参考: https://geocolumbus.github.io/HTTPS-ELB-AWS-Spring-Boot/

 

1.  在服务器端配置  证书 域名 映射

 

2. 导入依赖:

<dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
</dependency>

3.配置

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private LdapConfig ldapConfig;

    @Autowired
    private CorsConfig corsConfig;

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Value("${security.https.path}")
    private String httpsPath;   // 项目路径  ,正式环境  配置 "/" 即可

 

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .requiresChannel().antMatchers(httpsPath).requiresSecure()
                .and()
                .authorizeRequests()
                //.antMatchers("/ui/**").fullyAuthenticated()
                //.antMatchers("/file/**").fullyAuthenticated()
                .antMatchers("/**").permitAll()
                .and().cors()
                .and().csrf().disable();
    }

    
}

(备份)

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private LdapConfig ldapConfig;

    @Autowired
    private CorsConfig corsConfig;

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Value("${security.https.path}")
    private String httpsPath;

    @Bean
    public UserDetailsContextMapper userDetailsContextMapper() {
        return new LdapUserDetailsMapper() {
            @Override
            public UserDetails mapUserFromContext(DirContextOperations ctx, String username,
                                                  Collection<? extends GrantedAuthority> authorities) {
                UserDetails details = super.mapUserFromContext(ctx, username, authorities);
                return new UserDetail((LdapUserDetails) details);
            }
        };
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .requiresChannel().antMatchers(httpsPath).requiresSecure()
                .and()
                .authorizeRequests()
                .antMatchers("/ui/**").fullyAuthenticated()
                .antMatchers("/file/**").fullyAuthenticated()
                .antMatchers("/**").permitAll()
                .and().cors()
                .and().csrf().disable();
    }

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
                .ldapAuthentication()
                .userDetailsContextMapper(userDetailsContextMapper())
                .userDnPatterns("uid={0},ou=people")
                .groupSearchBase("ou=groups")
                .contextSource()
                .url(ldapConfig.getUrl()+ldapConfig.getBase_dc())
                .managerDn(ldapConfig.getUsername())
                .managerPassword(ldapConfig.getPassword());
    }

    @Bean
    CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.setAllowedOrigins(corsConfig.getAllowedOrigins());
        configuration.setAllowedMethods(corsConfig.getAllowedMethods());
        configuration.setAllowedHeaders(corsConfig.getAllowedHeaders());
        configuration.setAllowCredentials(corsConfig.getAllowedCredentials());
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }
}
View Code

 

4.在application. yml 或者 application.properties 中配置:

server:
  port: 7000
  servlet:
    session:
      timeout: 1800
  tomcat:
    max-threads: 10
    remote-ip-header: x-forwarded-for
    protocol-header: x-forwarded-proto

 

posted on 2018-10-19 17:42  lshan  阅读(215)  评论(0编辑  收藏  举报