| | |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * spring security配置 |
|---|
| | | * |
|---|
| | | * |
|---|
| | | * @author ruoyi |
|---|
| | | */ |
|---|
| | | @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true) |
|---|
| | | public class SecurityConfig extends WebSecurityConfigurerAdapter |
|---|
| | | { |
|---|
| | | public class SecurityConfig extends WebSecurityConfigurerAdapter { |
|---|
| | | /** |
|---|
| | | * 自定义用户认证逻辑 |
|---|
| | | */ |
|---|
| | | @Autowired |
|---|
| | | private UserDetailsService userDetailsService; |
|---|
| | | |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 认证失败处理类 |
|---|
| | | */ |
|---|
| | |
|---|
| | | */ |
|---|
| | | @Autowired |
|---|
| | | private JwtAuthenticationTokenFilter authenticationTokenFilter; |
|---|
| | | |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 跨域过滤器 |
|---|
| | | */ |
|---|
| | |
|---|
| | | */ |
|---|
| | | @Bean |
|---|
| | | @Override |
|---|
| | | public AuthenticationManager authenticationManagerBean() throws Exception |
|---|
| | | { |
|---|
| | | public AuthenticationManager authenticationManagerBean() throws Exception { |
|---|
| | | return super.authenticationManagerBean(); |
|---|
| | | } |
|---|
| | | |
|---|
| | |
|---|
| | | * authenticated | 用户登录后可访问 |
|---|
| | | */ |
|---|
| | | @Override |
|---|
| | | protected void configure(HttpSecurity httpSecurity) throws Exception |
|---|
| | | { |
|---|
| | | protected void configure(HttpSecurity httpSecurity) throws Exception { |
|---|
| | | // 注解标记允许匿名访问的url |
|---|
| | | ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = httpSecurity.authorizeRequests(); |
|---|
| | | permitAllUrl.getUrls().forEach(url -> registry.antMatchers(url).permitAll()); |
|---|
| | |
|---|
| | | // 过滤请求 |
|---|
| | | .authorizeRequests() |
|---|
| | | // 对于登录login 注册register 验证码captchaImage 允许匿名访问 |
|---|
| | | .antMatchers("/login", "/register", "/captchaImage").permitAll() |
|---|
| | | .antMatchers("/login", "/register", "/captchaImage", "/qrcode/generateStaticHtml", "/qrcode/getQRcode", "/qrcode/getFormDate", "/chat", "/system/file/admin/uploadFile", "/smartor/dingtalk/sendNotification", "/patient/read/patientInfo","/socket","/API_ESB_Service","/API_ESB_Service/Run","/magic/web/**").permitAll() |
|---|
| | | // 静态资源,可匿名访问 |
|---|
| | | .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll() |
|---|
| | | .antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll() |
|---|
| | | .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll().antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll() |
|---|
| | | // 除上面外的所有请求全部需要鉴权认证 |
|---|
| | | .anyRequest().authenticated() |
|---|
| | | .and() |
|---|
| | | .headers().frameOptions().disable(); |
|---|
| | | .anyRequest().authenticated().and().headers().frameOptions().disable(); |
|---|
| | | // 添加Logout filter |
|---|
| | | httpSecurity.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler); |
|---|
| | | // 添加JWT filter |
|---|
| | |
|---|
| | | * 强散列哈希加密实现 |
|---|
| | | */ |
|---|
| | | @Bean |
|---|
| | | public BCryptPasswordEncoder bCryptPasswordEncoder() |
|---|
| | | { |
|---|
| | | public BCryptPasswordEncoder bCryptPasswordEncoder() { |
|---|
| | | return new BCryptPasswordEncoder(); |
|---|
| | | } |
|---|
| | | |
|---|
| | |
|---|
| | | * 身份认证接口 |
|---|
| | | */ |
|---|
| | | @Override |
|---|
| | | protected void configure(AuthenticationManagerBuilder auth) throws Exception |
|---|
| | | { |
|---|
| | | protected void configure(AuthenticationManagerBuilder auth) throws Exception { |
|---|
| | | auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder()); |
|---|
| | | } |
|---|
| | | } |
|---|
