syy/SYYTe
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

新增权限配置方式,允许修改auth.yml配置文件,忽略不需要认证的资源

This commit is contained in:
阿沐 2022-07-20 12:25:29 +08:00
parent 2258acef4e
commit e6e37cef41
4 changed files with 70 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
fast-boot-framework/src/main/java/net/maku/framework/security/config/PermitResource.java
View File

@ -1,23 +1,59 @@
package net.maku.framework.security.config;
import lombok.SneakyThrows;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.config.YamlPropertiesFactoryBean;
import org.springframework.core.io.Resource;
import org.springframework.core.io.support.PathMatchingResourcePatternResolver;
import org.springframework.core.io.support.ResourcePatternResolver;
import org.springframework.stereotype.Component;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Properties;
/**
* 允许访问的资源
*
* @author 阿沐 babamu@126.com
*/
@Component
public class PermitResource {
/**
* 指定被 spring security oauth2.0 忽略的URL
*/
public static final String [] IGNORING_URLS = {
"/actuator/**",
"/v3/api-docs/**",
"/webjars/**",
"/swagger/**",
"/swagger-resources/**",
"/swagger-ui.html",
"/swagger-ui/**",
"/doc.html",
"/sys/oauth/captcha"
};
@SneakyThrows
public List<String> getPermitList(){
ResourcePatternResolver resolver = new PathMatchingResourcePatternResolver();
Resource[] resources = resolver.getResources("classpath*:auth.yml");
String key = "auth.ignore_urls";
return getPropertiesList(key, resources);
}
private List<String> getPropertiesList(String key, Resource... resources){
List<String> list = new ArrayList<>();
// 解析资源文件
for(Resource resource : resources) {
Properties properties = loadYamlProperties(resource);
for (Map.Entry<Object, Object> entry : properties.entrySet()) {
String tmpKey = StringUtils.substringBefore(entry.getKey().toString(), "[");
if(tmpKey.equalsIgnoreCase(key)){
list.add(entry.getValue().toString());
}
}
}
return list;
}
private Properties loadYamlProperties(Resource... resources) {
YamlPropertiesFactoryBean factory = new YamlPropertiesFactoryBean();
factory.setResources(resources);
factory.afterPropertiesSet();
return factory.getObject();
}
}

9
fast-boot-framework/src/main/java/net/maku/framework/security/config/ResourceServerConfig.java
View File

@ -11,6 +11,8 @@ import org.springframework.security.oauth2.config.annotation.web.configuration.R
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import java.util.List;
/**
* 资源服务器配置
*
@ -22,6 +24,7 @@ import org.springframework.security.oauth2.provider.token.TokenStore;
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
private final TokenStore tokenStore;
private final PermitResource permitResource;
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
@ -32,11 +35,15 @@ public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
// 忽略授权的地址列表
List<String> permitList = permitResource.getPermitList();
String [] permits = permitList.toArray(new String[permitList.size()]);
http
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers(PermitResource.IGNORING_URLS).permitAll()
.antMatchers(permits).permitAll()
.anyRequest().authenticated()
;
}

4
fast-boot-new/src/main/resources/auth.yml Normal file
View File

@ -0,0 +1,4 @@
# 配置忽略认证的URL地址
auth:
ignore_urls:
- /new/**

11
fast-boot-system/src/main/resources/auth.yml Normal file
View File

@ -0,0 +1,11 @@
auth:
ignore_urls:
- /actuator/**
- /v3/api-docs/**
- /webjars/**
- /swagger/**
- /swagger-resources/**
- /swagger-ui.html
- /swagger-ui/**
- /doc.html
- /sys/oauth/captcha