|
|
package cn.mb.cloud.auth.config;
|
|
import cn.mb.cloud.auth.security.handler.MobileLoginSuccessHandler;
|
import cn.mb.cloud.auth.security.service.MbCloudUserAuthDetailsService;
|
import cn.mb.cloud.auth.security.social.SocialSecurityConfigurer;
|
import com.fasterxml.jackson.databind.ObjectMapper;
|
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Lazy;
|
import org.springframework.context.annotation.Primary;
|
import org.springframework.core.annotation.Order;
|
import org.springframework.security.authentication.AuthenticationManager;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.WebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
import org.springframework.security.oauth2.provider.ClientDetailsService;
|
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
|
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
|
|
/**
|
* @author jason
|
* 认证相关配置
|
*/
|
@Primary
|
@Order(90)
|
@Configuration
|
public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
|
@Autowired
|
private ObjectMapper objectMapper;
|
@Autowired
|
private ClientDetailsService clientDetailsService;
|
@Autowired
|
private MbCloudUserAuthDetailsService userDetailsService;
|
@Lazy
|
@Autowired
|
private AuthorizationServerTokenServices defaultAuthorizationServerTokenServices;
|
|
@Override
|
protected void configure(HttpSecurity http) throws Exception {
|
http
|
.formLogin()
|
.loginPage("/token/login")
|
.loginProcessingUrl("/token/form")
|
.and()
|
.authorizeRequests()
|
.antMatchers(
|
"/token/**",
|
"/social/**",
|
"/actuator/**",
|
"/v2/api-docs",
|
"/mobile/**").permitAll()
|
.anyRequest().authenticated()
|
.and().csrf().disable()
|
.apply(mobileSecurityConfigurer());
|
|
}
|
|
/**
|
* 不拦截静态资源
|
*
|
* @param web
|
*/
|
@Override
|
public void configure(WebSecurity web) {
|
web.ignoring().antMatchers("/css/**");
|
}
|
|
@Bean
|
@Override
|
public AuthenticationManager authenticationManagerBean() throws Exception {
|
return super.authenticationManagerBean();
|
}
|
|
@Bean
|
public AuthenticationSuccessHandler mobileLoginSuccessHandler() {
|
return MobileLoginSuccessHandler.builder()
|
.objectMapper(objectMapper)
|
.clientDetailsService(clientDetailsService)
|
.passwordEncoder(passwordEncoder())
|
.defaultAuthorizationServerTokenServices(defaultAuthorizationServerTokenServices).build();
|
}
|
|
@Bean
|
public SocialSecurityConfigurer mobileSecurityConfigurer() {
|
SocialSecurityConfigurer socialSecurityConfigurer = new SocialSecurityConfigurer();
|
socialSecurityConfigurer.setMobileLoginSuccessHandler(mobileLoginSuccessHandler());
|
socialSecurityConfigurer.setUserDetailsService(userDetailsService);
|
return socialSecurityConfigurer;
|
}
|
|
|
/**
|
* https://spring.io/blog/2017/11/01/spring-security-5-0-0-rc1-released#password-storage-updated
|
* Encoded password does not look like BCrypt
|
*
|
* @return PasswordEncoder
|
*/
|
@Bean
|
public PasswordEncoder passwordEncoder() {
|
return PasswordEncoderFactories.createDelegatingPasswordEncoder();
|
}
|
|
}
|
