From dd47bb065b179dc866da5c8c2690069654ce78f2 Mon Sep 17 00:00:00 2001
From: 沈斌 <bluelazysb@hotmail.com>
Date: Sat, 09 Jun 2018 11:32:04 +0800
Subject: [PATCH] test
---
src/main/java/com/moral/security/config/WebSecurityConfig.java | 36 ++++++++++++++++++++++++------------
1 files changed, 24 insertions(+), 12 deletions(-)
diff --git a/src/main/java/com/moral/security/config/WebSecurityConfig.java b/src/main/java/com/moral/security/config/WebSecurityConfig.java
index 99b6fb3..238990b 100644
--- a/src/main/java/com/moral/security/config/WebSecurityConfig.java
+++ b/src/main/java/com/moral/security/config/WebSecurityConfig.java
@@ -1,6 +1,7 @@
package com.moral.security.config;
import com.fasterxml.jackson.databind.ObjectMapper;
+import com.moral.common.util.ResourceUtil;
import com.moral.security.CustomCorsFilter;
import com.moral.security.RestAuthenticationEntryPoint;
import com.moral.security.auth.login.LoginAuthenticationProvider;
@@ -9,6 +10,8 @@
import com.moral.security.auth.jwt.JwtTokenAuthenticationProcessingFilter;
import com.moral.security.auth.jwt.SkipPathRequestMatcher;
import com.moral.security.auth.jwt.extractor.TokenExtractor;
+import org.apache.commons.lang3.ArrayUtils;
+import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@@ -22,6 +25,7 @@
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
@@ -36,9 +40,11 @@
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
public static final String AUTHENTICATION_HEADER_NAME = "X-Authorization";
+ public static final String REFRESH_TOKEN_HEADER_NAME = "X-Refrsh-Token";
+ public static final String AUTHENTICATION_PARAM_NAME = "_token";
public static final String AUTHENTICATION_URL = "/auth/login";
public static final String REFRESH_TOKEN_URL = "/auth/token";
- public static final String API_ROOT_URL = "/*/**";
+ public static final String API_ROOT_URL = "/**/*";
@Autowired
private RestAuthenticationEntryPoint authenticationEntryPoint;
@@ -88,12 +94,19 @@
@Override
protected void configure(HttpSecurity http) throws Exception {
- List<String> permitAllEndpointList = Arrays.asList(
- AUTHENTICATION_URL,
- REFRESH_TOKEN_URL,
- "/screen/**"
- );
+ List<String> permitAllEndpointList = new ArrayList<>(Arrays.asList(
+ AUTHENTICATION_URL,
+ REFRESH_TOKEN_URL
+ ));
+ // ������������������url
+ String noFilters = ResourceUtil.getValue("noFilters");
+ if(!StringUtils.isBlank(noFilters)){
+ String[] noFilterArray = noFilters.split(",");
+ if(!ArrayUtils.isEmpty(noFilterArray)){
+ permitAllEndpointList.addAll(Arrays.asList(noFilterArray));
+ }
+ }
http
.csrf().disable() // We don't need CSRF for JWT based authentication
.exceptionHandling()
@@ -109,11 +122,10 @@
.permitAll()
.and()
.authorizeRequests()
- .antMatchers(API_ROOT_URL).authenticated() // Protected API End-points
- .and()
- .addFilterBefore(new CustomCorsFilter(), UsernamePasswordAuthenticationFilter.class)
- .addFilterBefore(buildLoginProcessingFilter(AUTHENTICATION_URL), UsernamePasswordAuthenticationFilter.class)
- .addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(permitAllEndpointList,
- API_ROOT_URL), UsernamePasswordAuthenticationFilter.class);
+ .antMatchers(API_ROOT_URL).authenticated(); // Protected API End-points
+// .and()
+// .addFilterBefore(new CustomCorsFilter(), UsernamePasswordAuthenticationFilter.class)
+// .addFilterBefore(buildLoginProcessingFilter(AUTHENTICATION_URL), UsernamePasswordAuthenticationFilter.class)
+// .addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(permitAllEndpointList, API_ROOT_URL), UsernamePasswordAuthenticationFilter.class);
}
}
--
Gitblit v1.8.0