Untitled

avatar
unknown
plain_text
a year ago
5.5 kB
5
Indexable
package com.taiwanlife.tcavmgt.config;

import com.taiwanlife.tcavmgt.filter.CustomUsernamePasswordAuthenticationFilter;
import com.taiwanlife.tcavmgt.security.*;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.*;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

@Configuration
@EnableWebSecurity
@EnableMethodSecurity(securedEnabled = true,prePostEnabled = true)
public class SecurityConfig
{
	@Autowired
	@Qualifier("customUserDetailsService")
	UserDetailsService userDetailsService;
	
	@Autowired
	public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception
	{
		auth.authenticationProvider(authenticationProvider());
	}

	@Bean
	public WebSecurityCustomizer webSecurityCustomizer() {
		return (web) -> web.ignoring().requestMatchers(HttpMethod.GET, "/webjars/**", "/css/**", "/fonts/**", "/images/**", "/scripts/**", "/favicon.ico", "/AstarProxy/**");
	}

	@Bean
	public AuthenticationManager authenticationManager() {
		return new ProviderManager(authenticationProvider());
	}

	@Bean
	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
		http.authorizeRequests(authorizeRequests -> authorizeRequests.requestMatchers(HttpMethod.GET, "/", "/webjars/**", "/images/**", "/css/*.css", "/fonts/**", "/scripts/*.js", "/favicon.ico", "/AstarProxy/**").permitAll()
						.requestMatchers("/login").permitAll()
						.anyRequest().fullyAuthenticated())
				.formLogin(form -> form.loginPage("/login")
						.failureHandler(authFailureHandler())
						.successHandler(authSuccessHandler())
						.defaultSuccessUrl("/index")
						.loginProcessingUrl("/j_spring_security_check")
						.usernameParameter("username").passwordParameter("password"))
				.authenticationProvider(authenticationProvider())
				.addFilterBefore(customFilter(), UsernamePasswordAuthenticationFilter.class)
				.csrf(Customizer.withDefaults())
				.exceptionHandling(exceptionHandling -> exceptionHandling.accessDeniedHandler(accessDeniedHandler()))
				.logout(logout -> logout.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
						.deleteCookies("JSESSIONID")
						.invalidateHttpSession(false)//手動清除session
						.permitAll()
						.logoutSuccessHandler(logoutSuccessHandler()))
				.headers(headers -> headers.frameOptions(frameOptions -> frameOptions.sameOrigin()
						.httpStrictTransportSecurity(httpStrictTransportSecurity -> httpStrictTransportSecurity.disable())))
		;
		authenticationManager();
		return http.build();
	}

	@Bean
	public CustomUsernamePasswordAuthenticationFilter customFilter() throws Exception
	{
		CustomUsernamePasswordAuthenticationFilter filter = new CustomUsernamePasswordAuthenticationFilter();
		filter.setAuthenticationManager(authenticationManager());
		filter.setPostOnly(false);
		filter.setFilterProcessesUrl("/j_spring_security_check");
		filter.setAuthenticationFailureHandler(authFailureHandler());
		filter.setAuthenticationSuccessHandler(authSuccessHandler());
		return filter;
	}
	
	@Bean
	public AuthenticationProvider authenticationProvider()
	{
		TmpAuthenticationProvider authenticationProvider = new TmpAuthenticationProvider();
		authenticationProvider.setUserDetailsService(userDetailsService);
		authenticationProvider.setHideUserNotFoundExceptions(false);
		return authenticationProvider;
	}
	
	@Bean
	public AuthenticationTrustResolver getAuthenticationTrustResolver()
	{
		return new AuthenticationTrustResolverImpl();
	}

	@Bean
	public AuthenticationFailureHandler authFailureHandler() {
		return new TmpAuthenticationFailureHandler("/login?error");
	}

	@Bean
	public AuthenticationSuccessHandler authSuccessHandler() {
		return new TmpAuthenticationSuccessHandler();
	}

	@Bean
	public TmpFilterSecurityInterceptor tmpFilterSecurityInterceptor() {
		return new TmpFilterSecurityInterceptor();
	}

	@Bean
	public LogoutSuccessHandler logoutSuccessHandler() {
		return new TmpLogoutSuccessHandler();
	}

	@Bean
	public AccessDeniedHandler accessDeniedHandler() {
		return new TmpAccessDeniedHandler();
	}
}
Editor is loading...
Leave a Comment