work/book-api
4
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

优化配置

This commit is contained in:
阿沐 2024-02-25 22:23:52 +08:00
parent 13e56aa790
commit 0d210944cd
3 changed files with 132 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
maku-framework/src/main/java/net/maku/framework/security/config/SecurityConfig.java → maku-boot-system/src/main/java/net/maku/security/config/SecurityConfig.java
View File

@ -1,7 +1,6 @@
package net.maku.framework.security.config; package net.maku.security.config;
import lombok.AllArgsConstructor; import lombok.AllArgsConstructor;
import net.maku.framework.security.exception.SecurityAuthenticationEntryPoint;
import net.maku.framework.security.mobile.MobileAuthenticationProvider; import net.maku.framework.security.mobile.MobileAuthenticationProvider;
import net.maku.framework.security.mobile.MobileUserDetailsService; import net.maku.framework.security.mobile.MobileUserDetailsService;
import net.maku.framework.security.mobile.MobileVerifyCodeService; import net.maku.framework.security.mobile.MobileVerifyCodeService;
@ -11,23 +10,15 @@ import net.maku.framework.security.third.ThirdUserDetailsService;
import org.springframework.context.ApplicationEventPublisher; import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.DefaultAuthenticationEventPublisher; import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
import org.springframework.security.authentication.ProviderManager; import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.filter.OncePerRequestFilter;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
@ -43,8 +34,6 @@ import java.util.List;
@EnableWebSecurity @EnableWebSecurity
@EnableMethodSecurity @EnableMethodSecurity
public class SecurityConfig { public class SecurityConfig {
private final OncePerRequestFilter authenticationTokenFilter;
private final PermitResource permitResource;
private final UserDetailsService userDetailsService; private final UserDetailsService userDetailsService;
private final MobileUserDetailsService mobileUserDetailsService; private final MobileUserDetailsService mobileUserDetailsService;
private final MobileVerifyCodeService mobileVerifyCodeService; private final MobileVerifyCodeService mobileVerifyCodeService;
@ -84,26 +73,4 @@ public class SecurityConfig {
return providerManager; return providerManager;
} }
@Bean
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
// 忽略授权的地址列表
List<String> permitList = permitResource.getPermitList();
String[] permits = permitList.toArray(new String[0]);
http
.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class)
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authorizeHttpRequests(auth -> auth
.requestMatchers(permits).permitAll()
.requestMatchers(HttpMethod.OPTIONS).permitAll()
.anyRequest().authenticated()
)
.exceptionHandling(exception -> exception.authenticationEntryPoint(new SecurityAuthenticationEntryPoint()))
.headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable))
.csrf(AbstractHttpConfigurer::disable)
;
return http.build();
}
} }

56
maku-framework/src/main/java/net/maku/framework/security/config/SecurityFilterConfig.java Normal file
View File

@ -0,0 +1,56 @@
package net.maku.framework.security.config;
import lombok.AllArgsConstructor;
import net.maku.framework.security.exception.SecurityAuthenticationEntryPoint;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.filter.OncePerRequestFilter;
import java.util.List;
/**
* Spring SecurityFilter 配置文件
*
* @author 阿沐 babamu@126.com
* <a href="https://maku.net">MAKU</a>
*/
@Configuration
@AllArgsConstructor
@EnableWebSecurity
@EnableMethodSecurity
public class SecurityFilterConfig {
private final OncePerRequestFilter authenticationTokenFilter;
private final PermitResource permitResource;
@Bean
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
// 忽略授权的地址列表
List<String> permitList = permitResource.getPermitList();
String[] permits = permitList.toArray(new String[0]);
http
.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class)
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authorizeHttpRequests(auth -> auth
.requestMatchers(permits).permitAll()
.requestMatchers(HttpMethod.OPTIONS).permitAll()
.anyRequest().authenticated()
)
.exceptionHandling(exception -> exception.authenticationEntryPoint(new SecurityAuthenticationEntryPoint()))
.headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable))
.csrf(AbstractHttpConfigurer::disable)
;
return http.build();
}
}