|
|
|
|
@ -139,60 +139,60 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { |
|
|
|
|
// HttpSecurity 及WebSecurity 作用是不一样的:
|
|
|
|
|
// WebSecurity 主要针对的全局的忽略规则,
|
|
|
|
|
// HttpSecurity主要是权限控制规则。
|
|
|
|
|
@Override |
|
|
|
|
protected void configure(HttpSecurity http) throws Exception { |
|
|
|
|
|
|
|
|
|
//允许跨域
|
|
|
|
|
http.cors().and().anonymous().and() |
|
|
|
|
// CRSF禁用,因为不使用session
|
|
|
|
|
.csrf().disable() |
|
|
|
|
.formLogin().disable().httpBasic().disable() |
|
|
|
|
.authorizeRequests() |
|
|
|
|
.accessDecisionManager(accessDecisionManager())//访问决策管理器
|
|
|
|
|
.antMatchers("/api/login").permitAll() |
|
|
|
|
.antMatchers("/system/init").permitAll() |
|
|
|
|
// 除上面外的所有请求全部需要鉴权认证
|
|
|
|
|
.anyRequest().authenticated() |
|
|
|
|
.and().exceptionHandling().accessDeniedHandler(accessDeniedHandler).and() |
|
|
|
|
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); |
|
|
|
|
|
|
|
|
|
http.addFilterAfter(new AuthCheckFilter(redisCacheTemplate), UsernamePasswordAuthenticationFilter.class) |
|
|
|
|
.addFilterAt( |
|
|
|
|
new LoginFilter(authenticationManager(), loginLogService, redisCacheTemplate), UsernamePasswordAuthenticationFilter.class |
|
|
|
|
) |
|
|
|
|
.exceptionHandling()//登录认证失败
|
|
|
|
|
.authenticationEntryPoint(((request, response, authException) -> { |
|
|
|
|
response.setCharacterEncoding("utf-8"); |
|
|
|
|
response.setContentType("application/json;charset=utf-8"); |
|
|
|
|
|
|
|
|
|
PrintWriter out = response.getWriter(); |
|
|
|
|
out.write(new ObjectMapper().writeValueAsString(ResultUtils.error(CodeMsg.USER_NEED_LOGIN))); |
|
|
|
|
out.flush(); |
|
|
|
|
out.close(); |
|
|
|
|
})); |
|
|
|
|
|
|
|
|
|
// 退出登录
|
|
|
|
|
http.logout() |
|
|
|
|
.logoutUrl("/logout") |
|
|
|
|
.deleteCookies("JSESSIONID") |
|
|
|
|
.logoutSuccessHandler(((request, response, authentication) -> { |
|
|
|
|
PrintWriter out = response.getWriter(); |
|
|
|
|
response.setContentType("application/json"); |
|
|
|
|
out.write(new ObjectMapper().writeValueAsString(ResultUtils.success("注销成功"))); |
|
|
|
|
out.flush(); |
|
|
|
|
out.close(); |
|
|
|
|
})); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// @Override
|
|
|
|
|
// protected void configure(HttpSecurity httpSecurity) throws Exception{
|
|
|
|
|
// //调试阶段
|
|
|
|
|
// httpSecurity.csrf().disable().authorizeRequests();
|
|
|
|
|
// httpSecurity.authorizeRequests().anyRequest()
|
|
|
|
|
// .permitAll().and().logout().permitAll();
|
|
|
|
|
// protected void configure(HttpSecurity http) throws Exception {
|
|
|
|
|
//
|
|
|
|
|
// //允许跨域
|
|
|
|
|
// http.cors().and().anonymous().and()
|
|
|
|
|
// // CRSF禁用,因为不使用session
|
|
|
|
|
// .csrf().disable()
|
|
|
|
|
// .formLogin().disable().httpBasic().disable()
|
|
|
|
|
// .authorizeRequests()
|
|
|
|
|
// .accessDecisionManager(accessDecisionManager())//访问决策管理器
|
|
|
|
|
// .antMatchers("/api/login").permitAll()
|
|
|
|
|
// .antMatchers("/system/init").permitAll()
|
|
|
|
|
// // 除上面外的所有请求全部需要鉴权认证
|
|
|
|
|
// .anyRequest().authenticated()
|
|
|
|
|
// .and().exceptionHandling().accessDeniedHandler(accessDeniedHandler).and()
|
|
|
|
|
// .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
|
|
|
|
|
//
|
|
|
|
|
// http.addFilterAfter(new AuthCheckFilter(redisCacheTemplate), UsernamePasswordAuthenticationFilter.class)
|
|
|
|
|
// .addFilterAt(
|
|
|
|
|
// new LoginFilter(authenticationManager(), loginLogService, redisCacheTemplate), UsernamePasswordAuthenticationFilter.class
|
|
|
|
|
// )
|
|
|
|
|
// .exceptionHandling()//登录认证失败
|
|
|
|
|
// .authenticationEntryPoint(((request, response, authException) -> {
|
|
|
|
|
// response.setCharacterEncoding("utf-8");
|
|
|
|
|
// response.setContentType("application/json;charset=utf-8");
|
|
|
|
|
//
|
|
|
|
|
// PrintWriter out = response.getWriter();
|
|
|
|
|
// out.write(new ObjectMapper().writeValueAsString(ResultUtils.error(CodeMsg.USER_NEED_LOGIN)));
|
|
|
|
|
// out.flush();
|
|
|
|
|
// out.close();
|
|
|
|
|
// }));
|
|
|
|
|
//
|
|
|
|
|
// // 退出登录
|
|
|
|
|
// http.logout()
|
|
|
|
|
// .logoutUrl("/logout")
|
|
|
|
|
// .deleteCookies("JSESSIONID")
|
|
|
|
|
// .logoutSuccessHandler(((request, response, authentication) -> {
|
|
|
|
|
// PrintWriter out = response.getWriter();
|
|
|
|
|
// response.setContentType("application/json");
|
|
|
|
|
// out.write(new ObjectMapper().writeValueAsString(ResultUtils.success("注销成功")));
|
|
|
|
|
// out.flush();
|
|
|
|
|
// out.close();
|
|
|
|
|
// }));
|
|
|
|
|
// }
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@Override |
|
|
|
|
protected void configure(HttpSecurity httpSecurity) throws Exception{ |
|
|
|
|
//调试阶段
|
|
|
|
|
httpSecurity.csrf().disable().authorizeRequests(); |
|
|
|
|
httpSecurity.authorizeRequests().anyRequest() |
|
|
|
|
.permitAll().and().logout().permitAll(); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
//用于配置全局的某些通用事物,例如静态资源等
|
|
|
|
|
@Override |
|
|
|
|
public void configure(WebSecurity web) throws Exception { |
|
|
|
|
|