| | |
|---|
| | | package com.ruoyi.framework.config; |
|---|
| | | |
|---|
| | | import com.ruoyi.framework.config.properties.PermitAllUrlProperties; |
|---|
| | | import com.ruoyi.framework.security.filter.JwtAuthenticationTokenFilter; |
|---|
| | | import com.ruoyi.framework.security.handle.AuthenticationEntryPointImpl; |
|---|
| | | import com.ruoyi.framework.security.handle.LogoutSuccessHandlerImpl; |
|---|
| | | import org.springframework.beans.factory.annotation.Autowired; |
|---|
| | | import org.springframework.context.annotation.Bean; |
|---|
| | | import org.springframework.http.HttpMethod; |
|---|
| | |
|---|
| | | import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; |
|---|
| | | import org.springframework.security.web.authentication.logout.LogoutFilter; |
|---|
| | | import org.springframework.web.filter.CorsFilter; |
|---|
| | | import com.ruoyi.framework.config.properties.PermitAllUrlProperties; |
|---|
| | | import com.ruoyi.framework.security.filter.JwtAuthenticationTokenFilter; |
|---|
| | | import com.ruoyi.framework.security.handle.AuthenticationEntryPointImpl; |
|---|
| | | import com.ruoyi.framework.security.handle.LogoutSuccessHandlerImpl; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * spring security配置 |
|---|
| | | * |
|---|
| | | * |
|---|
| | | * @author ruoyi |
|---|
| | | */ |
|---|
| | | @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true) |
|---|
| | | public class SecurityConfig extends WebSecurityConfigurerAdapter |
|---|
| | | { |
|---|
| | | public class SecurityConfig extends WebSecurityConfigurerAdapter { |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 自定义用户认证逻辑 |
|---|
| | | */ |
|---|
| | | @Autowired |
|---|
| | | private UserDetailsService userDetailsService; |
|---|
| | | |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 认证失败处理类 |
|---|
| | | */ |
|---|
| | |
|---|
| | | */ |
|---|
| | | @Autowired |
|---|
| | | private JwtAuthenticationTokenFilter authenticationTokenFilter; |
|---|
| | | |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 跨域过滤器 |
|---|
| | | */ |
|---|
| | |
|---|
| | | */ |
|---|
| | | @Bean |
|---|
| | | @Override |
|---|
| | | public AuthenticationManager authenticationManagerBean() throws Exception |
|---|
| | | { |
|---|
| | | public AuthenticationManager authenticationManagerBean() throws Exception { |
|---|
| | | return super.authenticationManagerBean(); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * anyRequest | 匹配所有请求路径 |
|---|
| | | * access | SpringEl表达式结果为true时可以访问 |
|---|
| | | * anonymous | 匿名可以访问 |
|---|
| | | * denyAll | 用户不能访问 |
|---|
| | | * fullyAuthenticated | 用户完全认证可以访问(非remember-me下自动登录) |
|---|
| | | * hasAnyAuthority | 如果有参数,参数表示权限,则其中任何一个权限可以访问 |
|---|
| | | * hasAnyRole | 如果有参数,参数表示角色,则其中任何一个角色可以访问 |
|---|
| | | * hasAuthority | 如果有参数,参数表示权限,则其权限可以访问 |
|---|
| | | * hasIpAddress | 如果有参数,参数表示IP地址,如果用户IP和参数匹配,则可以访问 |
|---|
| | | * hasRole | 如果有参数,参数表示角色,则其角色可以访问 |
|---|
| | | * permitAll | 用户可以任意访问 |
|---|
| | | * rememberMe | 允许通过remember-me登录的用户访问 |
|---|
| | | * authenticated | 用户登录后可访问 |
|---|
| | | * anyRequest | 匹配所有请求路径 access | SpringEl表达式结果为true时可以访问 anonymous | |
|---|
| | | * 匿名可以访问 denyAll | 用户不能访问 fullyAuthenticated | 用户完全认证可以访问(非remember-me下自动登录) |
|---|
| | | * hasAnyAuthority | 如果有参数,参数表示权限,则其中任何一个权限可以访问 hasAnyRole | 如果有参数,参数表示角色,则其中任何一个角色可以访问 |
|---|
| | | * hasAuthority | 如果有参数,参数表示权限,则其权限可以访问 hasIpAddress | |
|---|
| | | * 如果有参数,参数表示IP地址,如果用户IP和参数匹配,则可以访问 hasRole | 如果有参数,参数表示角色,则其角色可以访问 permitAll |
|---|
| | | * | 用户可以任意访问 rememberMe | 允许通过remember-me登录的用户访问 authenticated | |
|---|
| | | * 用户登录后可访问 |
|---|
| | | */ |
|---|
| | | @Override |
|---|
| | | protected void configure(HttpSecurity httpSecurity) throws Exception |
|---|
| | | { |
|---|
| | | protected void configure(HttpSecurity httpSecurity) throws Exception { |
|---|
| | | // 注解标记允许匿名访问的url |
|---|
| | | ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = httpSecurity.authorizeRequests(); |
|---|
| | | permitAllUrl.getUrls().forEach(url -> registry.antMatchers(url).permitAll()); |
|---|
| | |
|---|
| | | // 过滤请求 |
|---|
| | | .authorizeRequests() |
|---|
| | | // 对于登录login 注册register 验证码captchaImage 允许匿名访问 |
|---|
| | | .antMatchers("/getPrivacyAgreement/{agreementType}","/applet/queryProtocolConfigByType","/applet/login","/login","/applet/queryProtocolConfigByType", "/register","/applet/getCode","/applet/loginCode","/applet/changepwd", "/captchaImage","/getCode","/loginCode","/operations/getBySingleNum/**", |
|---|
| | | "/user/getUserInfoByNumber/**","/genAccount","/loginPwd").permitAll() |
|---|
| | | .antMatchers("/getPrivacyAgreement/{agreementType}", |
|---|
| | | "/applet/queryProtocolConfigByType", "/applet/login", "/login", |
|---|
| | | "/applet/queryProtocolConfigByType", "/register", "/applet/getCode", |
|---|
| | | "/applet/loginCode", "/applet/changepwd", "/captchaImage", "/getCode", |
|---|
| | | "/loginCode", "/operations/getBySingleNum/**", |
|---|
| | | "/user/getUserInfoByNumber/**", "/genAccount", "/loginPwd", "/screen/**") |
|---|
| | | .permitAll() |
|---|
| | | //放行所有 |
|---|
| | | //.antMatchers("/*/**").permitAll() |
|---|
| | | // 静态资源,可匿名访问 |
|---|
| | | .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll() |
|---|
| | | .antMatchers("/swagger-ui.html","/doc.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll() |
|---|
| | | .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", |
|---|
| | | "/profile/**").permitAll() |
|---|
| | | .antMatchers("/swagger-ui.html", "/doc.html", "/swagger-resources/**", |
|---|
| | | "/webjars/**", "/*/api-docs", "/druid/**").permitAll() |
|---|
| | | // 除上面外的所有请求全部需要鉴权认证 |
|---|
| | | .anyRequest().authenticated() |
|---|
| | | .and() |
|---|
| | |
|---|
| | | // 添加Logout filter |
|---|
| | | httpSecurity.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler); |
|---|
| | | // 添加JWT filter |
|---|
| | | httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class); |
|---|
| | | httpSecurity.addFilterBefore(authenticationTokenFilter, |
|---|
| | | UsernamePasswordAuthenticationFilter.class); |
|---|
| | | // 添加CORS filter |
|---|
| | | httpSecurity.addFilterBefore(corsFilter, JwtAuthenticationTokenFilter.class); |
|---|
| | | httpSecurity.addFilterBefore(corsFilter, LogoutFilter.class); |
|---|
| | |
|---|
| | | * 强散列哈希加密实现 |
|---|
| | | */ |
|---|
| | | @Bean |
|---|
| | | public BCryptPasswordEncoder bCryptPasswordEncoder() |
|---|
| | | { |
|---|
| | | public BCryptPasswordEncoder bCryptPasswordEncoder() { |
|---|
| | | return new BCryptPasswordEncoder(); |
|---|
| | | } |
|---|
| | | |
|---|
| | |
|---|
| | | * 身份认证接口 |
|---|
| | | */ |
|---|
| | | @Override |
|---|
| | | protected void configure(AuthenticationManagerBuilder auth) throws Exception |
|---|
| | | { |
|---|
| | | protected void configure(AuthenticationManagerBuilder auth) throws Exception { |
|---|
| | | auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder()); |
|---|
| | | } |
|---|
| | | } |
|---|
