java/zhihuishenqu.git

parent: a7d2d03f | 补丁 | 提交 | ignore whitespace

CeDo

2021-05-06 3a40dbb060a59e623426e1e26ef8b6f2625c15f2

Default Changelist

2个文件已修改

1个文件已添加

	springcloud_k8s_panzhihuazhihuishequ/zuul/src/main/java/com/panzhihua/zuul/config/AppletWebSecurityConfigurationAdapter.java	29 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	springcloud_k8s_panzhihuazhihuishequ/zuul/src/main/java/com/panzhihua/zuul/config/SpringSecurityConfig.java	7 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	springcloud_k8s_panzhihuazhihuishequ/zuul/src/main/java/com/panzhihua/zuul/filters/AppletAuthenticationFilter.java	1 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史

 springcloud_k8s_panzhihuazhihuishequ/zuul/src/main/java/com/panzhihua/zuul/config/AppletWebSecurityConfigurationAdapter.java

New file
@@ -0,0 +1,29 @@
package com.panzhihua.zuul.config;

import com.panzhihua.common.constants.SecurityConstants;
import com.panzhihua.zuul.filters.AppletAuthenticationFilter;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;

/**
 * @ClasssName AppletWebSecurityConfigurationAdapter
 * @Description 小程序
 * @Author cedoo
 * @Date 2021/4/30
 * @Version 1.0
 **/
@Configuration
@Order(SecurityProperties.BASIC_AUTH_ORDER-2)
public class AppletWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.antMatcher("/api/applets/**").authorizeRequests()
                .anyRequest().hasAnyRole(SecurityConstants.ROLE_APPLETS)
                .and()
                .addFilterAfter(new AppletAuthenticationFilter(), AnonymousAuthenticationFilter.class);
    }
}

 springcloud_k8s_panzhihuazhihuishequ/zuul/src/main/java/com/panzhihua/zuul/config/SpringSecurityConfig.java

@@ -5,7 +5,10 @@
import com.panzhihua.zuul.filters.SercuritFilter;
import com.panzhihua.zuul.handles.UserAuthAccessDeniedHandler;
import com.panzhihua.zuul.manager.RoleAccessDecisionManager;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -13,6 +16,7 @@
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import javax.annotation.Resource;

@@ -24,6 +28,7 @@
 **/
@Configuration
@EnableWebSecurity
@Order(SecurityProperties.BASIC_AUTH_ORDER-1)
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

    @Resource
@@ -57,7 +62,7 @@
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        // 禁用缓存
        http.headers().cacheControl();
        http.antMatcher("/api/applet/**").addFilterBefore(new AppletAuthenticationFilter(), AnonymousAuthenticationFilter.class);
        http.addFilterBefore(new JWTAuthenticationTokenFilter(), AnonymousAuthenticationFilter.class);
    }

}

 springcloud_k8s_panzhihuazhihuishequ/zuul/src/main/java/com/panzhihua/zuul/filters/AppletAuthenticationFilter.java

@@ -60,7 +60,6 @@
        // 获取请求头中JWT的Token
        String tokenHeader = request.getHeader(TokenConstant.TOKEN_HEADER);
        if (null != tokenHeader && tokenHeader.startsWith(TokenConstant.TOKEN_PRE)) {
            // token过期
            String token = tokenHeader.replace(TokenConstant.TOKEN_PRE, "");

            // token解析

New file
			@@ -0,0 +1,29 @@
			package com.panzhihua.zuul.config;

			import com.panzhihua.common.constants.SecurityConstants;
			import com.panzhihua.zuul.filters.AppletAuthenticationFilter;
			import org.springframework.boot.autoconfigure.security.SecurityProperties;
			import org.springframework.context.annotation.Configuration;
			import org.springframework.core.annotation.Order;
			import org.springframework.security.config.annotation.web.builders.HttpSecurity;
			import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
			import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;

			/**
			* @ClasssName AppletWebSecurityConfigurationAdapter
			* @Description 小程序
			* @Author cedoo
			* @Date 2021/4/30
			* @Version 1.0
			**/
			@Configuration
			@Order(SecurityProperties.BASIC_AUTH_ORDER-2)
			public class AppletWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
			@Override
			protected void configure(HttpSecurity http) throws Exception {
			http.antMatcher("/api/applets/**").authorizeRequests()
			.anyRequest().hasAnyRole(SecurityConstants.ROLE_APPLETS)
			.and()
			.addFilterAfter(new AppletAuthenticationFilter(), AnonymousAuthenticationFilter.class);
			}
			}

			@@ -5,7 +5,10 @@
			import com.panzhihua.zuul.filters.SercuritFilter;
			import com.panzhihua.zuul.handles.UserAuthAccessDeniedHandler;
			import com.panzhihua.zuul.manager.RoleAccessDecisionManager;
			import org.springframework.boot.autoconfigure.security.SecurityProperties;
			import org.springframework.context.annotation.Bean;
			import org.springframework.context.annotation.Configuration;
			import org.springframework.core.annotation.Order;
			import org.springframework.security.config.annotation.ObjectPostProcessor;
			import org.springframework.security.config.annotation.web.builders.HttpSecurity;
			import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
			@@ -13,6 +16,7 @@
			import org.springframework.security.config.http.SessionCreationPolicy;
			import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
			import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
			import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

			import javax.annotation.Resource;

			@@ -24,6 +28,7 @@
			**/
			@Configuration
			@EnableWebSecurity
			@Order(SecurityProperties.BASIC_AUTH_ORDER-1)
			public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

			@Resource
			@@ -57,7 +62,7 @@
			http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
			// 禁用缓存
			http.headers().cacheControl();
			http.antMatcher("/api/applet/**").addFilterBefore(new AppletAuthenticationFilter(), AnonymousAuthenticationFilter.class);
			http.addFilterBefore(new JWTAuthenticationTokenFilter(), AnonymousAuthenticationFilter.class);
			}

			}

			@@ -60,7 +60,6 @@
			// 获取请求头中JWT的Token
			String tokenHeader = request.getHeader(TokenConstant.TOKEN_HEADER);
			if (null != tokenHeader && tokenHeader.startsWith(TokenConstant.TOKEN_PRE)) {
			// token过期
			String token = tokenHeader.replace(TokenConstant.TOKEN_PRE, "");

			// token解析