Security的一些配置

package com.example.demo.config;

import com.example.demo.Service.UserDetailsServiceImpl;
import com.example.demo.filter.JwtAuthencationTokenFilter;
import com.example.demo.pojo.ResponseResult;
import com.example.demo.pojo.ResponseStatusCode;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    public JwtAuthencationTokenFilter jwtAuthencationTokenFilter(){
        return new JwtAuthencationTokenFilter();
    }

    @Autowired
    private BCryptPasswordEncoder encoder;

    @Autowired
    private UserDetailsServiceImpl userDetailsService;



    /**************************************************************
                            一,验证
     **************************************************************/
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(encoder);
    }



    /**************************************************************
                            二,授权
     **************************************************************/
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authenticationProvider(authenticationProvider())
                .httpBasic()
                //未登录时 , 自定义响应结果
                .authenticationEntryPoint((request, response, ex) -> {
                    customResponse(response, ResponseStatusCode.NO_Login,null);
                });

        http.authorizeRequests()
                .antMatchers("/common").hasRole("common")
                .antMatchers("/vip").hasRole("vip")
                .antMatchers("/").authenticated();

        //将jwt登录授权的拦截器 => 添加到用户验证之前
        http.addFilterBefore(jwtAuthencationTokenFilter(), UsernamePasswordAuthenticationFilter.class);

        /*
           添加自定义 未授权和未授权的结果返回
         */
        http.exceptionHandling()
                .accessDeniedHandler((request, response, ex) -> {
                    customResponse(response, ResponseStatusCode.NO_AUTHORITY,null);
                })
                .authenticationEntryPoint((request, response, ex) -> {
                    customResponse(response, ResponseStatusCode.NO_Login,null);
                });

        //基于token,所有不需要csrf
        http.csrf().disable();
        // 基于token,所以不需要session
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        // 缓存管理,暂时用不到
        http.headers().cacheControl();

    }


    @Bean
    public AuthenticationProvider authenticationProvider() {
        DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
        //对默认的UserDetailsService进行覆盖
        authenticationProvider.setUserDetailsService(userDetailsService);
        authenticationProvider.setPasswordEncoder(encoder);
        return authenticationProvider;
    }

    @Autowired
    private ObjectMapper objectMapper;

    // 自定义返回结果
    private void customResponse(HttpServletResponse response, ResponseStatusCode code,Object data) throws IOException {
        response.setContentType("application/json;charset=utf-8");
        response.setStatus(code.getCode());
        PrintWriter out = response.getWriter();
        out.write(objectMapper.writeValueAsString(new ResponseResult<>(code, data)));
        out.flush();
        out.close();
    }

}

 

上一篇:源码实现 --> atoi函数实现


下一篇:《华为HCIE安全认证》学习笔记 | 虚拟化技术(二)