From 6e9c3733135fa96360c8c76e76b431efa5d7f52d Mon Sep 17 00:00:00 2001
From: 沈斌 <bluelazysb@hotmail.com>
Date: Sat, 09 Jun 2018 11:28:32 +0800
Subject: [PATCH] test

---
 src/main/java/com/moral/security/config/WebSecurityConfig.java |   33 ++++++++++++++++++++++-----------
 1 files changed, 22 insertions(+), 11 deletions(-)

diff --git a/src/main/java/com/moral/security/config/WebSecurityConfig.java b/src/main/java/com/moral/security/config/WebSecurityConfig.java
index 4f3f2b5..2182127 100644
--- a/src/main/java/com/moral/security/config/WebSecurityConfig.java
+++ b/src/main/java/com/moral/security/config/WebSecurityConfig.java
@@ -1,6 +1,7 @@
 package com.moral.security.config;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.moral.common.util.ResourceUtil;
 import com.moral.security.CustomCorsFilter;
 import com.moral.security.RestAuthenticationEntryPoint;
 import com.moral.security.auth.login.LoginAuthenticationProvider;
@@ -9,6 +10,8 @@
 import com.moral.security.auth.jwt.JwtTokenAuthenticationProcessingFilter;
 import com.moral.security.auth.jwt.SkipPathRequestMatcher;
 import com.moral.security.auth.jwt.extractor.TokenExtractor;
+import org.apache.commons.lang3.ArrayUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -18,11 +21,11 @@
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.web.access.channel.ChannelProcessingFilter;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
+import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
 
@@ -37,9 +40,11 @@
 @EnableWebSecurity
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
     public static final String AUTHENTICATION_HEADER_NAME = "X-Authorization";
+    public static final String REFRESH_TOKEN_HEADER_NAME = "X-Refrsh-Token";
+    public static final String AUTHENTICATION_PARAM_NAME = "_token";
     public static final String AUTHENTICATION_URL = "/auth/login";
     public static final String REFRESH_TOKEN_URL = "/auth/token";
-    public static final String API_ROOT_URL = "/*/**";
+    public static final String API_ROOT_URL = "/**/*";
 
     @Autowired
     private RestAuthenticationEntryPoint authenticationEntryPoint;
@@ -89,12 +94,19 @@
     
     @Override
     protected void configure(HttpSecurity http) throws Exception {
-        List<String> permitAllEndpointList = Arrays.asList(
-            AUTHENTICATION_URL,
-            REFRESH_TOKEN_URL,
-            "/screen/**"
-        );
 
+        List<String> permitAllEndpointList = new ArrayList<>(Arrays.asList(
+                AUTHENTICATION_URL,
+                REFRESH_TOKEN_URL
+        ));
+        // ������������������url
+        String noFilters = ResourceUtil.getValue("noFilters");
+        if(!StringUtils.isBlank(noFilters)){
+            String[] noFilterArray = noFilters.split(",");
+            if(!ArrayUtils.isEmpty(noFilterArray)){
+                permitAllEndpointList.addAll(Arrays.asList(noFilterArray));
+            }
+        }
         http
             .csrf().disable() // We don't need CSRF for JWT based authentication
             .exceptionHandling()
@@ -112,9 +124,8 @@
                 .authorizeRequests()
                 .antMatchers(API_ROOT_URL).authenticated() // Protected API End-points
             .and()
-                .addFilterBefore(new CustomCorsFilter(), ChannelProcessingFilter.class)
-                .addFilterBefore(buildLoginProcessingFilter(AUTHENTICATION_URL), UsernamePasswordAuthenticationFilter.class)
-                .addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(permitAllEndpointList,
-                API_ROOT_URL), UsernamePasswordAuthenticationFilter.class);
+                .addFilterBefore(new CustomCorsFilter(), UsernamePasswordAuthenticationFilter.class)
+                .addFilterBefore(buildLoginProcessingFilter(AUTHENTICATION_URL), UsernamePasswordAuthenticationFilter.class);
+                //.addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(permitAllEndpointList, API_ROOT_URL), UsernamePasswordAuthenticationFilter.class);
     }
 }

--
Gitblit v1.8.0