com.luues.security.configuration.core.SecurityConfiguration Maven / Gradle / Ivy
package com.luues.security.configuration.core;
import cn.luues.tool.json.JsonUtils;
import com.fasterxml.jackson.databind.module.SimpleModule;
import com.luues.redis.single.service.JedisTemplate;
import com.luues.security.config.SecurityConfig;
import com.luues.security.configuration.core.config.web.configurers.*;
import com.luues.security.configuration.core.www.Rmi;
import com.luues.security.configuration.properties.*;
import com.luues.security.core.authentication.*;
import com.luues.security.core.authentication.expand.ExpandAuthenticationDetailsSource;
import com.luues.security.core.entity.SimpleGrantedAuthorityDeserializer;
import com.luues.security.core.filter.jwt.SecurityJwtVerifyFilter;
import com.luues.security.core.filter.session.SecuritySessionVerifyFilter;
import com.luues.security.core.filter.token.SecurityTokenVerifyFilter;
import com.luues.security.core.handler.core.VerifyHandler;
import com.luues.security.core.interfaces.SecurityAuthenticationProvider;
import com.luues.security.core.interfaces.SecurityInvalidProvider;
import com.luues.security.core.invoke.SecurityInvoke;
import com.luues.security.enumeration.VerifyType;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import java.util.ArrayList;
import java.util.List;
/**
* 核心配置
*/
@Slf4j(topic = "c.l.s.c.c.core")
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private SecurityJwtProperties securityJwtProperties;
@Autowired
private SecurityTokenPropertoes securityTokenPropertoes;
@Autowired
private SecurityMatchersProperties securityMatchersProperties;
@Autowired
private SecurityServerProperties securityServerProperties;
@Autowired
private SecurityRegistreProperties securityRegistreProperties;
@Autowired(required = false)
private JedisTemplate jedisTemplate;
@Autowired(required = false)
private List webSecurityConfigurerAdapterList = new ArrayList<>();
public SecurityConfiguration(List webSecurityConfigurerAdapterList){
this.webSecurityConfigurerAdapterList.clear();
webSecurityConfigurerAdapterList.forEach((v) -> this.webSecurityConfigurerAdapterList.add(v));
}
@Override
public void configure(WebSecurity web) throws Exception {
}
@Override
protected void configure(HttpSecurity http) throws Exception {
if(webSecurityConfigurerAdapterList.size() > 0){
boolean closeCsrf = webSecurityConfigurerAdapterList.get(0).closeCsrf();
if(closeCsrf)
http.csrf().disable();
}
http
.headers().frameOptions().disable()
.and();
//登录相关配置
FormLoginConfigurer formLoginConfigurer = formLoginConfigurer();
if(webSecurityConfigurerAdapterList.size() > 0){
webSecurityConfigurerAdapterList.get(0).login(formLoginConfigurer);
}
formLoginConfigurer.formLoginConfigurer(http.formLogin());
//退出相关配置
LogoutConfigurer logoutConfigurer = logoutConfigurer();
if(webSecurityConfigurerAdapterList.size() > 0){
webSecurityConfigurerAdapterList.get(0).logout(logoutConfigurer);
}
logoutConfigurer.customize(http, logoutSuccessHandler());
// 授权配置
ExpressionUrlAuthorizationConfigurer expressionUrlAuthorizationConfigurer = expressionUrlAuthorizationConfigurer();
expressionUrlAuthorizationConfigurer.init(http.authorizeRequests(), verifyHandler());
if(securityMatchersProperties.getUrls().size() > 0){
expressionUrlAuthorizationConfigurer.antMatchers(securityMatchersProperties.getUrls().toArray(new String[securityMatchersProperties.getUrls().size()]));
}else{
expressionUrlAuthorizationConfigurer.antMatchers(SecurityConfig.getSecurityConfig().getSourceSplit());
}
securityMatchersProperties.getCompletelyUrls().add("/luuesweb/**");
securityMatchersProperties.getCompletelyUrls().add("/securityjars/**");
