package com.junda.config;
import com.junda.filter.JwtAuthenticationTokenFilter;
import com.junda.handler.AccessDeniedHandlerImpl;
import com.junda.handler.AuthenticationEntryPointImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
/**
* 关于认证相关的配置
*/
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true) // 开启权限认证功能
public class SecurityConfig {
@Autowired
private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;
@Autowired
private AuthenticationEntryPointImpl authenticationEntryPoint;
@Autowired
private AccessDeniedHandlerImpl accessDeniedHandler;
/**
* 权限认证对象[AuthenticationManager]注册到容器里面,其他类可以取到
* @return
*/
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
return authenticationConfiguration.getAuthenticationManager();
}
@Bean
protected SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/auth/login").permitAll() //全部都可以访问
.antMatchers("/auth/other").permitAll() //anonymous() 未登录的时候才可以访问
.anyRequest().authenticated(); //其它接口 任意用户认证后可以访问
http.csrf().disable();
//禁用session sessionCreationPolicy session创建策略,【前后端分离 session就没用了】
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
//过滤器前置配置
http.addFilterBefore(jwtAuthenticationTokenFilter,UsernamePasswordAuthenticationFilter.class);
//配置异常处理器
http.exceptionHandling()
//认证失败处理器
.authenticationEntryPoint(authenticationEntryPoint)
//授权失败处理器
.accessDeniedHandler(accessDeniedHandler);
//运行跨域
http.cors();
return http.build();
}
/**
* 密码校验器
* @return
*/
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
WebSecurityConfigurerAdapter ist veraltet, der neueste Konfigurationslösungscode
Guess you like
Origin blog.csdn.net/weixin_42581660/article/details/129196694
Recommended
Ranking