From 0d210944cd46aa19d31ab9dfae3f54353d0eb7b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=98=BF=E6=B2=90?= Date: Sun, 25 Feb 2024 22:23:52 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E9=85=8D=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../net/maku/security/config/SecurityConfig.java | 76 ++++++++++++++ .../framework/security/config/SecurityConfig.java | 109 --------------------- .../security/config/SecurityFilterConfig.java | 56 +++++++++++ 3 files changed, 132 insertions(+), 109 deletions(-) create mode 100644 maku-boot-system/src/main/java/net/maku/security/config/SecurityConfig.java delete mode 100644 maku-framework/src/main/java/net/maku/framework/security/config/SecurityConfig.java create mode 100644 maku-framework/src/main/java/net/maku/framework/security/config/SecurityFilterConfig.java diff --git a/maku-boot-system/src/main/java/net/maku/security/config/SecurityConfig.java b/maku-boot-system/src/main/java/net/maku/security/config/SecurityConfig.java new file mode 100644 index 0000000..025f12a --- /dev/null +++ b/maku-boot-system/src/main/java/net/maku/security/config/SecurityConfig.java @@ -0,0 +1,76 @@ +package net.maku.security.config; + +import lombok.AllArgsConstructor; +import net.maku.framework.security.mobile.MobileAuthenticationProvider; +import net.maku.framework.security.mobile.MobileUserDetailsService; +import net.maku.framework.security.mobile.MobileVerifyCodeService; +import net.maku.framework.security.third.ThirdAuthenticationProvider; +import net.maku.framework.security.third.ThirdOpenIdService; +import net.maku.framework.security.third.ThirdUserDetailsService; +import org.springframework.context.ApplicationEventPublisher; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.authentication.AuthenticationProvider; +import org.springframework.security.authentication.DefaultAuthenticationEventPublisher; +import org.springframework.security.authentication.ProviderManager; +import org.springframework.security.authentication.dao.DaoAuthenticationProvider; +import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.crypto.password.PasswordEncoder; + +import java.util.ArrayList; +import java.util.List; + +/** + * SpringSecurity 配置文件 + * + * @author 阿沐 babamu@126.com + * MAKU + */ +@Configuration +@AllArgsConstructor +@EnableWebSecurity +@EnableMethodSecurity +public class SecurityConfig { + private final UserDetailsService userDetailsService; + private final MobileUserDetailsService mobileUserDetailsService; + private final MobileVerifyCodeService mobileVerifyCodeService; + private final ThirdUserDetailsService thirdUserDetailsService; + private final ThirdOpenIdService thirdOpenIdService; + private final PasswordEncoder passwordEncoder; + private final ApplicationEventPublisher applicationEventPublisher; + + @Bean + DaoAuthenticationProvider daoAuthenticationProvider() { + DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider(); + daoAuthenticationProvider.setPasswordEncoder(passwordEncoder); + daoAuthenticationProvider.setUserDetailsService(userDetailsService); + + return daoAuthenticationProvider; + } + + @Bean + MobileAuthenticationProvider mobileAuthenticationProvider() { + return new MobileAuthenticationProvider(mobileUserDetailsService, mobileVerifyCodeService); + } + + @Bean + ThirdAuthenticationProvider thirdAuthenticationProvider() { + return new ThirdAuthenticationProvider(thirdUserDetailsService, thirdOpenIdService); + } + + @Bean + public AuthenticationManager authenticationManager() { + List providerList = new ArrayList<>(); + providerList.add(daoAuthenticationProvider()); + providerList.add(mobileAuthenticationProvider()); + providerList.add(thirdAuthenticationProvider()); + + ProviderManager providerManager = new ProviderManager(providerList); + providerManager.setAuthenticationEventPublisher(new DefaultAuthenticationEventPublisher(applicationEventPublisher)); + + return providerManager; + } +} diff --git a/maku-framework/src/main/java/net/maku/framework/security/config/SecurityConfig.java b/maku-framework/src/main/java/net/maku/framework/security/config/SecurityConfig.java deleted file mode 100644 index 2fe82dc..0000000 --- a/maku-framework/src/main/java/net/maku/framework/security/config/SecurityConfig.java +++ /dev/null @@ -1,109 +0,0 @@ -package net.maku.framework.security.config; - -import lombok.AllArgsConstructor; -import net.maku.framework.security.exception.SecurityAuthenticationEntryPoint; -import net.maku.framework.security.mobile.MobileAuthenticationProvider; -import net.maku.framework.security.mobile.MobileUserDetailsService; -import net.maku.framework.security.mobile.MobileVerifyCodeService; -import net.maku.framework.security.third.ThirdAuthenticationProvider; -import net.maku.framework.security.third.ThirdOpenIdService; -import net.maku.framework.security.third.ThirdUserDetailsService; -import org.springframework.context.ApplicationEventPublisher; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.springframework.http.HttpMethod; -import org.springframework.security.authentication.AuthenticationManager; -import org.springframework.security.authentication.AuthenticationProvider; -import org.springframework.security.authentication.DefaultAuthenticationEventPublisher; -import