Skip to content

microservices-platform
microservices-platform

zhangjian1949 / microservices-platform
与 Fork 源项目一致

Fork自 zlt2000 / microservices-platform

通知 6
Star 0
Fork 0
microservices-platform
microservices-platform

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

切换分支/标签
查找文件 普通视图历史永久链接Permalink
SecurityConfig.java 4.6 KB
Newer Older
zlt2000's avatar
init project v1.0.0  
zlt2000 已提交
1 2 3 
package com.central.oauth.config;

import com.central.common.constant.SecurityConstants;
zlt2000's avatar
优化zlt-uaa原生的授权接口返回值为统一的json格式,并修复开始多租户时原生的授权接口和refresh_token接口丢失租户id导致角色取不到的问题  
zlt2000 已提交
4 
import com.central.oauth.filter.LoginProcessSetTenantFilter;
zlt2000's avatar
优化授权中心登出接口,支持自定义跳转地址  
zlt2000 已提交
5 
import com.central.oauth.handler.OauthLogoutSuccessHandler;
zlt2000's avatar
init project v1.0.0  
zlt2000 已提交
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 
import com.central.oauth.mobile.MobileAuthenticationSecurityConfig;
import com.central.oauth.openid.OpenIdAuthenticationSecurityConfig;
import com.central.common.config.DefaultPasswordConfig;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
zlt2000's avatar
优化zlt-uaa原生的授权接口返回值为统一的json格式,并修复开始多租户时原生的授权接口和refresh_token接口丢失租户id导致角色取不到的问题  
zlt2000 已提交
22 
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
zlt2000's avatar
init project v1.0.0  
zlt2000 已提交
23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 
import org.springframework.security.web.authentication.logout.LogoutHandler;

import javax.annotation.Resource;

/**
 * spring security配置
 * 在WebSecurityConfigurerAdapter不拦截oauth要开放的资源
 * 
 * @author zlt
 */
@Configuration
@Import(DefaultPasswordConfig.class)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

	@Autowired
	private AuthenticationSuccessHandler authenticationSuccessHandler;

	@Autowired(required = false)
	private AuthenticationEntryPoint authenticationEntryPoint;

	@Resource
	private UserDetailsService userDetailsService;

	@Autowired
	private PasswordEncoder passwordEncoder;

	@Resource
	private LogoutHandler oauthLogoutHandler;

	@Autowired
	private ValidateCodeSecurityConfig validateCodeSecurityConfig;

	@Autowired
	private OpenIdAuthenticationSecurityConfig openIdAuthenticationSecurityConfig;

	@Autowired
	private MobileAuthenticationSecurityConfig mobileAuthenticationSecurityConfig;

	/**
	 * 这一步的配置是必不可少的,否则SpringBoot会自动配置一个AuthenticationManager,覆盖掉内存中的用户
	 * @return 认证管理对象
	 */
	@Bean
    @Override
	public AuthenticationManager authenticationManagerBean() throws Exception {
		return super.authenticationManagerBean();
	}

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.authorizeRequests()
zlt2000's avatar
优化授权认证配置,授权服务器关闭basic认证  
zlt2000 已提交
74 75 
					.anyRequest()
					//授权服务器关闭basic认证
zlt2000's avatar
init project v1.0.0  
zlt2000 已提交
76 77 78 79 80 81 82 83 
                    .permitAll()
                    .and()
                .formLogin()
                    .loginPage(SecurityConstants.LOGIN_PAGE)
                    .loginProcessingUrl(SecurityConstants.OAUTH_LOGIN_PRO_URL)
                    .successHandler(authenticationSuccessHandler)
                    .and()
				.logout()
zlt2000's avatar
修复redis类型的token时,登出时的清理问题  
zlt2000 已提交
84 
					.logoutUrl(SecurityConstants.LOGOUT_URL)
zlt2000's avatar
优化授权中心登出接口,支持自定义跳转地址  
zlt2000 已提交
85 
					.logoutSuccessHandler(new OauthLogoutSuccessHandler())
zlt2000's avatar
init project v1.0.0  
zlt2000 已提交
86 87 88 89 90 91 92 93 94 
					.addLogoutHandler(oauthLogoutHandler)
					.clearAuthentication(true)
					.and()
                .apply(validateCodeSecurityConfig)
                    .and()
                .apply(openIdAuthenticationSecurityConfig)
                    .and()
				.apply(mobileAuthenticationSecurityConfig)
					.and()
zlt2000's avatar
优化zlt-uaa原生的授权接口返回值为统一的json格式,并修复开始多租户时原生的授权接口和refresh_token接口丢失租户id导致角色取不到的问题  
zlt2000 已提交
95 
				.addFilterBefore(new LoginProcessSetTenantFilter(), UsernamePasswordAuthenticationFilter.class)
zlt2000's avatar
init project v1.0.0  
zlt2000 已提交
96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 
                .csrf().disable()
				// 解决不允许显示在iframe的问题
				.headers().frameOptions().disable().cacheControl();

		// 基于密码 等模式可以无session,不支持授权码模式
		if (authenticationEntryPoint != null) {
			http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
			http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
		} else {
			// 授权码模式单独处理,需要session的支持,此模式可以支持所有oauth2的认证
			http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
		}
	}

	/**
	 * 全局用户信息
	 */
	@Autowired
	public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {
		auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
	}
}