新增权限配置方式,允许修改auth.yml配置文件,忽略不需要认证的资源
This commit is contained in:
阿沐
parent
2258acef4e
commit
e6e37cef41
|
|
@ -1,23 +1,59 @@
|
||||||
package net.maku.framework.security.config;
|
package net.maku.framework.security.config;
|
||||||
|
|
||||||
|
import lombok.SneakyThrows;
|
||||||
|
import org.apache.commons.lang3.StringUtils;
|
||||||
|
import org.springframework.beans.factory.config.YamlPropertiesFactoryBean;
|
||||||
|
import org.springframework.core.io.Resource;
|
||||||
|
import org.springframework.core.io.support.PathMatchingResourcePatternResolver;
|
||||||
|
import org.springframework.core.io.support.ResourcePatternResolver;
|
||||||
|
import org.springframework.stereotype.Component;
|
||||||
|
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Map;
|
||||||
|
import java.util.Properties;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 允许访问的资源
|
* 允许访问的资源
|
||||||
*
|
*
|
||||||
* @author 阿沐 babamu@126.com
|
* @author 阿沐 babamu@126.com
|
||||||
*/
|
*/
|
||||||
|
@Component
|
||||||
public class PermitResource {
|
public class PermitResource {
|
||||||
/**
|
/**
|
||||||
* 指定被 spring security oauth2.0 忽略的URL
|
* 指定被 spring security oauth2.0 忽略的URL
|
||||||
*/
|
*/
|
||||||
public static final String [] IGNORING_URLS = {
|
@SneakyThrows
|
||||||
"/actuator/**",
|
public List<String> getPermitList(){
|
||||||
"/v3/api-docs/**",
|
ResourcePatternResolver resolver = new PathMatchingResourcePatternResolver();
|
||||||
"/webjars/**",
|
Resource[] resources = resolver.getResources("classpath*:auth.yml");
|
||||||
"/swagger/**",
|
String key = "auth.ignore_urls";
|
||||||
"/swagger-resources/**",
|
|
||||||
"/swagger-ui.html",
|
return getPropertiesList(key, resources);
|
||||||
"/swagger-ui/**",
|
}
|
||||||
"/doc.html",
|
|
||||||
"/sys/oauth/captcha"
|
private List<String> getPropertiesList(String key, Resource... resources){
|
||||||
};
|
List<String> list = new ArrayList<>();
|
||||||
|
|
||||||
|
// 解析资源文件
|
||||||
|
for(Resource resource : resources) {
|
||||||
|
Properties properties = loadYamlProperties(resource);
|
||||||
|
|
||||||
|
for (Map.Entry<Object, Object> entry : properties.entrySet()) {
|
||||||
|
String tmpKey = StringUtils.substringBefore(entry.getKey().toString(), "[");
|
||||||
|
if(tmpKey.equalsIgnoreCase(key)){
|
||||||
|
list.add(entry.getValue().toString());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return list;
|
||||||
|
}
|
||||||
|
|
||||||
|
private Properties loadYamlProperties(Resource... resources) {
|
||||||
|
YamlPropertiesFactoryBean factory = new YamlPropertiesFactoryBean();
|
||||||
|
factory.setResources(resources);
|
||||||
|
factory.afterPropertiesSet();
|
||||||
|
|
||||||
|
return factory.getObject();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -11,6 +11,8 @@ import org.springframework.security.oauth2.config.annotation.web.configuration.R
|
||||||
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
|
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
|
||||||
import org.springframework.security.oauth2.provider.token.TokenStore;
|
import org.springframework.security.oauth2.provider.token.TokenStore;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 资源服务器配置
|
* 资源服务器配置
|
||||||
*
|
*
|
||||||
|
|
@ -22,6 +24,7 @@ import org.springframework.security.oauth2.provider.token.TokenStore;
|
||||||
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
||||||
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
|
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
|
||||||
private final TokenStore tokenStore;
|
private final TokenStore tokenStore;
|
||||||
|
private final PermitResource permitResource;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void configure(ResourceServerSecurityConfigurer resources) {
|
public void configure(ResourceServerSecurityConfigurer resources) {
|
||||||
|
|
@ -32,11 +35,15 @@ public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void configure(HttpSecurity http) throws Exception {
|
public void configure(HttpSecurity http) throws Exception {
|
||||||
|
// 忽略授权的地址列表
|
||||||
|
List<String> permitList = permitResource.getPermitList();
|
||||||
|
String [] permits = permitList.toArray(new String[permitList.size()]);
|
||||||
|
|
||||||
http
|
http
|
||||||
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
|
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
|
||||||
.and()
|
.and()
|
||||||
.authorizeRequests()
|
.authorizeRequests()
|
||||||
.antMatchers(PermitResource.IGNORING_URLS).permitAll()
|
.antMatchers(permits).permitAll()
|
||||||
.anyRequest().authenticated()
|
.anyRequest().authenticated()
|
||||||
;
|
;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,4 @@
|
||||||
|
# 配置忽略认证的URL地址
|
||||||
|
auth:
|
||||||
|
ignore_urls:
|
||||||
|
- /new/**
|
||||||
|
|
@ -0,0 +1,11 @@
|
||||||
|
auth:
|
||||||
|
ignore_urls:
|
||||||
|
- /actuator/**
|
||||||
|
- /v3/api-docs/**
|
||||||
|
- /webjars/**
|
||||||
|
- /swagger/**
|
||||||
|
- /swagger-resources/**
|
||||||
|
- /swagger-ui.html
|
||||||
|
- /swagger-ui/**
|
||||||
|
- /doc.html
|
||||||
|
- /sys/oauth/captcha
|
||||||
Loading…
Reference in New Issue
Block a user