整合security跨域问题

 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
    @Autowired
    private UserDetailsService userDetailsService;
 
    // 动态认证
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(password());
    }
 
    // 加密方式
    @Bean
    PasswordEncoder password() {
        return new BCryptPasswordEncoder();
    }
 
    private final ObjectMapper objectMapper;
 
    private Filter restAuthenticationFilter() throws Exception {
        RestAuthenticationFilter filter = new RestAuthenticationFilter(objectMapper);
        filter.setAuthenticationSuccessHandler(getAuthenticationSuccessHandler());
        filter.setAuthenticationFailureHandler(getAuthenticationFailureHandler());
        filter.setAuthenticationManager(authenticationManager());
        // 过滤器入口
        filter.setFilterProcessesUrl("/authorize/login");
        return filter;
    }
 
    @Override
    protected void configure(HttpSecurity http) throws Exception {
 
        http
            // 使用token 关闭csrf
            .csrf().disable()
            // 跨域配置
            .cors().configurationSource(corsConfigurationSource());
 
        http.logout().logoutUrl("/logout");
 
        http.exceptionHandling().accessDeniedPage("/403.html");
 
        http.authorizeRequests(req -> req
                // 不需要认证
                .antMatchers("/test", "/file/**", "/**/swagger/**",
                        "/user/**", "/agencies/**", "/zoneSet/**", "/plateSet/**", "/precinctsSet/**", "/intentManagement/**", "/contract/**"
                ).permitAll()
                // 需要ROLE_ADMIN权限
                //.antMatchers("/admin/**").hasRole("ADMIN")
                // 需要ROLE_USER权限
                //.antMatchers("/user/**").hasRole("USER")
                // 其他需要认证
                .anyRequest().authenticated())
                .addFilterAt(restAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
                .formLogin(form -> form.loginProcessingUrl("/login").permitAll()
                        // 登录成功后的处理
                        .successHandler(getAuthenticationSuccessHandler())
                        // 登录失败后的处理
                        .failureHandler(getAuthenticationFailureHandler())
                        .permitAll())
                .httpBasic(Customizer.withDefaults())
                .csrf(csrf -> csrf.disable())
                .logout(logout -> logout.logoutUrl("/logout")
                        // 退出登录成功后的处理
                        .logoutSuccessHandler(getLogoutSuccessHandler()));
    }
 
    // 登录成功后的处理
    private AuthenticationSuccessHandler getAuthenticationSuccessHandler() {
        return (req, res, auth) -> {
            res.setStatus(HttpStatus.OK.value());
            res.getWriter().println();
            log.debug("认证成功！");
            // 响应给前端
            Map<Object, Object> map = new HashMap<>();
            map.put("code",200);
            map.put("msg","login success");
            map.put("data","true");
            String jsonMap = new ObjectMapper().writeValueAsString(map);
            res.setContentType("application/json;charset=UTF-8");
            res.getWriter().println(jsonMap);
        };
    }
 
    // 登录失败后的处理
    private AuthenticationFailureHandler getAuthenticationFailureHandler() {
        return (req, res, exp) -> {
            ObjectMapper objectMapper = new ObjectMapper();
            res.setStatus(HttpStatus.UNAUTHORIZED.value());
            res.setContentType(MediaType.APPLICATION_JSON_VALUE);
            res.setCharacterEncoding("UTF-8");
            res.getWriter().println(objectMapper.writeValueAsString(exp.getMessage()));
            log.debug("认证失败！");
            Map<Object, Object> map = new HashMap<>();
            map.put("code",201);
            map.put("msg","login fail");
            map.put("data","false");
            String jsonMap = new ObjectMapper().writeValueAsString(map);
            res.setContentType("application/json;charset=UTF-8");
            res.getWriter().println(jsonMap);
        };
    }
 
    // 退出登录成功后的处理
    private LogoutSuccessHandler getLogoutSuccessHandler() {
        return (req, resp, auth) -> {
            ObjectMapper objectMapper = new ObjectMapper();
            resp.setStatus(HttpStatus.OK.value());
            resp.setContentType(MediaType.APPLICATION_JSON_VALUE);
//            resp.setCharacterEncoding("UTF-8");
//            resp.getWriter().println(objectMapper.writeValueAsString(auth));
            log.debug("退出登录成功！");
            Map<Object, Object> map = new HashMap<>();
            map.put("code",200);
            map.put("msg","logout success");
            map.put("data","true");
            String jsonMap = new ObjectMapper().writeValueAsString(map);
            resp.setContentType("application/json;charset=UTF-8");
            resp.getWriter().println(jsonMap);
        };
    }
 
    // 解决跨域
    private CorsConfigurationSource corsConfigurationSource() {
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.addAllowedOrigin("*");
        corsConfiguration.addAllowedHeader("*");
        corsConfiguration.addAllowedMethod("*");
        source.registerCorsConfiguration("/**", corsConfiguration);
        return source;
    }
 
}

posted @ 2022-08-19 21:07 DogLeftover 阅读(84) 评论(0) 编辑收藏举报

刷新页面返回顶部

登录后才能查看或发表评论，立即登录或者逛逛博客园首页

相关博文：

· security学习案例总结

· 可视化Superset

· cors跨域

· 跨域问题(普通跨域和springsecurity跨域)

