SpringBoot2.6.15 SpringSecurity配置

/*

package cab.bear.config.security;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.context.annotation.Bean;

import org.springframework.security.authentication.AuthenticationManager;

import org.springframework.security.config.annotation.ObjectPostProcessor;

import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;

import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;

import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

import org.springframework.security.web.AuthenticationEntryPoint;

import org.springframework.security.web.access.AccessDeniedHandler;

import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;

import org.springframework.security.web.authentication.AuthenticationFailureHandler;

import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import cab.bear.config.security.filter.CodeAuthenticationFilter;

import cab.bear.config.security.filter.JwtAuthenticationFilter;

// 基于spring-boot 2.6.15,SpringSecurity配置类

@EnableWebSecurity

@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)

public class WebSecurityConfigurerAdapterExte extends WebSecurityConfigurerAdapter {

// 用于鉴定用户是否可以访问被保护的资源

@Autowired

AccessDecisionManagerImpl accessDecisionManagerImpl;

// 用于设置受保护的资源信息数据源

@Autowired

FilterInvocationSecurityMetadataSourceImpl filterInvocationSecurityMetadataSourceImpl;

@Autowired

UserDetailsServiceImpl userDetailsServiceImpl;

@Autowired

AuthenticationFailureHandler authenticationFailureHandler;

@Autowired

AuthenticationSuccessHandler authenticationSuccessHandler;

@Autowired

AccessDeniedHandler accessDeniedHandler;

@Autowired

AuthenticationEntryPoint authenticationEntryPoint;

@Bean

JwtAuthenticationFilter jwtAuthenticationFilter() throws Exception {

JwtAuthenticationFilter jwtAuthenticationFilter = new JwtAuthenticationFilter(authenticationManager());

return jwtAuthenticationFilter;

}

@Bean

CodeAuthenticationFilter codeAuthenticationFilter() throws Exception {

return new CodeAuthenticationFilter();

}

@Override

protected void configure(HttpSecurity httpSecurity) throws Exception {

httpSecurity.cors(); // 允许跨域访问

httpSecurity.csrf().disable(); // CSRF 禁用,因为不使用 session

httpSecurity.formLogin()

.loginProcessingUrl("/login")

// 登录成功处理

.successHandler(authenticationSuccessHandler)

// 登录失败处理

.failureHandler(authenticationFailureHandler)

.usernameParameter("username")

.passwordParameter("password")

.permitAll();

// 授予任何请求允许无条件访问

// httpSecurity.authorizeRequests().anyRequest().permitAll();

// 部分允许无条件访问

// httpSecurity.authorizeRequests().antMatchers("/system/login", "/captcha/get", "/captcha/check").permitAll();

// 其他需要鉴权认证

// httpSecurity.authorizeRequests().anyRequest().authenticated();

// 需要鉴权认证

httpSecurity

.authorizeRequests()

.anyRequest()

.authenticated()

.withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {

@Override

public <O extends FilterSecurityInterceptor> O postProcess(O object) {

object.setSecurityMetadataSource(filterInvocationSecurityMetadataSourceImpl);

object.setAccessDecisionManager(accessDecisionManagerImpl);

return object;

}

});

// 没有认证

httpSecurity.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);

// 没有权限处理

httpSecurity.exceptionHandling().accessDeniedHandler(accessDeniedHandler);

// 过滤器

httpSecurity.addFilterBefore(codeAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);

httpSecurity.addFilter(jwtAuthenticationFilter());

}

@Override

protected void configure(AuthenticationManagerBuilder builder) throws Exception {

builder.userDetailsService(userDetailsServiceImpl).passwordEncoder(bCryptPasswordEncoder());

}

@Bean

BCryptPasswordEncoder bCryptPasswordEncoder() {

return new BCryptPasswordEncoder();

}

@Bean

public AuthenticationManager authenticationManagerBean() throws Exception {

return super.authenticationManagerBean();

}

}

*/

相关推荐
介一安全23 分钟前
【Frida Android】基础篇6:Java层Hook基础——创建类实例、方法重载、搜索运行时实例
android·java·网络安全·逆向·安全性测试·frida
xyy202534 分钟前
Spring事务的传播方式
java·数据库·spring
@Kerry~42 分钟前
phpstudy .htaccess 文件内容
java·开发语言·前端
roshy42 分钟前
x86、arm、rsc-v指令集架构,指令集、OS、应用3者的关系
java·arm开发·架构
CRMEB系统商城42 分钟前
CRMEB多商户系统(PHP)v3.3正式发布,同城配送上线[特殊字符]
java·开发语言·小程序·php
非凡的世界1 小时前
Thinkphp8 Redis队列与消息队列topthink/think-queue 原创
数据库·redis·bootstrap·thinkphp
yookay zhang1 小时前
DM线程的管理知识学习
数据库
iナナ1 小时前
Java优选算法——位运算
java·数据结构·算法·leetcode
毕设源码-钟学长1 小时前
【开题答辩全过程】以 濒危动物保护管理系统为例,包含答辩的问题和答案
java·eclipse
l1t2 小时前
测试DuckDB电子表格读取插件rusty_sheet 0.2版
数据库·rust·插件·xlsx·duckdb