花城-智慧社区
blame | 历史 | 补丁 | 提交 | 提交对比 | ignore whitespace
huanghongfa
2021-09-02 177249c76aeea0b4bf8d8816d4994e3b445b45ce 
 springcloud_k8s_panzhihuazhihuishequ/zuul/src/main/java/com/panzhihua/zuul/config/SpringSecurityConfig.java


@@ -1,9 +1,7 @@


package com.panzhihua.zuul.config;




import com.panzhihua.zuul.filters.JWTAuthenticationTokenFilter;


import com.panzhihua.zuul.filters.SercuritFilter;


import com.panzhihua.zuul.handles.UserAuthAccessDeniedHandler;


import com.panzhihua.zuul.manager.RoleAccessDecisionManager;


import javax.annotation.Resource;




import org.springframework.context.annotation.Configuration;


import org.springframework.security.config.annotation.ObjectPostProcessor;


import org.springframework.security.config.annotation.web.builders.HttpSecurity;


@@ -13,7 +11,10 @@


import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;


import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;




import javax.annotation.Resource;


import com.panzhihua.zuul.filters.JWTAuthenticationTokenFilter;


import com.panzhihua.zuul.filters.SercuritFilter;


import com.panzhihua.zuul.handles.UserAuthAccessDeniedHandler;


import com.panzhihua.zuul.manager.RoleAccessDecisionManager;




/**


 * @program: springcloud_k8s_panzhihuazhihuishequ


@@ -37,21 +38,16 @@




    @Override


    protected void configure(HttpSecurity http) throws Exception {


        http.authorizeRequests()


                .withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {


                    @Override


                    public <O extends FilterSecurityInterceptor> O postProcess(O o) {


                        o.setAccessDecisionManager(roleAccessDecisionManager);


                        o.setSecurityMetadataSource(filter);


                        return o;


                    }


                })


                .anyRequest().authenticated()


                .and()


                // 配置没有权限自定义处理类


                .exceptionHandling().accessDeniedHandler(userAuthAccessDeniedHandler)


                .and()


                .csrf().disable();


        http.authorizeRequests().withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {


            @Override


            public <O extends FilterSecurityInterceptor> O postProcess(O o) {


                o.setAccessDecisionManager(roleAccessDecisionManager);


                o.setSecurityMetadataSource(filter);


                return o;


            }


        }).anyRequest().authenticated().and()


            // 配置没有权限自定义处理类


            .exceptionHandling().accessDeniedHandler(userAuthAccessDeniedHandler).and().csrf().disable();


        // 基于Token不需要session


        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);


        // 禁用缓存