实现的目的是 对普通用户和管理员的登录接口 分别进行拦截。其他的不做处理。该配置适用于 springboot
package cn.exrick.xboot.config.security;
import cn.exrick.xboot.common.utils.SecurityUtil;
import cn.exrick.xboot.config.properties.IgnoredUrlsProperties;
import cn.exrick.xboot.config.properties.XbootTokenProperties;
import cn.exrick.xboot.config.security.jwt.AuthenticationFailHandler;
import cn.exrick.xboot.config.security.jwt.AuthenticationSuccessHandler;
import cn.exrick.xboot.config.security.jwt.JWTAuthenticationFilter;
import cn.exrick.xboot.config.security.jwt.RestAccessDeniedHandler;
import cn.exrick.xboot.config.security.permission.MyFilterSecurityInterceptor;
import cn.exrick.xboot.config.security.validate.EmailValidateFilter;
import cn.exrick.xboot.config.security.validate.ImageValidateFilter;
import cn.exrick.xboot.config.security.validate.SmsValidateFilter;
import cn.exrick.xboot.config.security.validate.VaptchaValidateFilter;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
/**
* Security 核心配置类
* 开启注解控制权限至Controller
* @author Exrickx
*/
@Slf4j
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled=true,securedEnabled = true)
public class WebSecurityConfig {
@Configuration
@Order(2) //rder的值越小,优先级越高
public static class UserLoginSecurity extends WebSecurityConfigurerAdapter{
private final AuthenticationSuccessHandler successHandler;
private final AuthenticationFailHandler failHandler;
private final IgnoredUrlsProperties ignoredUrlsProperties;
private final AccessDeniedHandler accessDeniedHandler;
private final SmsValidateFilter smsValidateFilter;
private final EmailValidateFilter emailValidateFilter;
private final MyFilterSecurityInterceptor myFilterSecurityInterceptor;
private final XbootTokenProperties tokenProperties;
private final StringRedisTemplate redisTemplate;
private final SecurityUtil securityUtil;
private final UserDetailsServiceImpl userDetailsService;
public UserLoginSecurity(UserDetailsServiceImpl userDetailsService,AuthenticationSuccessHandler successHandler,AuthenticationFailHandler failHandler,IgnoredUrlsProperties ignoredUrlsProperties,AccessDeniedHandler accessDeniedHandler,SmsValidateFilter smsValidateFilter,EmailValidateFilter emailValidateFilter,MyFilterSecurityInterceptor myFilterSecurityInterceptor,XbootTokenProperties tokenProperties,StringRedisTemplate redisTemplate,SecurityUtil securityUtil) {
this.successHandler=successHandler;
this.failHandler=failHandler;
this.ignoredUrlsProperties=ignoredUrlsProperties;
this.accessDeniedHandler=accessDeniedHandler;
this.smsValidateFilter=smsValidateFilter;
this.emailValidateFilter=emailValidateFilter;
this.myFilterSecurityInterceptor=myFilterSecurityInterceptor;
this.tokenProperties=tokenProperties;
this.redisTemplate=redisTemplate;
this.securityUtil=securityUtil;
this.userDetailsService=userDetailsService;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http
.authorizeRequests();
// 除配置文件忽略路径其它所有请求都需经过认证和授权
for(String url : ignoredUrlsProperties.getUrls()){
registry.antMatchers(url).permitAll();
}
registry.and()
// 表单登录方式
.formLogin()
.loginPage("/xboot/common/needLogin")
// 登录请求url
.loginProcessingUrl("/xboot/login")
.permitAll()
// 成功处理类
.successHandler(successHandler)
// 失败
.failureHandler(failHandler)
.and()
// 允许网页iframe
.headers().frameOptions().disable()
.and()
.logout()
.permitAll()
.and()
.authorizeRequests()
// 任何请求
.anyRequest()
// 需要身份认证
.authenticated()
.and()
// 允许跨域
.cors().disable()
// 关闭跨站请求防护
.csrf().disable()
// 前后端分离采用JWT 不需要session
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
// 自定义权限拒绝处理类
.exceptionHandling().accessDeniedHandler(accessDeniedHandler)
