java/zhihuishenqu.git

New file
			@@ -0,0 +1,103 @@
			package com.panzhihua.auth.config;

			import javax.annotation.Resource;

			import org.springframework.context.annotation.Bean;
			import org.springframework.context.annotation.Configuration;
			import org.springframework.security.authentication.AuthenticationManager;
			import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
			import org.springframework.security.config.annotation.web.builders.HttpSecurity;
			import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
			import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
			import org.springframework.security.config.http.SessionCreationPolicy;
			import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

			import com.panzhihua.auth.handel.AjaxAuthenticationEntryPoint;
			import com.panzhihua.auth.handel.UserAuthenticationProvider;
			import com.panzhihua.auth.handel.UserLoginFailureHandler;
			import com.panzhihua.auth.handel.UserLogoutSuccessHandler;

			/**
			* SpringSecurity配置类
			*
			* @Author youcong
			*/
			@Configuration
			@EnableWebSecurity
			public class SecurityConfig extends WebSecurityConfigurerAdapter {
			/**
			* 自定义登录逻辑验证器
			*/
			@Resource
			private UserAuthenticationProvider userAuthenticationProvider;

			public static void main(String[] args) {
			BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
			String encode = bCryptPasswordEncoder.encode("123456");
			System.out.println(encode);
			}

			/**
			* 加密方式
			*
			* @Author youcong
			*/
			@Bean
			public BCryptPasswordEncoder bCryptPasswordEncoder() {
			return new BCryptPasswordEncoder();
			}

			/**
			* 配置登录验证逻辑
			*/
			@Override
			protected void configure(AuthenticationManagerBuilder auth) {
			// 这里可启用我们自己的登陆验证逻辑
			auth.authenticationProvider(userAuthenticationProvider);
			}

			/**
			* 解决无法直接注入 AuthenticationManager
			*
			* @return
			* @throws Exception
			*/
			@Bean
			@Override
			public AuthenticationManager authenticationManagerBean() throws Exception {
			return super.authenticationManagerBean();
			}

			/**
			* 配置security的控制逻辑
			*
			* @Author youcong
			* @Param http 请求
			*/
			@Override
			protected void configure(HttpSecurity http) throws Exception {

			http.authorizeRequests().anyRequest().permitAll().and()
			// 配置登录成功自定义处理类
			.formLogin()
			// .successHandler(new UserLoginSuccessHandler())
			// 配置登录失败自定义处理类
			.failureHandler(new UserLoginFailureHandler()).and()
			// 配置登出地址
			.logout().logoutUrl("/login/userLogout")
			// 配置用户登出自定义处理类
			.logoutSuccessHandler(new UserLogoutSuccessHandler()).and()
			// 开启跨域
			.cors()
			// 异常处理(权限拒绝、登录失效等)
			.and().exceptionHandling().authenticationEntryPoint(new AjaxAuthenticationEntryPoint())// 匿名用户访问无权限资源时的异常处理;
			.and()
			// 取消跨站请求伪造防护
			.csrf().disable();
			// 基于Token不需要session
			http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
			// 禁用缓存
			http.headers().cacheControl();

			}
			}