org.springframework.security.authentication.ProviderManager; -import org.springframework.security.authentication.dao.DaoAuthenticationProvider; -import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; -import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer; -import org.springframework.security.config.http.SessionCreationPolicy; -import org.springframework.security.core.userdetails.UserDetailsService; -import org.springframework.security.crypto.password.PasswordEncoder; -import org.springframework.security.web.SecurityFilterChain; -import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; -import org.springframework.web.filter.OncePerRequestFilter; - -import java.util.ArrayList; -import java.util.List; - -/** - * SpringSecurity 配置文件 - * - * @author 阿沐 babamu@126.com - * MAKU - */ -@Configuration -@AllArgsConstructor -@EnableWebSecurity -@EnableMethodSecurity -public class SecurityConfig { - private final OncePerRequestFilter authenticationTokenFilter; - private final PermitResource permitResource; - private final UserDetailsService userDetailsService; - private final MobileUserDetailsService mobileUserDetailsService; - private final MobileVerifyCodeService mobileVerifyCodeService; - private final ThirdUserDetailsService thirdUserDetailsService; - private final ThirdOpenIdService thirdOpenIdService; - private final PasswordEncoder passwordEncoder; - private final ApplicationEventPublisher applicationEventPublisher; - - @Bean - DaoAuthenticationProvider daoAuthenticationProvider() { - DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider(); - daoAuthenticationProvider.setPasswordEncoder(passwordEncoder); - daoAuthenticationProvider.setUserDetailsService(userDetailsService); - - return daoAuthenticationProvider; - } - - @Bean - MobileAuthenticationProvider mobileAuthenticationProvider() { - return new MobileAuthenticationProvider(mobileUserDetailsService, mobileVerifyCodeService); - } - - @Bean - ThirdAuthenticationProvider thirdAuthenticationProvider() { - return new ThirdAuthenticationProvider(thirdUserDetailsService, thirdOpenIdService); - } - - @Bean - public AuthenticationManager authenticationManager() { - List providerList = new ArrayList<>(); - providerList.add(daoAuthenticationProvider()); - providerList.add(mobileAuthenticationProvider()); - providerList.add(thirdAuthenticationProvider()); - - ProviderManager providerManager = new ProviderManager(providerList); - providerManager.setAuthenticationEventPublisher(new DefaultAuthenticationEventPublisher(applicationEventPublisher)); - - return providerManager; - } - - @Bean - SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { - // 忽略授权的地址列表 - List permitList = permitResource.getPermitList(); - String[] permits = permitList.toArray(new String[0]); - - http - .addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class) - .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) - .authorizeHttpRequests(auth -> auth - .requestMatchers(permits).permitAll() - .requestMatchers(HttpMethod.OPTIONS).permitAll() - .anyRequest().authenticated() - ) - .exceptionHandling(exception -> exception.authenticationEntryPoint(new SecurityAuthenticationEntryPoint())) - .headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable)) - .csrf(AbstractHttpConfigurer::disable) - ; - - return http.build(); - } -} diff --git a/maku-framework/src/main/java/net/maku/framework/security/config/SecurityFilterConfig.java b/maku-framework/src/main/java/net/maku/framework/security/config/SecurityFilterConfig.java new file mode 100644 index 0000000..4e5db54 --- /dev/null +++ b/maku-framework/src/main/java/net/maku/framework/security/config/SecurityFilterConfig.java @@ -0,0 +1,56 @@ +package net.maku.framework.security.config; + +import lombok.AllArgsConstructor; +import net.maku.framework.security.exception.SecurityAuthenticationEntryPoint; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.http.HttpMethod; +import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; +import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer; +import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import org.springframework.web.filter.OncePerRequestFilter; + +import java.util.List; + +/** + * Spring SecurityFilter 配置文件 + * + * @author 阿沐 babamu@126.com + * MAKU + */ +@Configuration +@AllArgsConstructor +@EnableWebSecurity +@EnableMethodSecurity +public class SecurityFilterConfig { + private final OncePerRequestFilter authenticationTokenFilter; + private final PermitResource permitResource; + + @Bean + SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { + // 忽略授权的地址列表 + List permitList = permitResource.getPermitList(); + String[] permits = permitList.toArray(new String[0]); + + http + .addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class) + .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) + .authorizeHttpRequests(auth -> auth + .requestMatchers(permits).permitAll() + .requestMatchers(HttpMethod.OPTIONS).permitAll() + .anyRequest().authenticated() + ) + .exceptionHandling(exception -> exception.authenticationEntryPoint(new SecurityAuthenticationEntryPoint())) + .headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable)) + .csrf(AbstractHttpConfigurer::disable) + ; + + return http.build(); + } + +}