.and()
// 图形验证码过滤器
// .addFilterBefore(imageValidateFilter, UsernamePasswordAuthenticationFilter.class)
// 短信验证码过滤器
.addFilterBefore(smsValidateFilter, UsernamePasswordAuthenticationFilter.class)
// vaptcha验证码过滤器
// .addFilterBefore(vaptchaValidateFilter, UsernamePasswordAuthenticationFilter.class)
// email验证码过滤器
.addFilterBefore(emailValidateFilter, UsernamePasswordAuthenticationFilter.class)
// 添加自定义权限过滤器
.addFilterBefore(myFilterSecurityInterceptor, FilterSecurityInterceptor.class)
// 添加JWT认证过滤器
.addFilter(new JWTAuthenticationFilter(authenticationManager(), tokenProperties, redisTemplate, securityUtil));
}
}
@Configuration
@Order(1)
public static class AdminLoginSecurity extends WebSecurityConfigurerAdapter{
private final AuthenticationSuccessHandler successHandler;
private final AuthenticationFailHandler failHandler;
private final IgnoredUrlsProperties ignoredUrlsProperties;
private final AccessDeniedHandler accessDeniedHandler;
private final SmsValidateFilter smsValidateFilter;
private final EmailValidateFilter emailValidateFilter;
private final MyFilterSecurityInterceptor myFilterSecurityInterceptor;
private final XbootTokenProperties tokenProperties;
private final StringRedisTemplate redisTemplate;
private final SecurityUtil securityUtil;
private final UserDetailsServiceImplAdmin userDetailsService;
public AdminLoginSecurity(UserDetailsServiceImplAdmin userDetailsService,AuthenticationSuccessHandler successHandler,AuthenticationFailHandler failHandler,IgnoredUrlsProperties ignoredUrlsProperties,AccessDeniedHandler accessDeniedHandler,SmsValidateFilter smsValidateFilter,EmailValidateFilter emailValidateFilter,MyFilterSecurityInterceptor myFilterSecurityInterceptor,XbootTokenProperties tokenProperties,StringRedisTemplate redisTemplate,SecurityUtil securityUtil) {
this.successHandler=successHandler;
this.failHandler=failHandler;
this.ignoredUrlsProperties=ignoredUrlsProperties;
this.accessDeniedHandler=accessDeniedHandler;
this.smsValidateFilter=smsValidateFilter;
this.emailValidateFilter=emailValidateFilter;
this.myFilterSecurityInterceptor=myFilterSecurityInterceptor;
this.tokenProperties=tokenProperties;
this.redisTemplate=redisTemplate;
this.securityUtil=securityUtil;
this.userDetailsService=userDetailsService;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/xboot/adminLogin") //表示当前httpsecurity只拦截 /xboot/adminLogin
.authorizeRequests()
.and()
// 表单登录方式
.formLogin()
.loginPage("/xboot/common/needLogin")
// 登录请求url
.loginProcessingUrl("/xboot/adminLogin")
.permitAll()
// 成功处理类
.successHandler(successHandler)
// 失败
.failureHandler(failHandler)
.and()
// 允许网页iframe
.headers().frameOptions().disable()
.and()
.logout()
.permitAll()
.and()
// 允许跨域
.cors().disable()
// 关闭跨站请求防护
.csrf().disable()
// 前后端分离采用JWT 不需要session
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
// 自定义权限拒绝处理类
.exceptionHandling().accessDeniedHandler(accessDeniedHandler)
.and()
// 图形验证码过滤器
// .addFilterBefore(imageValidateFilter, UsernamePasswordAuthenticationFilter.class)
// 短信验证码过滤器
.addFilterBefore(smsValidateFilter, UsernamePasswordAuthenticationFilter.class)
// vaptcha验证码过滤器
// .addFilterBefore(vaptchaValidateFilter, UsernamePasswordAuthenticationFilter.class)
// email验证码过滤器
.addFilterBefore(emailValidateFilter, UsernamePasswordAuthenticationFilter.class)
// 添加自定义权限过滤器
.addFilterBefore(myFilterSecurityInterceptor, FilterSecurityInterceptor.class)
// 添加JWT认证过滤器
.addFilter(new JWTAuthenticationFilter(authenticationManager(), tokenProperties, redisTemplate, securityUtil));
}
}
}
来源:oschina
链接:https://my.oschina.net/u/3387320/blog/3132937