diff --git a/maku-framework/src/main/java/net/maku/framework/security/config/SecurityConfig.java b/maku-boot-system/src/main/java/net/maku/security/config/SecurityConfig.java similarity index 63% rename from maku-framework/src/main/java/net/maku/framework/security/config/SecurityConfig.java rename to maku-boot-system/src/main/java/net/maku/security/config/SecurityConfig.java index 2fe82dc..025f12a 100644 --- a/maku-framework/src/main/java/net/maku/framework/security/config/SecurityConfig.java +++ b/maku-boot-system/src/main/java/net/maku/security/config/SecurityConfig.java @@ -1,7 +1,6 @@ -package net.maku.framework.security.config; +package net.maku.security.config; import lombok.AllArgsConstructor; -import net.maku.framework.security.exception.SecurityAuthenticationEntryPoint; import net.maku.framework.security.mobile.MobileAuthenticationProvider; import net.maku.framework.security.mobile.MobileUserDetailsService; import net.maku.framework.security.mobile.MobileVerifyCodeService; @@ -11,23 +10,15 @@ import net.maku.framework.security.third.ThirdUserDetailsService; import org.springframework.context.ApplicationEventPublisher; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.http.HttpMethod; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.DefaultAuthenticationEventPublisher; import org.springframework.security.authentication.ProviderManager; import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; -import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer; -import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.password.PasswordEncoder; -import org.springframework.security.web.SecurityFilterChain; -import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; -import org.springframework.web.filter.OncePerRequestFilter; import java.util.ArrayList; import java.util.List; @@ -43,8 +34,6 @@ import java.util.List; @EnableWebSecurity @EnableMethodSecurity public class SecurityConfig { - private final OncePerRequestFilter authenticationTokenFilter; - private final PermitResource permitResource; private final UserDetailsService userDetailsService; private final MobileUserDetailsService mobileUserDetailsService; private final MobileVerifyCodeService mobileVerifyCodeService; @@ -84,26 +73,4 @@ public class SecurityConfig { return providerManager; } - - @Bean - SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { - // 忽略授权的地址列表 - List permitList = permitResource.getPermitList(); - String[] permits = permitList.toArray(new String[0]); - - http - .addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class) - .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) - .authorizeHttpRequests(auth -> auth - .requestMatchers(permits).permitAll() - .requestMatchers(HttpMethod.OPTIONS).permitAll() - .anyRequest().authenticated() - ) - .exceptionHandling(exception -> exception.authenticationEntryPoint(new SecurityAuthenticationEntryPoint())) - .headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable)) - .csrf(AbstractHttpConfigurer::disable) - ; - - return http.build(); - } } diff --git a/maku-framework/src/main/java/net/maku/framework/security/config/SecurityFilterConfig.java b/maku-framework/src/main/java/net/maku/framework/security/config/SecurityFilterConfig.java new file mode 100644 index 0000000..4e5db54 --- /dev/null +++ b/maku-framework/src/main/java/net/maku/framework/security/config/SecurityFilterConfig.java @@ -0,0 +1,56 @@ +package net.maku.framework.security.config; + +import lombok.AllArgsConstructor; +import net.maku.framework.security.exception.SecurityAuthenticationEntryPoint; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.http.HttpMethod; +import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; +import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer; +import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import org.springframework.web.filter.OncePerRequestFilter; + +import java.util.List; + +/** + * Spring SecurityFilter 配置文件 + * + * @author 阿沐 babamu@126.com + * MAKU + */ +@Configuration +@AllArgsConstructor +@EnableWebSecurity +@EnableMethodSecurity +public class SecurityFilterConfig { + private final OncePerRequestFilter authenticationTokenFilter; + private final PermitResource permitResource; + + @Bean + SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { + // 忽略授权的地址列表 + List permitList = permitResource.getPermitList(); + String[] permits = permitList.toArray(new String[0]); + + http + .addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class) + .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) + .authorizeHttpRequests(auth -> auth + .requestMatchers(permits).permitAll() + .requestMatchers(HttpMethod.OPTIONS).permitAll() + .anyRequest().authenticated() + ) + .exceptionHandling(exception -> exception.authenticationEntryPoint(new SecurityAuthenticationEntryPoint())) + .headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable)) + .csrf(AbstractHttpConfigurer::disable) + ; + + return http.build(); + } + +}