|
@@ -0,0 +1,121 @@
|
|
|
+package com.example.springboot.config;
|
|
|
+
|
|
|
+
|
|
|
+import com.alibaba.fastjson.JSONObject;
|
|
|
+import com.example.springboot.entity.RestBean;
|
|
|
+import com.example.springboot.service.AuthorizeService;
|
|
|
+import org.springframework.context.annotation.Bean;
|
|
|
+import org.springframework.context.annotation.Configuration;
|
|
|
+import org.springframework.security.authentication.AuthenticationManager;
|
|
|
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
|
|
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
|
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|
|
+import org.springframework.security.core.AuthenticationException;
|
|
|
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
|
|
+import org.springframework.security.web.SecurityFilterChain;
|
|
|
+import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
|
|
|
+import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
|
|
|
+import org.springframework.web.cors.CorsConfiguration;
|
|
|
+import org.springframework.web.cors.CorsConfigurationSource;
|
|
|
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
|
|
|
+
|
|
|
+import javax.annotation.Resource;
|
|
|
+import javax.servlet.http.HttpServletRequest;
|
|
|
+import javax.servlet.http.HttpServletResponse;
|
|
|
+import javax.sql.DataSource;
|
|
|
+import java.io.IOException;
|
|
|
+
|
|
|
+@Configuration
|
|
|
+@EnableWebSecurity
|
|
|
+public class SecurityConfiguration {
|
|
|
+
|
|
|
+ @Resource
|
|
|
+ AuthorizeService authorizeService;
|
|
|
+
|
|
|
+ @Resource
|
|
|
+ DataSource dataSource;
|
|
|
+
|
|
|
+ @Bean
|
|
|
+ public SecurityFilterChain filterChain(HttpSecurity http,
|
|
|
+ PersistentTokenRepository repository) throws Exception {
|
|
|
+ return http
|
|
|
+ .authorizeHttpRequests()
|
|
|
+ .antMatchers("/api/auth/**","/api/user/**","/api/**").permitAll()
|
|
|
+ .anyRequest().authenticated()
|
|
|
+ .and()
|
|
|
+ .formLogin()
|
|
|
+ .loginProcessingUrl("/api/auth/login")
|
|
|
+ .successHandler(this::onAuthenticationSuccess)
|
|
|
+ .failureHandler(this::onAuthenticationFailure)
|
|
|
+ .and()
|
|
|
+ .logout()
|
|
|
+ .logoutUrl("/api/auth/logout")
|
|
|
+ .logoutSuccessHandler(this::onAuthenticationSuccess)
|
|
|
+ .and()
|
|
|
+ .rememberMe()
|
|
|
+ .rememberMeParameter("remember")
|
|
|
+ .tokenRepository(repository)
|
|
|
+ .tokenValiditySeconds(3600 * 24 * 7)
|
|
|
+ .and()
|
|
|
+ .csrf()
|
|
|
+ .disable()
|
|
|
+ .cors()
|
|
|
+ .configurationSource(corsConfigurationSource())
|
|
|
+ .and()
|
|
|
+ .exceptionHandling()
|
|
|
+ .authenticationEntryPoint(this::onAuthenticationFailure)
|
|
|
+ .and()
|
|
|
+ .build();
|
|
|
+ }
|
|
|
+
|
|
|
+ @Bean
|
|
|
+ public PersistentTokenRepository tokenRepository(){
|
|
|
+ JdbcTokenRepositoryImpl jdbcTokenRepository = new JdbcTokenRepositoryImpl();
|
|
|
+ jdbcTokenRepository.setDataSource(dataSource);
|
|
|
+ jdbcTokenRepository.setCreateTableOnStartup(false);
|
|
|
+ return jdbcTokenRepository;
|
|
|
+ }
|
|
|
+
|
|
|
+ /*
|
|
|
+ * 解决跨域问题
|
|
|
+ * */
|
|
|
+ public CorsConfigurationSource corsConfigurationSource() {
|
|
|
+ CorsConfiguration config = new CorsConfiguration();//1. 添加 CORS配置信息
|
|
|
+ config.addAllowedOriginPattern("*");//放行哪些原始域
|
|
|
+ config.setAllowCredentials(true);//是否发送 Cookie
|
|
|
+ config.addAllowedMethod("*");//放行哪些请求方式
|
|
|
+ config.addAllowedHeader("*");//放行哪些原始请求头部信息
|
|
|
+ config.addExposedHeader("*");//暴露哪些头部信息
|
|
|
+ UrlBasedCorsConfigurationSource corsConfigurationSource = new UrlBasedCorsConfigurationSource();//2. 添加映射路径
|
|
|
+ corsConfigurationSource.registerCorsConfiguration("/**",config);
|
|
|
+ return corsConfigurationSource;
|
|
|
+ }
|
|
|
+
|
|
|
+ @Bean
|
|
|
+ public AuthenticationManager authenticationManager(HttpSecurity security) throws Exception {
|
|
|
+ return security
|
|
|
+ .getSharedObject(AuthenticationManagerBuilder.class)
|
|
|
+ .userDetailsService(authorizeService)
|
|
|
+ .and().build();
|
|
|
+ }
|
|
|
+
|
|
|
+ @Bean
|
|
|
+ public BCryptPasswordEncoder passwordEncoder(){
|
|
|
+ return new BCryptPasswordEncoder();
|
|
|
+ }
|
|
|
+
|
|
|
+ public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse response, org.springframework.security.core.Authentication authentication) throws IOException {
|
|
|
+ response.setCharacterEncoding("utf-8");
|
|
|
+ if (httpServletRequest.getRequestURI().endsWith("/login"))
|
|
|
+ response.getWriter().write(JSONObject.toJSONString(RestBean.success("登录成功")));
|
|
|
+ else if (httpServletRequest.getRequestURI().endsWith("/logout"))
|
|
|
+ response.getWriter().write(JSONObject.toJSONString(RestBean.success("退出登录成功")));
|
|
|
+ }
|
|
|
+
|
|
|
+ public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException {
|
|
|
+ response.setCharacterEncoding("utf-8");
|
|
|
+ response.getWriter().write(JSONObject.toJSONString(RestBean.failure(401,exception.getMessage())));
|
|
|
+ }
|
|
|
+
|
|
|
+
|
|
|
+}
|