cloud.hedou.abp.auth.ApbSecurityConfiguration.kt Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of abp-spring-boot-starter Show documentation

When the functions of ABP cannot meet service requirements, the Spring Boot framework can be used to expand its own services to make use of abundant Java frameworks on the market.

There is a newer version: 1.0.1

Show newest version

package cloud.hedou.abp.auth

import org.springframework.beans.factory.annotation.Autowired
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.http.HttpStatus
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.core.GrantedAuthorityDefaults
import org.springframework.security.config.http.SessionCreationPolicy
import org.springframework.security.config.web.servlet.invoke
import org.springframework.security.oauth2.jwt.JwtDecoder
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter
import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver
import org.springframework.security.web.AuthenticationEntryPoint
import org.springframework.security.web.access.AccessDeniedHandler

@Configuration
@EnableGlobalMethodSecurity(securedEnabled = true)
class ApbSecurityConfiguration : WebSecurityConfigurerAdapter() {

    @Autowired
    private lateinit var apbJwtDecoder: JwtDecoder

    @Autowired
    private lateinit var abpBearerTokenResolver: BearerTokenResolver

    /** 注入权限前缀 */
    @get:Bean
    val grantedAuthorityDefaults: GrantedAuthorityDefaults
        get() = GrantedAuthorityDefaults("")

    /** 从JWT中提取用户权限的转换器 */
    @Bean
    fun jwtAuthenticationConverter(converter: AbpGrantedAuthoritiesConverter): JwtAuthenticationConverter {
        val jwtAuthenticationConverter = JwtAuthenticationConverter()
        jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(converter)
        return jwtAuthenticationConverter
    }

    override fun configure(http: HttpSecurity) {
        http {
            cors {
                disable()
            }
            csrf {
                disable()
            }
            sessionManagement {
                sessionCreationPolicy = SessionCreationPolicy.STATELESS
            }
            authorizeRequests {
                for (url in URLS) {
                    authorize(url, permitAll)
                }
                authorize(anyRequest)
            }
            oauth2ResourceServer {
                jwt {
                    jwtDecoder = apbJwtDecoder
                }
                bearerTokenResolver = abpBearerTokenResolver
                authenticationEntryPoint = AuthenticationEntryPoint { _, response, _ ->
                    response.status = HttpStatus.UNAUTHORIZED.value()
                    response.writer.write("""{"error":{"code":401,"message":"Authorization failed! Please login and try again."}}""")
                }
                accessDeniedHandler = AccessDeniedHandler { _, response, _ ->
                    response.status = HttpStatus.FORBIDDEN.value()
                    response.writer.write("""{"error":{"code":403,"message":"Permission denied! Given policy has not granted."}}""")
                }
            }
        }
    }

    companion object {

        /** 忽略授权的路径 */
        private val URLS = arrayOf(
            "/",
            "/*/*.js",
            "/*/*.css",
            "/*/*.ico",
            "/*/*.png",
            "/*/*.html",
            "/v2/api-docs",
            "/configuration/*",
            "/swagger-resources/*",
        )

    }

}