花城-智慧社区
blame | 历史 | 原始文档
CeDo
2021-05-10 458a590d905246081332cba18997c9b5c68aa725 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68

package com.panzhihua.zuul.config;


 


import com.panzhihua.zuul.filters.AppletAuthenticationFilter;


import com.panzhihua.zuul.filters.JWTAuthenticationTokenFilter;


import com.panzhihua.zuul.filters.SercuritFilter;


import com.panzhihua.zuul.handles.UserAuthAccessDeniedHandler;


import com.panzhihua.zuul.manager.RoleAccessDecisionManager;


import org.springframework.boot.autoconfigure.security.SecurityProperties;


import org.springframework.context.annotation.Bean;


import org.springframework.context.annotation.Configuration;


import org.springframework.core.annotation.Order;


import org.springframework.security.config.annotation.ObjectPostProcessor;


import org.springframework.security.config.annotation.web.builders.HttpSecurity;


import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;


import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;


import org.springframework.security.config.http.SessionCreationPolicy;


import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;


import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;


import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;


 


import javax.annotation.Resource;


 


/**


 * @program: springcloud_k8s_panzhihuazhihuishequ


 * @description: 安全


 * @author: huang.hongfa weixin hhf9596 qq 959656820


 * @create: 2020-11-25 10:57


 **/


@Configuration


@EnableWebSecurity


@Order(SecurityProperties.BASIC_AUTH_ORDER-1)


public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {


 


    @Resource


    private SercuritFilter filter;


    @Resource


    private RoleAccessDecisionManager roleAccessDecisionManager;


    /**


     * 自定义暂无权限处理器


     */


    @Resource


    private UserAuthAccessDeniedHandler userAuthAccessDeniedHandler;


 


    @Override


    protected void configure(HttpSecurity http) throws Exception {


        http.authorizeRequests()


                .withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {


                    @Override


                    public <O extends FilterSecurityInterceptor> O postProcess(O o) {


                        o.setAccessDecisionManager(roleAccessDecisionManager);


                        o.setSecurityMetadataSource(filter);


                        return o;


                    }


                })


                .anyRequest().authenticated()


                .and()


                // 配置没有权限自定义处理类


                .exceptionHandling().accessDeniedHandler(userAuthAccessDeniedHandler)


                .and()


                .csrf().disable();


        // 基于Token不需要session


        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);


        // 禁用缓存


        http.headers().cacheControl();


        http.addFilterBefore(new JWTAuthenticationTokenFilter(), AnonymousAuthenticationFilter.class);


    }


 


}