diff --git a/mall-admin/src/main/java/com/macro/mall/config/MallSecurityConfig.java b/mall-admin/src/main/java/com/macro/mall/config/MallSecurityConfig.java index 12706d9..0be25f7 100644 --- a/mall-admin/src/main/java/com/macro/mall/config/MallSecurityConfig.java +++ b/mall-admin/src/main/java/com/macro/mall/config/MallSecurityConfig.java @@ -22,9 +22,7 @@ import java.util.concurrent.ConcurrentHashMap; * Created by macro on 2019/11/9. */ @Configuration -@EnableWebSecurity -@EnableGlobalMethodSecurity(prePostEnabled = true) -public class MallSecurityConfig extends SecurityConfig { +public class MallSecurityConfig { @Autowired private UmsAdminService adminService; diff --git a/mall-portal/src/main/java/com/macro/mall/portal/config/MallSecurityConfig.java b/mall-portal/src/main/java/com/macro/mall/portal/config/MallSecurityConfig.java index c3374b1..9533d12 100644 --- a/mall-portal/src/main/java/com/macro/mall/portal/config/MallSecurityConfig.java +++ b/mall-portal/src/main/java/com/macro/mall/portal/config/MallSecurityConfig.java @@ -14,9 +14,7 @@ import org.springframework.security.core.userdetails.UserDetailsService; * Created by macro on 2019/11/5. */ @Configuration -@EnableWebSecurity -@EnableGlobalMethodSecurity(prePostEnabled = true) -public class MallSecurityConfig extends SecurityConfig { +public class MallSecurityConfig { @Autowired private UmsMemberService memberService; diff --git a/mall-security/src/main/java/com/macro/mall/security/config/CommonSecurityConfig.java b/mall-security/src/main/java/com/macro/mall/security/config/CommonSecurityConfig.java new file mode 100644 index 0000000..a8916fc --- /dev/null +++ b/mall-security/src/main/java/com/macro/mall/security/config/CommonSecurityConfig.java @@ -0,0 +1,66 @@ +package com.macro.mall.security.config; + +import com.macro.mall.security.component.*; +import com.macro.mall.security.util.JwtTokenUtil; +import org.springframework.boot.autoconfigure.condition.ConditionalOnBean; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.crypto.password.PasswordEncoder; + +/** + * SpringSecurity通用配置 + * 包括通用Bean、Security通用Bean及动态权限通用Bean + * Created by macro on 2022/5/20. + */ +@Configuration +public class CommonSecurityConfig { + + @Bean + public PasswordEncoder passwordEncoder() { + return new BCryptPasswordEncoder(); + } + + @Bean + public IgnoreUrlsConfig ignoreUrlsConfig() { + return new IgnoreUrlsConfig(); + } + + @Bean + public JwtTokenUtil jwtTokenUtil() { + return new JwtTokenUtil(); + } + + @Bean + public RestfulAccessDeniedHandler restfulAccessDeniedHandler() { + return new RestfulAccessDeniedHandler(); + } + + @Bean + public RestAuthenticationEntryPoint restAuthenticationEntryPoint() { + return new RestAuthenticationEntryPoint(); + } + + @Bean + public JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter(){ + return new JwtAuthenticationTokenFilter(); + } + + @ConditionalOnBean(name = "dynamicSecurityService") + @Bean + public DynamicAccessDecisionManager dynamicAccessDecisionManager() { + return new DynamicAccessDecisionManager(); + } + + @ConditionalOnBean(name = "dynamicSecurityService") + @Bean + public DynamicSecurityMetadataSource dynamicSecurityMetadataSource() { + return new DynamicSecurityMetadataSource(); + } + + @ConditionalOnBean(name = "dynamicSecurityService") + @Bean + public DynamicSecurityFilter dynamicSecurityFilter(){ + return new DynamicSecurityFilter(); + } +} diff --git a/mall-security/src/main/java/com/macro/mall/security/config/SecurityConfig.java b/mall-security/src/main/java/com/macro/mall/security/config/SecurityConfig.java index efbe5c7..2d53c4b 100644 --- a/mall-security/src/main/java/com/macro/mall/security/config/SecurityConfig.java +++ b/mall-security/src/main/java/com/macro/mall/security/config/SecurityConfig.java @@ -5,6 +5,7 @@ import com.macro.mall.security.util.JwtTokenUtil; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.autoconfigure.condition.ConditionalOnBean; import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpMethod; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; @@ -14,31 +15,43 @@ import org.springframework.security.config.annotation.web.configurers.Expression import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.access.intercept.FilterSecurityInterceptor; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; /** - * 对SpringSecurity配置类的扩展,支持自定义白名单资源路径和查询用户逻辑 + * SpringSecurity 5.4.x以上新用法配置,仅用于配置HttpSecurity * Created by macro on 2019/11/5. */ -public class SecurityConfig extends WebSecurityConfigurerAdapter { +@Configuration +public class SecurityConfig { + @Autowired + private IgnoreUrlsConfig ignoreUrlsConfig; + @Autowired + private RestfulAccessDeniedHandler restfulAccessDeniedHandler; + @Autowired + private RestAuthenticationEntryPoint restAuthenticationEntryPoint; + @Autowired + private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter; @Autowired(required = false) private DynamicSecurityService dynamicSecurityService; + @Autowired(required = false) + private DynamicSecurityFilter dynamicSecurityFilter; - @Override - protected void configure(HttpSecurity httpSecurity) throws Exception { + @Bean + SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception { ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry registry = httpSecurity .authorizeRequests(); - // 不需要保护的资源路径允许访问 - for (String url : ignoreUrlsConfig().getUrls()) { + //不需要保护的资源路径允许访问 + for (String url : ignoreUrlsConfig.getUrls()) { registry.antMatchers(url).permitAll(); } - // 允许跨域的OPTIONS请求 + //允许跨域请求的OPTIONS请求 registry.antMatchers(HttpMethod.OPTIONS) .permitAll(); - // 其他任何请求都需要身份认证 + // 任何请求需要身份认证 registry.and() .authorizeRequests() .anyRequest() @@ -52,76 +65,16 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { // 自定义权限拒绝处理类 .and() .exceptionHandling() - .accessDeniedHandler(restfulAccessDeniedHandler()) - .authenticationEntryPoint(restAuthenticationEntryPoint()) + .accessDeniedHandler(restfulAccessDeniedHandler) + .authenticationEntryPoint(restAuthenticationEntryPoint) // 自定义权限拦截器JWT过滤器 .and() - .addFilterBefore(jwtAuthenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class); + .addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class); //有动态权限配置时添加动态权限校验过滤器 if(dynamicSecurityService!=null){ - registry.and().addFilterBefore(dynamicSecurityFilter(), FilterSecurityInterceptor.class); + registry.and().addFilterBefore(dynamicSecurityFilter, FilterSecurityInterceptor.class); } - } - - @Override - protected void configure(AuthenticationManagerBuilder auth) throws Exception { - auth.userDetailsService(userDetailsService()) - .passwordEncoder(passwordEncoder()); - } - - @Bean - public PasswordEncoder passwordEncoder() { - return new BCryptPasswordEncoder(); - } - - @Bean - public JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter() { - return new JwtAuthenticationTokenFilter(); - } - - @Bean - @Override - public AuthenticationManager authenticationManagerBean() throws Exception { - return super.authenticationManagerBean(); - } - - @Bean - public RestfulAccessDeniedHandler restfulAccessDeniedHandler() { - return new RestfulAccessDeniedHandler(); - } - - @Bean - public RestAuthenticationEntryPoint restAuthenticationEntryPoint() { - return new RestAuthenticationEntryPoint(); - } - - @Bean - public IgnoreUrlsConfig ignoreUrlsConfig() { - return new IgnoreUrlsConfig(); - } - - @Bean - public JwtTokenUtil jwtTokenUtil() { - return new JwtTokenUtil(); - } - - @ConditionalOnBean(name = "dynamicSecurityService") - @Bean - public DynamicAccessDecisionManager dynamicAccessDecisionManager() { - return new DynamicAccessDecisionManager(); - } - - - @ConditionalOnBean(name = "dynamicSecurityService") - @Bean - public DynamicSecurityFilter dynamicSecurityFilter() { - return new DynamicSecurityFilter(); - } - - @ConditionalOnBean(name = "dynamicSecurityService") - @Bean - public DynamicSecurityMetadataSource dynamicSecurityMetadataSource() { - return new DynamicSecurityMetadataSource(); + return httpSecurity.build(); } }