All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.zodiac.autoconfigure.security.http.servlet.SecurityHttpServletAutoConfiguration Maven / Gradle / Ivy

package org.zodiac.autoconfigure.security.http.servlet;

import java.util.List;
import java.util.stream.Collectors;

import org.springframework.boot.SpringBootConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication.Type;
import org.springframework.context.annotation.Bean;
import org.springframework.core.annotation.Order;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import org.zodiac.autoconfigure.security.condition.ConditionalOnSecurityHttpEnabled;
import org.zodiac.autoconfigure.security.http.SecurityHttpProperties;
import org.zodiac.autoconfigure.security.jwt.SecurityJwtProperties;
import org.zodiac.commons.util.ArrayUtil;

@Order
@SpringBootConfiguration
@ConditionalOnSecurityHttpEnabled
@ConditionalOnWebApplication(type = Type.SERVLET)
//@AutoConfigureAfter(value = {SecurityJwtAutoConfiguration.class})
@ConditionalOnClass(value = {org.zodiac.security.auth.SecurityAuthAspect.class, org.zodiac.security.jwt.config.SecurityJwtInfo.class})
public class SecurityHttpServletAutoConfiguration implements WebMvcConfigurer {

    private final org.zodiac.security.registry.SecurityRegistry securityRegistry;
    private final org.zodiac.security.http.servlet.ServletSecurityHandler servletSecurityHandler;
    private final SecurityJwtProperties securityJwtProperties;
    private final SecurityHttpProperties securityHttpProperties;

    public SecurityHttpServletAutoConfiguration(org.zodiac.security.registry.SecurityRegistry securityRegistry,
        org.zodiac.security.http.servlet.ServletSecurityHandler servletSecurityHandler,
        SecurityJwtProperties securityJwtProperties, SecurityHttpProperties securityHttpProperties) {
        this.securityRegistry = securityRegistry;
        this.servletSecurityHandler = servletSecurityHandler;
        this.securityJwtProperties = securityJwtProperties;
        this.securityHttpProperties = securityHttpProperties;
    }

    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        /*设置请求授权*/
        if (securityRegistry.isAuthEnabled() || securityHttpProperties.isAuthEnabled()) {
            List authSecures =
                this.securityRegistry.addAuthPatterns(securityHttpProperties.getAuth()).getAuthSecures();
            if (authSecures.size() > 0) {
                registry.addInterceptor(servletSecurityHandler.authInterceptor(authSecures));
                /*设置路径放行*/
                securityRegistry
                    .excludePathPatterns(authSecures.stream().map(org.zodiac.security.http.AuthSecure::getPattern).collect(Collectors.toList()));
            }
        }
        /*设置基础认证授权*/
        if (securityRegistry.isBasicEnabled() || securityHttpProperties.isBasicEnabled()) {
            List basicSecures =
                this.securityRegistry.addBasicPatterns(securityHttpProperties.getBasic()).getBasicSecures();
            if (basicSecures.size() > 0) {
                registry.addInterceptor(servletSecurityHandler.basicInterceptor(basicSecures));
                /**/
                securityRegistry.excludePathPatterns(
                    basicSecures.stream().map(org.zodiac.security.http.BasicSecure::getPattern).collect(Collectors.toList()));
            }
        }
        /*设置签名认证授权*/
        if (securityRegistry.isSignEnabled() || securityHttpProperties.isSignEnabled()) {
            List signSecures =
                this.securityRegistry.addSignPatterns(securityHttpProperties.getSign()).getSignSecures();
            if (signSecures.size() > 0) {
                registry.addInterceptor(servletSecurityHandler.signInterceptor(signSecures));
                /*设置路径放行*/
                securityRegistry
                    .excludePathPatterns(signSecures.stream().map(org.zodiac.security.http.SignSecure::getPattern).collect(Collectors.toList()));
            }
        }
        /*设置客户端授权*/
        if (securityRegistry.isClientEnabled() || securityHttpProperties.isClientEnabled()) {
            securityHttpProperties.getClient().forEach(
                clientSecure -> registry.addInterceptor(servletSecurityHandler.clientInterceptor(clientSecure.getClientId()))
                    .addPathPatterns(clientSecure.getPathPatterns()));
        }
        /*设置路径放行*/
        if (securityRegistry.isEnabled() || securityHttpProperties.isEnabled()) {
            registry.addInterceptor(servletSecurityHandler.tokenInterceptor())
                .excludePathPatterns(securityRegistry.getExcludePatterns())
                .excludePathPatterns(securityRegistry.getDefaultExcludePatterns())
                .excludePathPatterns(securityHttpProperties.getIgnoredUrls().toArray(ArrayUtil.EMPTY_STRING_ARRAY));
        }
    }

    @Bean
    @ConditionalOnMissingBean
    @ConditionalOnBean(value = {org.springframework.cache.CacheManager.class})
    protected org.zodiac.security.SecurityCacheOperations securityCacheOperations(org.springframework.cache.CacheManager cacheManager) {
        return new org.zodiac.security.http.servlet.ServletSecurityCacheTemplate(cacheManager);
    }

    @Bean
    @ConditionalOnMissingBean(value = org.zodiac.security.SecurityAuthOperations.class)
    protected org.zodiac.security.SecurityAuthOperations securityAuthOperations() {
        return new org.zodiac.security.http.servlet.ServletSecurityAuthTemplate(securityJwtProperties);
    }

    @Bean
    @ConditionalOnMissingBean(value = org.zodiac.security.SecurityAuthOperations2.class)
    protected org.zodiac.security.SecurityAuthOperations2 securityAuthOperations2() {
        return new org.zodiac.security.http.servlet.ServletSecurityAuthTemplate2(securityJwtProperties);
    }

    @Bean
    @ConditionalOnMissingBean(value = org.zodiac.security.SecurityOperations.class)
    protected org.zodiac.security.SecurityOperations securityOperations(org.zodiac.security.SecurityClientDetailsService securityClientDetailsService) {
        return new org.zodiac.security.http.servlet.ServletSecurityTemplate(securityClientDetailsService, securityJwtProperties);
    }

}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy