org.zodiac.autoconfigure.security.ReactiveSecurityWebAutoConfiguration Maven / Gradle / Ivy
package org.zodiac.autoconfigure.security;
import java.util.Map;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.boot.SpringBootConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication.Type;
import org.springframework.context.annotation.Bean;
import org.springframework.core.annotation.Order;
import org.springframework.web.util.pattern.PathPattern;
import org.springframework.web.util.pattern.PathPatternParser;
import org.zodiac.autoconfigure.security.condition.ConditionalOnSecurityConfigEnabled;
import org.zodiac.commons.logging.SmartSlf4jLogger;
import org.zodiac.commons.logging.SmartSlf4jLoggerFactory;
import org.zodiac.commons.util.Colls;
@org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity
@ConditionalOnSecurityConfigEnabled
@SpringBootConfiguration
@ConditionalOnWebApplication(type = Type.REACTIVE)
@Order(value = org.zodiac.security.constants.SecurityOrderConstants.DEFAULT_PERMIT_ALL_ORDER)
@ConditionalOnClass(value = {org.springframework.security.core.Authentication.class, org.springframework.security.web.server.SecurityWebFilterChain.class})
public class ReactiveSecurityWebAutoConfiguration {
protected SmartSlf4jLogger log = SmartSlf4jLoggerFactory.getLogger(getClass());
private SecurityConfigProperties securityConfigProperties;
public ReactiveSecurityWebAutoConfiguration(ObjectProvider securityConfigPropertiesProvider) {
this.securityConfigProperties = securityConfigPropertiesProvider.getIfAvailable();
}
@Bean
protected org.springframework.security.web.server.SecurityWebFilterChain defaultSecurityWebFilterChain(org.springframework.security.config.web.server.ServerHttpSecurity http) {
log.info("Default reactive web http security configure begin");
org.springframework.security.web.server.SecurityWebFilterChain chain = null;
if (null != securityConfigProperties) {
if (securityConfigProperties.getWeb().isPermitAllUrls()) {
http.authorizeExchange()
/*任何请求*/
.pathMatchers("/**")
/*授权所有访问*/
.permitAll();
} else {
http
.authorizeExchange()
.pathMatchers("/**").authenticated().and()
.formLogin();
}
if (!securityConfigProperties.getWeb().isBasicEnabled()) {
/*没有开启HTTP Basic*/
http.httpBasic().disable();
} else {
http.httpBasic();
}
org.zodiac.security.config.SecurityCsrfInfo securityCsrfInfo = securityConfigProperties.getWeb().getCsrf();
if (!securityCsrfInfo.isEnabled()) {
/*没有开启CSRF*/
http.csrf().disable();
} else {
/*开启CSRF*/
if (Colls.notEmptyColl(securityCsrfInfo.getIgnoredPatterns())) {
/*有忽略的路径*/
http.csrf().requireCsrfProtectionMatcher((exchange) -> {
org.springframework.http.server.reactive.ServerHttpRequest request = exchange.getRequest();
Map allVariables = Colls.map();
for (String p : securityCsrfInfo.getIgnoredPatterns()) {
PathPattern pattern = new PathPatternParser().parse(p);
org.springframework.http.server.PathContainer path = request.getPath().pathWithinApplication();
boolean match = pattern.matches(path);
if (match) {
/*命中忽略路径规则,返回不匹配,跳过CSRF。*/
return org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult.notMatch();
}
Map pathVariables = pattern.matchAndExtract(path).getUriVariables();
allVariables.putAll(pathVariables);
}
return org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult.match(allVariables);
});
}
}
}
chain = http.build();
log.info("Default reactive web http security configure end");
return chain;
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy