SpringBoot2.6.15 SpringSecurity配置

/*

package cab.bear.config.security;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.context.annotation.Bean;

import org.springframework.security.authentication.AuthenticationManager;

import org.springframework.security.config.annotation.ObjectPostProcessor;

import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;

import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;

import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

import org.springframework.security.web.AuthenticationEntryPoint;

import org.springframework.security.web.access.AccessDeniedHandler;

import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;

import org.springframework.security.web.authentication.AuthenticationFailureHandler;

import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import cab.bear.config.security.filter.CodeAuthenticationFilter;

import cab.bear.config.security.filter.JwtAuthenticationFilter;

// 基于spring-boot 2.6.15,SpringSecurity配置类

@EnableWebSecurity

@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)

public class WebSecurityConfigurerAdapterExte extends WebSecurityConfigurerAdapter {

// 用于鉴定用户是否可以访问被保护的资源

@Autowired

AccessDecisionManagerImpl accessDecisionManagerImpl;

// 用于设置受保护的资源信息数据源

@Autowired

FilterInvocationSecurityMetadataSourceImpl filterInvocationSecurityMetadataSourceImpl;

@Autowired

UserDetailsServiceImpl userDetailsServiceImpl;

@Autowired

AuthenticationFailureHandler authenticationFailureHandler;

@Autowired

AuthenticationSuccessHandler authenticationSuccessHandler;

@Autowired

AccessDeniedHandler accessDeniedHandler;

@Autowired

AuthenticationEntryPoint authenticationEntryPoint;

@Bean

JwtAuthenticationFilter jwtAuthenticationFilter() throws Exception {

JwtAuthenticationFilter jwtAuthenticationFilter = new JwtAuthenticationFilter(authenticationManager());

return jwtAuthenticationFilter;

}

@Bean

CodeAuthenticationFilter codeAuthenticationFilter() throws Exception {

return new CodeAuthenticationFilter();

}

@Override

protected void configure(HttpSecurity httpSecurity) throws Exception {

httpSecurity.cors(); // 允许跨域访问

httpSecurity.csrf().disable(); // CSRF 禁用,因为不使用 session

httpSecurity.formLogin()

.loginProcessingUrl("/login")

// 登录成功处理

.successHandler(authenticationSuccessHandler)

// 登录失败处理

.failureHandler(authenticationFailureHandler)

.usernameParameter("username")

.passwordParameter("password")

.permitAll();

// 授予任何请求允许无条件访问

// httpSecurity.authorizeRequests().anyRequest().permitAll();

// 部分允许无条件访问

// httpSecurity.authorizeRequests().antMatchers("/system/login", "/captcha/get", "/captcha/check").permitAll();

// 其他需要鉴权认证

// httpSecurity.authorizeRequests().anyRequest().authenticated();

// 需要鉴权认证

httpSecurity

.authorizeRequests()

.anyRequest()

.authenticated()

.withObjectPostProcessor(new ObjectPostProcessor() {

@Override

public O postProcess(O object) {

object.setSecurityMetadataSource(filterInvocationSecurityMetadataSourceImpl);

object.setAccessDecisionManager(accessDecisionManagerImpl);

return object;

}

});

// 没有认证

httpSecurity.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);

// 没有权限处理

httpSecurity.exceptionHandling().accessDeniedHandler(accessDeniedHandler);

// 过滤器

httpSecurity.addFilterBefore(codeAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);

httpSecurity.addFilter(jwtAuthenticationFilter());

}

@Override

protected void configure(AuthenticationManagerBuilder builder) throws Exception {

builder.userDetailsService(userDetailsServiceImpl).passwordEncoder(bCryptPasswordEncoder());

}

@Bean

BCryptPasswordEncoder bCryptPasswordEncoder() {

return new BCryptPasswordEncoder();

}

@Bean

public AuthenticationManager authenticationManagerBean() throws Exception {

return super.authenticationManagerBean();

}

}

*/

你可能感兴趣的:(java,spring,数据库)