cn.wic4j.security.resource.config.ResourceServerConfig Maven / Gradle / Ivy
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache license, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the license for the specific language governing permissions and
* limitations under the license.
*/
package cn.wic4j.security.resource.config;
import cn.wi4j.security.core.config.SecurityProperties;
import jakarta.annotation.Resource;
import jakarta.servlet.Filter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
import org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import java.util.List;
/**
* 资源服务配置
*
* @author Max
* @version 2023.0.0.0
* @since 2023/7/11 19:49
*/
public class ResourceServerConfig {
/**
* 安全配置类
*/
@Resource
private SecurityProperties securityProperties;
/**
* 资源服务认证失败处理
*/
@Autowired
@Qualifier(value = "resourceServerAuthenticationFailureHandler")
private AuthenticationFailureHandler authenticationFailureHandler;
/**
* 未登录处理
*/
@Resource
private AuthenticationEntryPoint authenticationEntryPoint;
/**
* 未授权处理
*/
@Resource
private AccessDeniedHandler accessDeniedHandler;
/**
* 资源服务拦截器
*/
@Resource
private OpaqueTokenIntrospector opaqueTokenIntrospector;
/**
* 资源服务配置
*
* @param httpSecurity 安全配置
* @return 过滤器链
* @throws Exception ex
*/
@Bean
@Order(2)
public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity httpSecurity)
throws Exception {
httpSecurity.
authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> authorizationManagerRequestMatcherRegistry
.requestMatchers(securityProperties.getIgnoreUrls().toArray(new String[0])).permitAll()
.anyRequest().authenticated())
.oauth2ResourceServer()
.accessDeniedHandler(accessDeniedHandler)
.authenticationEntryPoint(authenticationEntryPoint)
.opaqueToken(opaqueTokenConfigurer -> opaqueTokenConfigurer.introspector(opaqueTokenIntrospector))
.and()
.headers()
.frameOptions()
.disable()
.and()
.csrf()
.disable();
DefaultSecurityFilterChain build = httpSecurity.build();
List filters = build.getFilters();
for (Filter filter : filters) {
if (filter instanceof BearerTokenAuthenticationFilter) {
((BearerTokenAuthenticationFilter) filter).setAuthenticationFailureHandler(authenticationFailureHandler);
}
}
return build;
}
}