springsecurity-微服务-springsecurity核心配置类

在springsecurity的核心配置类可以配置的东西特别多,比如下面最常见的:

  1.配置用户名和密码

  2.配置登录界面,登录提交的路径,登录成功的路径

  3.配置认证出现异常的路径

  4.配置退出路径,退出成功路径

  5.配置哪些路径是可直接访问和需要认证访问的

  6.配置认证成功后,需要哪些权限或者角色才能访问的

  7.可配置【记住我】功能

  8.配置CSRF

  9.配置未授权的统一处理类

  10.配置退出处理器

  11.配置认证过滤器 和 授权过滤器

参考代码如下:

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class TokenWebSecurityConfig extends WebSecurityConfigurerAdapter {

    private UserDetailsService userDetailsService;
    private TokenManager tokenManager;
    private DefaultPasswordEncoder defaultPasswordEncoder;
    private RedisTemplate redisTemplate;

    @Autowired
    public TokenWebSecurityConfig(UserDetailsService userDetailsService, DefaultPasswordEncoder defaultPasswordEncoder,
                                  TokenManager tokenManager, RedisTemplate redisTemplate) {
        this.userDetailsService = userDetailsService;
        this.defaultPasswordEncoder = defaultPasswordEncoder;
        this.tokenManager = tokenManager;
        this.redisTemplate = redisTemplate;
    }

    /**
     * 配置设置
     * @param http
     * @throws Exception
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.exceptionHandling()
                .authenticationEntryPoint(new UnauthorizedEntryPoint())  //配置未授权统一处理类
                .and().csrf().disable()
                .authorizeRequests()
                .anyRequest().authenticated()
                .and().logout().logoutUrl("/admin/acl/index/logout")
                .addLogoutHandler(new TokenLogoutHandler(tokenManager,redisTemplate)).and() //配置退出处理器
                .addFilter(new TokenLoginFilter(authenticationManager(), tokenManager, redisTemplate)) //配置认证过滤器
                .addFilter(new TokenAuthenticationFilter(authenticationManager(), tokenManager, redisTemplate)).httpBasic(); //配置授权过滤器
    }

    /**
     * 密码处理
     * @param auth
     * @throws Exception
     */
    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(defaultPasswordEncoder);
    }

    /**
     * 配置哪些请求不拦截
     * @param web
     * @throws Exception
     */
    @Override
    public void configure(WebSecurity web) throws Exception {
//        web.ignoring().antMatchers("/api/**",
//                "/swagger-resources/**", "/webjars/**", "/v2/**", "/swagger-ui.html/**"
//               );
        web.ignoring().antMatchers("/*/**"
        );
    }
}

 

posted @ 2021-02-07 14:21  爱编程DE文兄  阅读(562)  评论(0编辑  收藏  举报