package me.zhengjie.core.config;

import me.zhengjie.core.security.JwtAuthenticationEntryPoint;

import me.zhengjie.core.security.JwtAuthorizationTokenFilter;

import me.zhengjie.core.service.JwtUserDetailsService;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.beans.factory.annotation.Value;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

import org.springframework.http.HttpMethod;

import org.springframework.security.authentication.AuthenticationManager;

import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;

import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;

import org.springframework.security.config.annotation.web.builders.WebSecurity;

import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import org.springframework.security.config.http.SessionCreationPolicy;

import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

import org.springframework.security.crypto.password.PasswordEncoder;

import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration

@EnableWebSecurity

@EnableGlobalMethodSecurity(prePostEnabled = true)

public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired

    private JwtAuthenticationEntryPoint unauthorizedHandler;

    @Autowired

    private JwtUserDetailsService jwtUserDetailsService;

    /**

     * 自定义基于JWT的安全过滤器

     */

    @Autowired

    JwtAuthorizationTokenFilter authenticationTokenFilter;

    @Value("${jwt.header}")

    private String tokenHeader;

    @Value("${jwt.auth.path}")

    private String authenticationPath;

    @Autowired

    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {

        auth

                .userDetailsService(jwtUserDetailsService)

                .passwordEncoder(passwordEncoderBean());

    }

    @Bean

    public PasswordEncoder passwordEncoderBean() {

        return new BCryptPasswordEncoder();

    }

    @Bean

    @Override

    public AuthenticationManager authenticationManagerBean() throws Exception {

        return super.authenticationManagerBean();

    }

    @Override

    protected void configure(HttpSecurity httpSecurity) throws Exception {

        httpSecurity

                // 禁用 CSRF

                .csrf().disable()

                // 授权异常

                .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()

                // 不创建会话

                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()

                .authorizeRequests()

                .antMatchers("/auth/**").permitAll()

                .antMatchers("/websocket/**").permitAll()

                .antMatchers("/druid/**").anonymous()

                // 支付宝回调

                .antMatchers("/api/aliPay/return").anonymous()

                .antMatchers("/api/aliPay/notify").anonymous()

                // swagger start

                .antMatchers("/swagger-ui.html").anonymous()

                .antMatchers("/swagger-resources/**").anonymous()

                .antMatchers("/webjars/**").anonymous()

                .antMatchers("/*/api-docs").anonymous()

                // swagger end

                .antMatchers("/test/**").anonymous()

                .antMatchers(HttpMethod.OPTIONS, "/**").anonymous()

                // 所有请求都需要认证

                .anyRequest().authenticated();

        httpSecurity

                .addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);

    }

    @Override

    public void configure(WebSecurity web) throws Exception {

        // AuthenticationTokenFilter will ignore the below paths

        web.ignoring()

            .antMatchers(

                    HttpMethod.POST,

                    authenticationPath

            )

            // allow anonymous resource requests

            .and()

            .ignoring()

            .antMatchers(

                    HttpMethod.GET,

                    "/*.html",

                    "/**/*.html",

                    "/**/*.css",

                    "/**/*.js"

            );

    }

}

WebSecurityConfig的更多相关文章

  1. spring session 和 spring security整合

    背景: 我要做的系统前面放置zuul. 使用自己公司提供的单点登录服务.后面的业务应用也是spring boot支撑的rest服务. 目标: 使用spring security管理权限包括权限.用户请 ...

  2. Java 生成验证码图片

    生成验证码图片并对提交的输入进行验证 // HttpServletResponse常见应用——生成验证码 // 利用BufferedImage类生产随机图片 public static final i ...

  3. spring security method security

    参考 Spring Security 官方文档 http://www.concretepage.com/spring/spring-security/preauthorize-postauthoriz ...

  4. spring注解配置启动过程

    最近看起spring源码,突然想知道没有web.xml的配置,spring是怎么通过一个继承于AbstractAnnotationConfigDispatcherServletInitializer的 ...

