WebSecurityConfigurerAdapter ist veraltet, der neueste Konfigurationslösungscode

Enterprise 2023-10-01 05:24:28 views: null 
package com.junda.config;

import com.junda.filter.JwtAuthenticationTokenFilter;
import com.junda.handler.AccessDeniedHandlerImpl;
import com.junda.handler.AuthenticationEntryPointImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

/**
 * 关于认证相关的配置
 */
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true) // 开启权限认证功能
public class SecurityConfig  {
    
    

    @Autowired
    private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;

    @Autowired
    private AuthenticationEntryPointImpl authenticationEntryPoint;

    @Autowired
    private AccessDeniedHandlerImpl accessDeniedHandler;

    /**
     *  权限认证对象[AuthenticationManager]注册到容器里面,其他类可以取到
     * @return
     */
    @Bean
    public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
    
    
        return authenticationConfiguration.getAuthenticationManager();
    }

    @Bean
    protected SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
    
    
        http.authorizeRequests()
                .antMatchers("/auth/login").permitAll() //全部都可以访问
                .antMatchers("/auth/other").permitAll() //anonymous() 未登录的时候才可以访问
                .anyRequest().authenticated(); //其它接口 任意用户认证后可以访问
        http.csrf().disable();
        //禁用session  sessionCreationPolicy session创建策略,【前后端分离 session就没用了】
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        //过滤器前置配置
        http.addFilterBefore(jwtAuthenticationTokenFilter,UsernamePasswordAuthenticationFilter.class);
        //配置异常处理器
        http.exceptionHandling()
                //认证失败处理器
                .authenticationEntryPoint(authenticationEntryPoint)
                //授权失败处理器
                .accessDeniedHandler(accessDeniedHandler);
        //运行跨域
        http.cors();
        return http.build();
    }


    /**
     *  密码校验器
     * @return
     */
    @Bean
    public PasswordEncoder passwordEncoder() {
    
    
        return new BCryptPasswordEncoder();
    }


}

Guess you like

Origin blog.csdn.net/weixin_42581660/article/details/129196694
Recommended
Ranking
linux c random function rand srand introduction
Kirill And The Game CodeForces - 842A
[Configuration reference] Correctly configure maven domestic sources
Study notes (6): game physics engine
What should developers pay attention to when adding advertising space in the app?
Some methods of python_numpy
Baidu Encyclopedia how do drainage
Frequently Asked Questions about Oracle 12C Cold Standby
POJ_1083
Which one of these two concurrent implementations is a better faster
Daily
More
2024-06-08(0)
2024-06-07(0)
2024-06-06(0)
2024-06-05(0)
2024-06-04(0)
2024-06-03(1)
2024-06-02(0)
2024-06-01(1)
2024-05-31(1)
2024-05-30(0)

Code World

© 2018 codetd.com