lostecho/mall
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SpringSecurity用法升级

Browse Source
This commit is contained in:
macro
2022-06-25 16:03:28 +08:00
parent 2f7b30b1df
commit 7a3da238c1
4 changed files with 94 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
mall-admin/src/main/java/com/macro/mall/config/MallSecurityConfig.java
View File

@@ -22,9 +22,7 @@ import java.util.concurrent.ConcurrentHashMap;
* Created by macro on 2019/11/9. * Created by macro on 2019/11/9.
*/ */
@Configuration @Configuration
@EnableWebSecurity public class MallSecurityConfig {
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class MallSecurityConfig extends SecurityConfig {
@Autowired @Autowired
private UmsAdminService adminService; private UmsAdminService adminService;

4
mall-portal/src/main/java/com/macro/mall/portal/config/MallSecurityConfig.java
View File

@@ -14,9 +14,7 @@ import org.springframework.security.core.userdetails.UserDetailsService;
* Created by macro on 2019/11/5. * Created by macro on 2019/11/5.
*/ */
@Configuration @Configuration
@EnableWebSecurity public class MallSecurityConfig {
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class MallSecurityConfig extends SecurityConfig {
@Autowired @Autowired
private UmsMemberService memberService; private UmsMemberService memberService;

66
mall-security/src/main/java/com/macro/mall/security/config/CommonSecurityConfig.java Normal file
View File

@@ -0,0 +1,66 @@
package com.macro.mall.security.config;
import com.macro.mall.security.component.*;
import com.macro.mall.security.util.JwtTokenUtil;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
/**
* SpringSecurity通用配置
* 包括通用Bean、Security通用Bean及动态权限通用Bean
* Created by macro on 2022/5/20.
*/
@Configuration
public class CommonSecurityConfig {
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public IgnoreUrlsConfig ignoreUrlsConfig() {
return new IgnoreUrlsConfig();
}
@Bean
public JwtTokenUtil jwtTokenUtil() {
return new JwtTokenUtil();
}
@Bean
public RestfulAccessDeniedHandler restfulAccessDeniedHandler() {
return new RestfulAccessDeniedHandler();
}
@Bean
public RestAuthenticationEntryPoint restAuthenticationEntryPoint() {
return new RestAuthenticationEntryPoint();
}
@Bean
public JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter(){
return new JwtAuthenticationTokenFilter();
}
@ConditionalOnBean(name = "dynamicSecurityService")
@Bean
public DynamicAccessDecisionManager dynamicAccessDecisionManager() {
return new DynamicAccessDecisionManager();
}
@ConditionalOnBean(name = "dynamicSecurityService")
@Bean
public DynamicSecurityMetadataSource dynamicSecurityMetadataSource() {
return new DynamicSecurityMetadataSource();
}
@ConditionalOnBean(name = "dynamicSecurityService")
@Bean
public DynamicSecurityFilter dynamicSecurityFilter(){
return new DynamicSecurityFilter();
}
}

99
mall-security/src/main/java/com/macro/mall/security/config/SecurityConfig.java
View File

@@ -5,6 +5,7 @@ import com.macro.mall.security.util.JwtTokenUtil;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean; import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod; import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
@@ -14,31 +15,43 @@ import org.springframework.security.config.annotation.web.configurers.Expression
import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor; import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
/** /**
* SpringSecurity配置类的扩展,支持自定义白名单资源路径和查询用户逻辑 * SpringSecurity 5.4.x以上新用法配置仅用于配置HttpSecurity
* Created by macro on 2019/11/5. * Created by macro on 2019/11/5.
*/ */
public class SecurityConfig extends WebSecurityConfigurerAdapter { @Configuration
public class SecurityConfig {
@Autowired
private IgnoreUrlsConfig ignoreUrlsConfig;
@Autowired
private RestfulAccessDeniedHandler restfulAccessDeniedHandler;
@Autowired
private RestAuthenticationEntryPoint restAuthenticationEntryPoint;
@Autowired
private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;
@Autowired(required = false) @Autowired(required = false)
private DynamicSecurityService dynamicSecurityService; private DynamicSecurityService dynamicSecurityService;
@Autowired(required = false)
private DynamicSecurityFilter dynamicSecurityFilter;
@Override @Bean
protected void configure(HttpSecurity httpSecurity) throws Exception { SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = httpSecurity ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = httpSecurity
.authorizeRequests(); .authorizeRequests();
// 不需要保护的资源路径允许访问 //不需要保护的资源路径允许访问
for (String url : ignoreUrlsConfig().getUrls()) { for (String url : ignoreUrlsConfig.getUrls()) {
registry.antMatchers(url).permitAll(); registry.antMatchers(url).permitAll();
} }
// 允许跨域的OPTIONS请求 //允许跨域请求的OPTIONS请求
registry.antMatchers(HttpMethod.OPTIONS) registry.antMatchers(HttpMethod.OPTIONS)
.permitAll(); .permitAll();
// 其他任何请求需要身份认证 // 任何请求需要身份认证
registry.and() registry.and()
.authorizeRequests() .authorizeRequests()
.anyRequest() .anyRequest()
@@ -52,76 +65,16 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
// 自定义权限拒绝处理类 // 自定义权限拒绝处理类
.and() .and()
.exceptionHandling() .exceptionHandling()
.accessDeniedHandler(restfulAccessDeniedHandler()) .accessDeniedHandler(restfulAccessDeniedHandler)
.authenticationEntryPoint(restAuthenticationEntryPoint()) .authenticationEntryPoint(restAuthenticationEntryPoint)
// 自定义权限拦截器JWT过滤器 // 自定义权限拦截器JWT过滤器
.and() .and()
.addFilterBefore(jwtAuthenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class); .addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
//有动态权限配置时添加动态权限校验过滤器 //有动态权限配置时添加动态权限校验过滤器
if(dynamicSecurityService!=null){ if(dynamicSecurityService!=null){
registry.and().addFilterBefore(dynamicSecurityFilter(), FilterSecurityInterceptor.class); registry.and().addFilterBefore(dynamicSecurityFilter, FilterSecurityInterceptor.class);
} }
} return httpSecurity.build();
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService())
.passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter() {
return new JwtAuthenticationTokenFilter();
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public RestfulAccessDeniedHandler restfulAccessDeniedHandler() {
return new RestfulAccessDeniedHandler();
}
@Bean
public RestAuthenticationEntryPoint restAuthenticationEntryPoint() {
return new RestAuthenticationEntryPoint();
}
@Bean
public IgnoreUrlsConfig ignoreUrlsConfig() {
return new IgnoreUrlsConfig();
}
@Bean
public JwtTokenUtil jwtTokenUtil() {
return new JwtTokenUtil();
}
@ConditionalOnBean(name = "dynamicSecurityService")
@Bean
public DynamicAccessDecisionManager dynamicAccessDecisionManager() {
return new DynamicAccessDecisionManager();
}
@ConditionalOnBean(name = "dynamicSecurityService")
@Bean
public DynamicSecurityFilter dynamicSecurityFilter() {
return new DynamicSecurityFilter();
}
@ConditionalOnBean(name = "dynamicSecurityService")
@Bean
public DynamicSecurityMetadataSource dynamicSecurityMetadataSource() {
return new DynamicSecurityMetadataSource();
} }
} }