permitAll()
.antMatchers("/websocket/**").permitAll()
.antMatchers("/druid/**").anonymous() // 支付宝回调
.antMatchers("/api/aliPay/return").anonymous()
.antMatchers("/api/aliPay/notify").anonymous() // swagger start
.antMatchers("/swagger-ui.html").anonymous()
.antMatchers("/swagger-resources/**").anonymous()
.antMatchers("/webjars/**").anonymous()
.antMatchers("/*/api-docs").anonymous()
// swagger end .antMatchers("/test/**").anonymous()
.antMatchers(HttpMethod.OPTIONS, "/**").anonymous()
// 所有请求都需要认证
.anyRequest().authenticated(); httpSecurity
.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
} @Override
public void configure(WebSecurity web) throws Exception {
// AuthenticationTokenFilter will ignore the below paths
web.ignoring()
.antMatchers(
HttpMethod.POST,
authenticationPath
) // allow anonymous resource requests
.and()
.ignoring()
.antMatchers(
HttpMethod.GET,
"/*.html",
"/**/*.html",
"/**/*.css",
"/**/*.js"
);
}
}

WebSecurityConfig的更多相关文章

  1. spring session 和 spring security整合

    背景: 我要做的系统前面放置zuul. 使用自己公司提供的单点登录服务.后面的业务应用也是spring boot支撑的rest服务. 目标: 使用spring security管理权限包括权限.用户请 ...

  2. Java 生成验证码图片

    生成验证码图片并对提交的输入进行验证 // HttpServletResponse常见应用——生成验证码 // 利用BufferedImage类生产随机图片 public static final i ...

  3. spring security method security

    参考 Spring Security 官方文档 http://www.concretepage.com/spring/spring-security/preauthorize-postauthoriz ...

  4. spring注解配置启动过程

    最近看起spring源码,突然想知道没有web.xml的配置,spring是怎么通过一个继承于AbstractAnnotationConfigDispatcherServletInitializer的 ...

  5. Spring Boot 5 SpringSecurity身份验证

    对于没有访问权限的用户需要转到登录表单页面.要实现访问控制的方法多种多样,可以通过Aop.拦截器实现,也可以通过框架实现(如:Apache Shiro.Spring Security). pom.xm ...

  6. spring security之httpSecurity使用示例

    如果在HttpSecurity中配置需要authenticate(),则如果没有登陆,或没有相关权限,则会无法访问 2017-01-02 23:39:32.027 DEBUG 10396 --- [n ...

  7. Spring Security HTTP Basic for RESTFul and FormLogin (Cookies) for web - Annotations

    @Configuration @EnableWebMvcSecurity @EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabl ...

  8. How to use JDBC-Authentication of Spring Boot/Spring Security with Flyway

    java.lang.IllegalStateException: Failed to load ApplicationContext at org.springframework.test.conte ...

  9. Cross Site Request Forgery (CSRF)--spring security -转

    http://docs.spring.io/spring-security/site/docs/3.2.0.CI-SNAPSHOT/reference/html/csrf.html 13. Cross ...

随机推荐

  1. CSS padidng-top\margin-top\fixed 的特殊性

    参考: 使用css时,可能会出错的两个地方 1.padidng-top\margin-top padidng-top\margin-top可以设置'px' 或者是'%',设置'px'略过,说一下设置‘ ...

  2. POJ-2492 A Bug's Life(种类并查集)

    http://poj.org/problem?id=2492 题意: 给出一个T代表几组数据,给出一个n一个m,代表人的编号由1~n,m条命令,每条命令由两个数值组成,代表这两个人性别不同,问所有命令 ...

  3. rsync搭建

    服务器: 查看是否安装:rpm -qa rsync 未安装则:yum install -y rsync 添加rsync用户 useradd -s /sbin/nologin -M rsync 编辑/e ...

  4. Java学习十七

    学习内容: 1.Java字符串类 1.在utf-8编码下,每个汉字占三个字节 2.字符串和byte数组之间的相互转换 将字符串转换为byte数组 byte[] arrs = str.getBytes( ...

  5. [ZJCTF 2019]NiZhuanSiWei

    0x00知识点 1:data伪协议写入文件 2:php:// php://filter用于读取源码 php://input用于执行php代码 3反序列化 0x01解题 打开题目,给了我们源码 < ...

  6. ZJNU 2345 - 小Y的方格纸

    明显,总共有n*m格,已经涂了k格 所以剩下n*m-k格 如果n*m-k<=k,即k已经占用了大于等于一半的格子,显然答案为0 否则 剩下的格子中取k+1,k+2...n*m-k格均可 取组合数 ...

  7. 从编程实现角度学习Faster R-CNN(附极简实现)

    https://www.jianshu.com/p/9da1f0756813 从编程实现角度学习Faster R-CNN(附极简实现) GoDeep 关注 2018.03.11 15:51* 字数 5 ...

  8. elasticsearch-集群管理

    1.集群结构 ES 通常以集群方式工作.以提高搜索性能.容错能力.高可用.实现PB级数据搜索. 相关概念: (1)结点: ES集群由多台ES服务器组成.每个ES 服务端就是个一个NODE结点 (2)分 ...

  9. Python笔记_第四篇_高阶编程_高阶函数_2.filter

    1. filter函数: 原型:filter(fn,lsd) 参数1为函数 参数2为序列 功能:用于过滤序列,把传入的函数一次作用域序列每个元素,根据返回的是True还是False决定是否保留该元素. ...

  10. 编译Python文件

    编译Python文件 一.编译Python文件 为了提高加载模块的速度,强调强调强调:提高的是加载速度而绝非运行速度.python解释器会在__pycache__目录中下缓存每个模块编译后的版本,格式 ...