package cn.mb.cloud.auth.config; import cn.mb.cloud.auth.security.handler.MobileLoginSuccessHandler; import cn.mb.cloud.auth.security.service.MbCloudUserAuthDetailsService; import cn.mb.cloud.auth.security.social.SocialSecurityConfigurer; import com.fasterxml.jackson.databind.ObjectMapper; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Lazy; import org.springframework.context.annotation.Primary; import org.springframework.core.annotation.Order; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.factory.PasswordEncoderFactories; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.oauth2.provider.ClientDetailsService; import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices; import org.springframework.security.web.authentication.AuthenticationSuccessHandler; /** * @author jason * 认证相关配置 */ @Primary @Order(90) @Configuration public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter { @Autowired private ObjectMapper objectMapper; @Autowired private ClientDetailsService clientDetailsService; @Autowired private MbCloudUserAuthDetailsService userDetailsService; @Lazy @Autowired private AuthorizationServerTokenServices defaultAuthorizationServerTokenServices; @Override protected void configure(HttpSecurity http) throws Exception { http .formLogin() .loginPage("/token/login") .loginProcessingUrl("/token/form") .and() .authorizeRequests() .antMatchers( "/token/**", "/social/**", "/actuator/**", "/v2/api-docs", "/mobile/**").permitAll() .anyRequest().authenticated() .and().csrf().disable() .apply(mobileSecurityConfigurer()); } /** * 不拦截静态资源 * * @param web */ @Override public void configure(WebSecurity web) { web.ignoring().antMatchers("/css/**"); } @Bean @Override public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } @Bean public AuthenticationSuccessHandler mobileLoginSuccessHandler() { return MobileLoginSuccessHandler.builder() .objectMapper(objectMapper) .clientDetailsService(clientDetailsService) .passwordEncoder(passwordEncoder()) .defaultAuthorizationServerTokenServices(defaultAuthorizationServerTokenServices).build(); } @Bean public SocialSecurityConfigurer mobileSecurityConfigurer() { SocialSecurityConfigurer socialSecurityConfigurer = new SocialSecurityConfigurer(); socialSecurityConfigurer.setMobileLoginSuccessHandler(mobileLoginSuccessHandler()); socialSecurityConfigurer.setUserDetailsService(userDetailsService); return socialSecurityConfigurer; } /** * https://spring.io/blog/2017/11/01/spring-security-5-0-0-rc1-released#password-storage-updated * Encoded password does not look like BCrypt * * @return PasswordEncoder */ @Bean public PasswordEncoder passwordEncoder() { return PasswordEncoderFactories.createDelegatingPasswordEncoder(); } }