· SpringSecurity学习（六）CORS跨域、异常处理

阅读排行：
· DeepSeek 开源周回顾「GitHub 热点速览」
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布：重大改进与新特性概览！
· AI与.NET技术实操系列（二）：开始使用ML.NET
· 单线程的Redis速度为什么快？

整合security跨域问题

我的标签

合集 (4)

随笔分类 (1350)

阅读排行榜

推荐排行榜

	public class SecurityConfig extends WebSecurityConfigurerAdapter {

	@Autowired
	private UserDetailsService userDetailsService;

	// 动态认证
	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
	auth.userDetailsService(userDetailsService).passwordEncoder(password());
	}

	// 加密方式
	@Bean
	PasswordEncoder password() {
	return new BCryptPasswordEncoder();
	}

	private final ObjectMapper objectMapper;

	private Filter restAuthenticationFilter() throws Exception {
	RestAuthenticationFilter filter = new RestAuthenticationFilter(objectMapper);
	filter.setAuthenticationSuccessHandler(getAuthenticationSuccessHandler());
	filter.setAuthenticationFailureHandler(getAuthenticationFailureHandler());
	filter.setAuthenticationManager(authenticationManager());
	// 过滤器入口
	filter.setFilterProcessesUrl("/authorize/login");
	return filter;
	}

	@Override
	protected void configure(HttpSecurity http) throws Exception {

	http
	// 使用token 关闭csrf
	.csrf().disable()
	// 跨域配置
	.cors().configurationSource(corsConfigurationSource());

	http.logout().logoutUrl("/logout");

	http.exceptionHandling().accessDeniedPage("/403.html");

	http.authorizeRequests(req -> req
	// 不需要认证
	.antMatchers("/test", "/file/", "//swagger/**",
	"/user/", "/agencies/", "/zoneSet/", "/plateSet/", "/precinctsSet/", "/intentManagement/", "/contract/**"
	).permitAll()
	// 需要ROLE_ADMIN权限
	//.antMatchers("/admin/**").hasRole("ADMIN")
	// 需要ROLE_USER权限
	//.antMatchers("/user/**").hasRole("USER")
	// 其他需要认证
	.anyRequest().authenticated())
	.addFilterAt(restAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
	.formLogin(form -> form.loginProcessingUrl("/login").permitAll()
	// 登录成功后的处理
	.successHandler(getAuthenticationSuccessHandler())
	// 登录失败后的处理
	.failureHandler(getAuthenticationFailureHandler())
	.permitAll())
	.httpBasic(Customizer.withDefaults())
	.csrf(csrf -> csrf.disable())
	.logout(logout -> logout.logoutUrl("/logout")
	// 退出登录成功后的处理
	.logoutSuccessHandler(getLogoutSuccessHandler()));
	}

	// 登录成功后的处理
	private AuthenticationSuccessHandler getAuthenticationSuccessHandler() {
	return (req, res, auth) -> {
	res.setStatus(HttpStatus.OK.value());
	res.getWriter().println();
	log.debug("认证成功！");
	// 响应给前端
	Map<Object, Object> map = new HashMap<>();
	map.put("code",200);
	map.put("msg","login success");
	map.put("data","true");
	String jsonMap = new ObjectMapper().writeValueAsString(map);
	res.setContentType("application/json;charset=UTF-8");
	res.getWriter().println(jsonMap);
	};
	}

	// 登录失败后的处理
	private AuthenticationFailureHandler getAuthenticationFailureHandler() {
	return (req, res, exp) -> {
	ObjectMapper objectMapper = new ObjectMapper();
	res.setStatus(HttpStatus.UNAUTHORIZED.value());
	res.setContentType(MediaType.APPLICATION_JSON_VALUE);
	res.setCharacterEncoding("UTF-8");
	res.getWriter().println(objectMapper.writeValueAsString(exp.getMessage()));
	log.debug("认证失败！");
	Map<Object, Object> map = new HashMap<>();
	map.put("code",201);
	map.put("msg","login fail");
	map.put("data","false");
	String jsonMap = new ObjectMapper().writeValueAsString(map);
	res.setContentType("application/json;charset=UTF-8");
	res.getWriter().println(jsonMap);
	};
	}

	// 退出登录成功后的处理
	private LogoutSuccessHandler getLogoutSuccessHandler() {
	return (req, resp, auth) -> {
	ObjectMapper objectMapper = new ObjectMapper();
	resp.setStatus(HttpStatus.OK.value());
	resp.setContentType(MediaType.APPLICATION_JSON_VALUE);
	// resp.setCharacterEncoding("UTF-8");
	// resp.getWriter().println(objectMapper.writeValueAsString(auth));
	log.debug("退出登录成功！");
	Map<Object, Object> map = new HashMap<>();
	map.put("code",200);
	map.put("msg","logout success");
	map.put("data","true");
	String jsonMap = new ObjectMapper().writeValueAsString(map);
	resp.setContentType("application/json;charset=UTF-8");
	resp.getWriter().println(jsonMap);
	};
	}

	// 解决跨域
	private CorsConfigurationSource corsConfigurationSource() {
	UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
	CorsConfiguration corsConfiguration = new CorsConfiguration();
	corsConfiguration.addAllowedOrigin("*");
	corsConfiguration.addAllowedHeader("*");
	corsConfiguration.addAllowedMethod("*");
	source.registerCorsConfiguration("/**", corsConfiguration);
	return source;
	}

	}