| | |
|---|
| | | package com.moral.security.config; |
|---|
| | | |
|---|
| | | import com.fasterxml.jackson.databind.ObjectMapper; |
|---|
| | | import com.moral.common.util.ResourceUtil; |
|---|
| | | import com.moral.security.CustomCorsFilter; |
|---|
| | | import com.moral.security.RestAuthenticationEntryPoint; |
|---|
| | | import com.moral.security.auth.login.LoginAuthenticationProvider; |
|---|
| | |
|---|
| | | import com.moral.security.auth.jwt.JwtTokenAuthenticationProcessingFilter; |
|---|
| | | import com.moral.security.auth.jwt.SkipPathRequestMatcher; |
|---|
| | | import com.moral.security.auth.jwt.extractor.TokenExtractor; |
|---|
| | | import org.apache.commons.lang3.ArrayUtils; |
|---|
| | | import org.apache.commons.lang3.StringUtils; |
|---|
| | | import org.springframework.beans.factory.annotation.Autowired; |
|---|
| | | import org.springframework.context.annotation.Bean; |
|---|
| | | import org.springframework.context.annotation.Configuration; |
|---|
| | |
|---|
| | | import org.springframework.security.web.authentication.AuthenticationSuccessHandler; |
|---|
| | | import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; |
|---|
| | | |
|---|
| | | import java.util.ArrayList; |
|---|
| | | import java.util.Arrays; |
|---|
| | | import java.util.List; |
|---|
| | | |
|---|
| | |
|---|
| | | @EnableWebSecurity |
|---|
| | | public class WebSecurityConfig extends WebSecurityConfigurerAdapter { |
|---|
| | | public static final String AUTHENTICATION_HEADER_NAME = "X-Authorization"; |
|---|
| | | public static final String REFRESH_TOKEN_HEADER_NAME = "X-Refrsh-Token"; |
|---|
| | | public static final String AUTHENTICATION_PARAM_NAME = "_token"; |
|---|
| | | public static final String AUTHENTICATION_URL = "/auth/login"; |
|---|
| | | public static final String REFRESH_TOKEN_URL = "/auth/token"; |
|---|
| | |
|---|
| | | |
|---|
| | | @Override |
|---|
| | | protected void configure(HttpSecurity http) throws Exception { |
|---|
| | | List<String> permitAllEndpointList = Arrays.asList( |
|---|
| | | AUTHENTICATION_URL, |
|---|
| | | REFRESH_TOKEN_URL, |
|---|
| | | "/screen/**" |
|---|
| | | ); |
|---|
| | | |
|---|
| | | List<String> permitAllEndpointList = new ArrayList<>(Arrays.asList( |
|---|
| | | AUTHENTICATION_URL, |
|---|
| | | REFRESH_TOKEN_URL |
|---|
| | | )); |
|---|
| | | // 添加不过滤的url |
|---|
| | | String noFilters = ResourceUtil.getValue("noFilters"); |
|---|
| | | if(!StringUtils.isBlank(noFilters)){ |
|---|
| | | String[] noFilterArray = noFilters.split(","); |
|---|
| | | if(!ArrayUtils.isEmpty(noFilterArray)){ |
|---|
| | | permitAllEndpointList.addAll(Arrays.asList(noFilterArray)); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | http |
|---|
| | | .csrf().disable() // We don't need CSRF for JWT based authentication |
|---|
| | | .exceptionHandling() |
|---|
| | |
|---|
| | | .permitAll() |
|---|
| | | .and() |
|---|
| | | .authorizeRequests() |
|---|
| | | .antMatchers(API_ROOT_URL).authenticated() // Protected API End-points |
|---|
| | | .and() |
|---|
| | | .addFilterBefore(new CustomCorsFilter(), UsernamePasswordAuthenticationFilter.class) |
|---|
| | | .addFilterBefore(buildLoginProcessingFilter(AUTHENTICATION_URL), UsernamePasswordAuthenticationFilter.class) |
|---|
| | | .addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(permitAllEndpointList, |
|---|
| | | API_ROOT_URL), UsernamePasswordAuthenticationFilter.class); |
|---|
| | | .antMatchers(API_ROOT_URL).authenticated(); // Protected API End-points |
|---|
| | | // .and() |
|---|
| | | // .addFilterBefore(new CustomCorsFilter(), UsernamePasswordAuthenticationFilter.class) |
|---|
| | | // .addFilterBefore(buildLoginProcessingFilter(AUTHENTICATION_URL), UsernamePasswordAuthenticationFilter.class) |
|---|
| | | // .addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(permitAllEndpointList, API_ROOT_URL), UsernamePasswordAuthenticationFilter.class); |
|---|
| | | } |
|---|
| | | } |
|---|
