Untitled

avatar
unknown
plain_text
a year ago
5.6 kB
4
Indexable
package com.taiwanlife.tcavmgt.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.*;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

import com.taiwanlife.tcavmgt.filter.CustomUsernamePasswordAuthenticationFilter;
import com.taiwanlife.tcavmgt.security.TmpAccessDeniedHandler;
import com.taiwanlife.tcavmgt.security.TmpAuthenticationFailureHandler;
import com.taiwanlife.tcavmgt.security.TmpAuthenticationProvider;
import com.taiwanlife.tcavmgt.security.TmpAuthenticationSuccessHandler;
import com.taiwanlife.tcavmgt.security.TmpFilterSecurityInterceptor;
import com.taiwanlife.tcavmgt.security.TmpLogoutSuccessHandler;

@Configuration
@EnableWebSecurity
@EnableMethodSecurity(securedEnabled = true,prePostEnabled = true)
public class SecurityConfig
{
	@Autowired
	@Qualifier("customUserDetailsService")
	UserDetailsService userDetailsService;
	
	@Autowired
	public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception
	{
		auth.authenticationProvider(authenticationProvider());
	}

    public void configure(WebSecurity web) throws Exception
    {
		web.ignoring().requestMatchers(HttpMethod.GET, "/webjars/**", "/css/**", "/fonts/**", "/images/**", "/scripts/**", "/favicon.ico", "/AstarProxy/**");
    }

	@Bean
	public AuthenticationManager authenticationManager() {
		return new ProviderManager(authenticationProvider());
	}

	protected void configure(HttpSecurity http) throws Exception
	{
		http.authorizeRequests()
       		.requestMatchers(HttpMethod.GET, "/", "/webjars/**", "/images/**", "/css/*.css", "/fonts/**", "/scripts/*.js", "/favicon.ico", "/AstarProxy/**").permitAll()        		       		
       		.requestMatchers( "/login").permitAll()
        	.anyRequest().fullyAuthenticated()  
       		.and()
        	.formLogin()
        	.loginPage("/login")
        	.failureHandler(authFailureHandler())
        	.successHandler(authSuccessHandler())
        	.defaultSuccessUrl("/index")
        	.loginProcessingUrl("/j_spring_security_check")
        	.usernameParameter("username").passwordParameter("password") 
        	.and()
        	.authenticationProvider(authenticationProvider())
        	.addFilterBefore(customFilter(), UsernamePasswordAuthenticationFilter.class)
			.csrf()
			.and()
			.exceptionHandling().accessDeniedHandler(accessDeniedHandler())
			.and()
			.logout()
	    	.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
	    	.deleteCookies("JSESSIONID")
	    	.invalidateHttpSession(false)//手動清除session
	    	.permitAll()
	    	.logoutSuccessHandler(logoutSuccessHandler());
		http.headers()
			.frameOptions().sameOrigin()
			.httpStrictTransportSecurity().disable();
		
		authenticationManager();
	}

	@Bean
	public CustomUsernamePasswordAuthenticationFilter customFilter() throws Exception
	{
		CustomUsernamePasswordAuthenticationFilter filter = new CustomUsernamePasswordAuthenticationFilter();
		filter.setAuthenticationManager(authenticationManager());
		filter.setPostOnly(false);
		filter.setFilterProcessesUrl("/j_spring_security_check");
		filter.setAuthenticationFailureHandler(authFailureHandler());
		filter.setAuthenticationSuccessHandler(authSuccessHandler());
		return filter;
	}
	
	@Bean
	public AuthenticationProvider authenticationProvider()
	{
		TmpAuthenticationProvider authenticationProvider = new TmpAuthenticationProvider();
		authenticationProvider.setUserDetailsService(userDetailsService);
		authenticationProvider.setHideUserNotFoundExceptions(false);
		return authenticationProvider;
	}
	
	@Bean
	public AuthenticationTrustResolver getAuthenticationTrustResolver()
	{
		return new AuthenticationTrustResolverImpl();
	}

	@Bean
	public AuthenticationFailureHandler authFailureHandler() {
		return new TmpAuthenticationFailureHandler("/login?error");
	}

	@Bean
	public AuthenticationSuccessHandler authSuccessHandler() {
		return new TmpAuthenticationSuccessHandler();
	}

	@Bean
	public TmpFilterSecurityInterceptor tmpFilterSecurityInterceptor() {
		return new TmpFilterSecurityInterceptor();
	}

	@Bean
	public LogoutSuccessHandler logoutSuccessHandler() {
		return new TmpLogoutSuccessHandler();
	}

	@Bean
	public AccessDeniedHandler accessDeniedHandler() {
		return new TmpAccessDeniedHandler();
	}
}
Editor is loading...
Leave a Comment