  5. Spring Boot 5 SpringSecurity身份验证

    对于没有访问权限的用户需要转到登录表单页面.要实现访问控制的方法多种多样,可以通过Aop.拦截器实现,也可以通过框架实现(如:Apache Shiro.Spring Security). pom.xm ...

  6. spring security之httpSecurity使用示例

    如果在HttpSecurity中配置需要authenticate(),则如果没有登陆,或没有相关权限,则会无法访问 2017-01-02 23:39:32.027 DEBUG 10396 --- [n ...

  7. Spring Security HTTP Basic for RESTFul and FormLogin (Cookies) for web - Annotations

    @Configuration @EnableWebMvcSecurity @EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabl ...

  8. How to use JDBC-Authentication of Spring Boot/Spring Security with Flyway

    java.lang.IllegalStateException: Failed to load ApplicationContext at org.springframework.test.conte ...

  9. Cross Site Request Forgery (CSRF)--spring security -转

    http://docs.spring.io/spring-security/site/docs/3.2.0.CI-SNAPSHOT/reference/html/csrf.html 13. Cross ...

随机推荐

  1. CSS padidng-top\margin-top\fixed 的特殊性

    参考: 使用css时,可能会出错的两个地方 1.padidng-top\margin-top padidng-top\margin-top可以设置'px' 或者是'%',设置'px'略过,说一下设置‘ ...

  2. POJ-2492 A Bug's Life(种类并查集)

    http://poj.org/problem?id=2492 题意: 给出一个T代表几组数据,给出一个n一个m,代表人的编号由1~n,m条命令,每条命令由两个数值组成,代表这两个人性别不同,问所有命令 ...

  3. rsync搭建

    服务器: 查看是否安装:rpm -qa rsync 未安装则:yum install -y rsync 添加rsync用户 useradd -s /sbin/nologin -M rsync 编辑/e ...

  4. Java学习十七

    学习内容: 1.Java字符串类 1.在utf-8编码下,每个汉字占三个字节 2.字符串和byte数组之间的相互转换 将字符串转换为byte数组 byte[] arrs = str.getBytes( ...

  5. [ZJCTF 2019]NiZhuanSiWei

    0x00知识点 1:data伪协议写入文件 2:php:// php://filter用于读取源码 php://input用于执行php代码 3反序列化 0x01解题 打开题目,给了我们源码 < ...

  6. ZJNU 2345 - 小Y的方格纸

    明显,总共有n*m格,已经涂了k格 所以剩下n*m-k格 如果n*m-k<=k,即k已经占用了大于等于一半的格子,显然答案为0 否则 剩下的格子中取k+1,k+2...n*m-k格均可 取组合数 ...

  7. 从编程实现角度学习Faster R-CNN(附极简实现)

    https://www.jianshu.com/p/9da1f0756813 从编程实现角度学习Faster R-CNN(附极简实现) GoDeep 关注 2018.03.11 15:51* 字数 5 ...

  8. elasticsearch-集群管理

    1.集群结构 ES 通常以集群方式工作.以提高搜索性能.容错能力.高可用.实现PB级数据搜索. 相关概念: (1)结点: ES集群由多台ES服务器组成.每个ES 服务端就是个一个NODE结点 (2)分 ...

  9. Python笔记_第四篇_高阶编程_高阶函数_2.filter

    1. filter函数: 原型:filter(fn,lsd) 参数1为函数 参数2为序列 功能:用于过滤序列,把传入的函数一次作用域序列每个元素,根据返回的是True还是False决定是否保留该元素. ...

  10. 编译Python文件

    编译Python文件 一.编译Python文件 为了提高加载模块的速度,强调强调强调:提高的是加载速度而绝非运行速度.python解释器会在__pycache__目录中下缓存每个模块编译后的版本,格式 ...