Spring Security 设置

Spring Security 设置

配置 WebSecurityConfigurerAdapter

@Configuration
@ConditionalOnMissingBean({CustomAuthEnabled.class})
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    protected AccountService accountService;
    @Autowired
    protected DeniedHandler accessDeniedHandler;
    @Autowired
    protected LoginFailureHandler loginFailureHandler;
    @Autowired
    protected LoginSuccessHandler loginSuccessHandler;
    @Autowired
    protected AjaxLogoutSuccessHandler ajaxLogoutSuccessHandler;
    @Value("${dms.props.pages.loginPage}")
    protected String loginPage = "";
    @Value("${dms.props.auth.excludeUrls}")
    protected String excludeUrls = "";
    @Value("${dms.props.auth.anonymousUrls}")
    protected String anonymousUrls = "";
    @Value("${dms.props.auth.captcha.enabled:false}")
    protected boolean captchaEnabled = false;
    @Value("${springfox.documentation.enabled:false}")
    protected boolean swaggerEnabled = false;
    protected String loginAct = "/login";
    public LinkedHashSet<String> anonymousList;
    public LinkedHashSet<String> excludeUrlList;

    public SecurityConfig() {
    }

    public void configure(WebSecurity web) throws Exception {
        this.excludeUrlList = Sets.newLinkedHashSet(Lists.newArrayList(new String[]{"/page/**", "/static/**", "/error/**", "/files/**", "/showmethedb/**", "/captcha", "/copyright/**", "/**/**.js", "/**/**.css"}));
        if (this.swaggerEnabled) {
            this.excludeUrlList.addAll(Lists.newArrayList(new String[]{"/swagger-ui.html", "/swagger-resources/**", "/images/**", "/webjars/**", "/v2/api-docs", "/configuration/ui", "/configuration/security", "/csrf"}));
        }

        String[] excludeUrlArr = this.excludeUrls.split(",");
        this.excludeUrlList.addAll((Collection)Arrays.stream(excludeUrlArr).map((str) -> {
            return str.trim();
        }).filter((str) -> {
            return StringUtils.isNotBlank(str);
        }).collect(Collectors.toList()));
        WebSecurity.IgnoredRequestConfigurer conf = web.ignoring();
        conf.antMatchers((String[])this.excludeUrlList.toArray(new String[0]));
    }

    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(this.accountService);
    }

    protected void configure(HttpSecurity http) throws Exception {
        ((HttpSecurity)((HttpSecurity)((HttpSecurity)((HttpSecurity)((HttpSecurity)((HttpSecurity)((FormLoginConfigurer)((FormLoginConfigurer)((FormLoginConfigurer)((FormLoginConfigurer)((HttpSecurity)http.httpBasic().and()).formLogin().loginPage("/" + this.loginPage).loginProcessingUrl(this.loginAct)).successHandler(this.loginSuccessHandler)).failureHandler(this.loginFailureHandler)).permitAll()).and()).logout().logoutRequestMatcher(new OrRequestMatcher(new RequestMatcher[]{new AntPathRequestMatcher("/logout", "POST"), new AntPathRequestMatcher("/logout", "DELETE")})).logoutSuccessHandler(this.ajaxLogoutSuccessHandler).and()).anonymous().principal(LoginInfo.ANONYMOUS).and()).exceptionHandling().and()).headers().frameOptions().disable().and()).sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()).csrf().disable();
        ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry conf = http.authorizeRequests();
        this.anonymousList = Sets.newLinkedHashSet(Lists.newArrayList(new String[]{"/auth/keepLogin", "/auth/account", "/**/api/**", "/auth/regesterAndLogin/**", "/auth/loginByToken/**", "/dataview/publish/**", "/bigdata/access/**"}));
        String[] anonymousArr = this.anonymousUrls.split(",");
        this.anonymousList.addAll((Collection)Arrays.stream(anonymousArr).map((str) -> {
            return str.trim();
        }).filter((str) -> {
            return StringUtils.isNotBlank(str);
        }).collect(Collectors.toList()));
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl)conf.antMatchers((String[])this.anonymousList.toArray(new String[0]))).permitAll();
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl)conf.anyRequest()).authenticated();
        if (this.captchaEnabled) {
            http.addFilterBefore(new CaptchaFilter(this.loginAct), UsernamePasswordAuthenticationFilter.class);
        }

        http.addFilterBefore(new JwtAuthenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class);
    }
}

configure(HttpSecurity http) 中,可以指定通过校验之后的一系列处理器(handler):比如 loginProcessingUrl、successHandler、failureHandler 等。很方便。

((HttpSecurity)((HttpSecurity)((HttpSecurity)((HttpSecurity)((HttpSecurity)((HttpSecurity)((FormLoginConfigurer)((FormLoginConfigurer)((FormLoginConfigurer)((FormLoginConfigurer)((HttpSecurity)http.httpBasic().and()).formLogin().loginPage("/" + this.loginPage).loginProcessingUrl(this.loginAct)).successHandler(this.loginSuccessHandler)).failureHandler(this.loginFailureHandler)).permitAll()).and()).logout().logoutRequestMatcher(new OrRequestMatcher(new RequestMatcher[]{new AntPathRequestMatcher("/logout", "POST"), new AntPathRequestMatcher("/logout", "DELETE")})).logoutSuccessHandler(this.ajaxLogoutSuccessHandler).and()).anonymous().principal(LoginInfo.ANONYMOUS).and()).exceptionHandling().and()).headers().frameOptions().disable().and()).sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()).csrf().disable();