|
|
|
|
package ${basePackage}.config;
|
|
|
|
|
|
|
|
|
|
import org.springframework.context.annotation.Bean;
|
|
|
|
|
import org.springframework.context.annotation.Configuration;
|
|
|
|
|
import org.springframework.security.access.AccessDeniedException;
|
|
|
|
|
import org.springframework.security.authentication.AuthenticationManager;
|
|
|
|
|
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
|
|
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
|
|
|
import org.springframework.security.config.annotation.web.builders.WebSecurity;
|
|
|
|
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|
|
|
|
import org.springframework.security.config.http.SessionCreationPolicy;
|
|
|
|
|
import org.springframework.security.core.Authentication;
|
|
|
|
|
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
|
|
|
|
|
import ${basePackage}.frame.auth.LocalData;
|
|
|
|
|
import ${basePackage}.frame.base.Token;
|
|
|
|
|
import ${basePackage}.frame.utils.CookieUtil;
|
|
|
|
|
import ${basePackage}.module.system.mgr.TokensManager;
|
|
|
|
|
import ${basePackage}.module.system.req.TokensBuildRequest;
|
|
|
|
|
import ${basePackage}.module.system.rsp.TokensBuildResponse;
|
|
|
|
|
|
|
|
|
|
import javax.servlet.Filter;
|
|
|
|
|
import javax.servlet.FilterChain;
|
|
|
|
|
import javax.servlet.ServletException;
|
|
|
|
|
import javax.servlet.ServletRequest;
|
|
|
|
|
import javax.servlet.ServletResponse;
|
|
|
|
|
import javax.servlet.http.HttpServletRequest;
|
|
|
|
|
import javax.servlet.http.HttpServletResponse;
|
|
|
|
|
import java.io.IOException;
|
|
|
|
|
import java.util.regex.Matcher;
|
|
|
|
|
import java.util.regex.Pattern;
|
|
|
|
|
|
|
|
|
|
@Configuration
|
|
|
|
|
@EnableGlobalMethodSecurity(securedEnabled = true)
|
|
|
|
|
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
public void configure(WebSecurity web) throws Exception {
|
|
|
|
|
web.ignoring().mvcMatchers(LocalData.getProp("spring.mvc.static-path-pattern"));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
protected void configure(HttpSecurity http) throws Exception {
|
|
|
|
|
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
|
|
|
|
|
.and()
|
|
|
|
|
.addFilterBefore(new TokenFilter(), FilterSecurityInterceptor.class)// 过滤器用于处理Token
|
|
|
|
|
.authorizeRequests()
|
|
|
|
|
.antMatchers(LocalData.getProp("web.url.auth.excluded")).permitAll()// 放行排除的URL
|
|
|
|
|
.antMatchers(LocalData.getProp("web.url.auth.included")).access("@Authorization.hasPermission(request,authentication)")// 需要权限的URL
|
|
|
|
|
.and().cors()
|
|
|
|
|
.and().headers().frameOptions().disable()
|
|
|
|
|
.and().csrf().disable();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* 此方法不要删除 用于屏蔽默认用户密码生成
|
|
|
|
|
* <p>
|
|
|
|
|
* 例如 Using generated security password: f6b42a66-71b1-4c31-b6a8-942838c81408
|
|
|
|
|
*
|
|
|
|
|
* @return
|
|
|
|
|
* @throws Exception
|
|
|
|
|
*/
|
|
|
|
|
@Bean
|
|
|
|
|
public AuthenticationManager authenticationManagerBean() throws Exception {
|
|
|
|
|
return super.authenticationManagerBean();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public static class TokenFilter implements Filter {
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
|
|
|
|
|
HttpServletRequest request = (HttpServletRequest) servletRequest;
|
|
|
|
|
HttpServletResponse response = (HttpServletResponse) servletResponse;
|
|
|
|
|
String token = request.getParameter("token");
|
|
|
|
|
if (token == null || token.isEmpty()) {
|
|
|
|
|
token = CookieUtil.getCookieValue(request.getCookies(), "token");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 组装Token ~ 这边根据实际的业务组装Token
|
|
|
|
|
if (token != null) {
|
|
|
|
|
TokensManager tokensManager = LocalData.getBean(TokensManager.class);
|
|
|
|
|
TokensBuildRequest tokensBuildRequest = new TokensBuildRequest();
|
|
|
|
|
tokensBuildRequest.setToken(token);
|
|
|
|
|
TokensBuildResponse tokensBuildResponse = tokensManager.build(tokensBuildRequest, LocalData.getSysToken());
|
|
|
|
|
LocalData.setToken(tokensBuildResponse.getToken());
|
|
|
|
|
} else {
|
|
|
|
|
LocalData.setToken(null);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Action
|
|
|
|
|
String servletPath = request.getServletPath().toLowerCase();
|
|
|
|
|
Pattern compile = Pattern.compile("^/(.+)\\.htm");
|
|
|
|
|
Matcher matcher = compile.matcher(servletPath);
|
|
|
|
|
if (matcher.find()) {
|
|
|
|
|
LocalData.setAction(matcher.group(1));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
filterChain.doFilter(servletRequest, servletResponse);
|
|
|
|
|
} catch (AccessDeniedException e) {
|
|
|
|
|
response.sendError(HttpServletResponse.SC_FORBIDDEN);
|
|
|
|
|
} catch (Exception e) {
|
|
|
|
|
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Bean("Authorization")
|
|
|
|
|
public Object getAuthorization() {
|
|
|
|
|
return new Object() {
|
|
|
|
|
public boolean hasPermission(HttpServletRequest request, Authentication authentication) {
|
|
|
|
|
|
|
|
|
|
// 授权
|
|
|
|
|
Token token_ = LocalData.getToken();
|
|
|
|
|
if (token_ != null && token_.hasResource(request.getServletPath())) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