expressionUrlAuthorizationConfigurer.antMatchers(securityMatchersProperties.getCompletelyUrls().toArray(new String[securityMatchersProperties.getCompletelyUrls().size()]));
if(webSecurityConfigurerAdapterList.size() > 0){
webSecurityConfigurerAdapterList.get(0).antMatchers(expressionUrlAuthorizationConfigurer);
}
expressionUrlAuthorizationConfigurer.ok();
Rmi.init(webSecurityConfigurerAdapterList, securityRegistreProperties, securityServerProperties, jedisTemplate);
//jwt方式需要该过滤器进行验证
if(SecurityConfig.getSecurityConfig().getVerifyType().equals(VerifyType.JWT)){
if((null == securityJwtProperties.getPublicKey() || null == securityJwtProperties.getPrivateKey()) && SecurityConfig.getSecurityConfig().isLocalVerify()){
log.error("jwt无法使用,请先设置spring.luues.security.jwt.pubKeyFile,spring.luues.security.jwt.priKeyFile");
}
http.addFilter(securityJwtVerifyFilter());
}
//token+redis方式需要该过滤器进行验证
if(SecurityConfig.getSecurityConfig().getVerifyType().equals(VerifyType.TOKEN)){
if((null == securityTokenPropertoes.getEncryptKey() || "null".equals(securityTokenPropertoes.getEncryptKey())) && SecurityConfig.getSecurityConfig().isLocalVerify()){
log.error("token无法使用,请先设置spring.luues.security.token.encrypt-key");
}else{
log.info("security redis prefix is : {}", securityTokenPropertoes.getRedisPrefix());
}
http.addFilter(securityTokenVerifyFilter());
}
//sesion模式
if(SecurityConfig.getSecurityConfig().getVerifyType().equals(VerifyType.SESSION)){
http.addFilter(securitySessionVerifyFilter());
}
SessionManagementConfigurer securitySessionManagementConfigurer = sessionManagementConfigurer();
if(SecurityConfig.getSecurityConfig().isMaxoneVoucher() && SecurityConfig.getSecurityConfig().getVerifyType().equals(VerifyType.SESSION)){
securitySessionManagementConfigurer.setSecuritySessionManagementConfigurer(http.sessionManagement());
}
if(webSecurityConfigurerAdapterList.size() > 0){
webSecurityConfigurerAdapterList.get(0).session(http.sessionManagement());
}
if(SecurityConfig.getSecurityConfig().getVerifyType().equals(VerifyType.JWT) || SecurityConfig.getSecurityConfig().getVerifyType().equals(VerifyType.TOKEN)){
//默认关闭session
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
//记住我
/*http
.rememberMe()
//.rememberMeParameter("rememberme").tokenValiditySeconds(600) //200秒
.tokenRepository(persistentTokenRepository); //配置持久化token*/
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.authenticationProvider(authenticationProvider());
//用户认证处理
//.userDetailsService(userDetailsService)
//密码处理
//.passwordEncoder(passwordEncoder());
/*if(webSecurityConfigurerAdapterList.size() > 0){
webSecurityConfigurerAdapterList.get(0).configure(auth);
}*/
}
@Bean
@Override
protected AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManager();
}
public SecuritySessionVerifyFilter securitySessionVerifyFilter() throws Exception {
return new SecuritySessionVerifyFilter(authenticationManager(), verifyHandler(), simpleUrlAuthenticationFailureHandler());
}
public SecurityTokenVerifyFilter securityTokenVerifyFilter() throws Exception {
return new SecurityTokenVerifyFilter(authenticationManager(), verifyHandler());
}
public SecurityJwtVerifyFilter securityJwtVerifyFilter() throws Exception {
return new SecurityJwtVerifyFilter(authenticationManager(), verifyHandler());
}
@Bean
public SecurityInvoke securityInvoke(List securityAuthenticationProviderList, List securityInvalidProviderList){
return new SecurityInvoke(securityAuthenticationProviderList, securityInvalidProviderList);
}
@Bean
public AuthenticationProvider authenticationProvider(){
return new AuthenticationProvider();
}
@Bean
@ConditionalOnMissingBean
public SavedRequestAwareAuthenticationSuccessHandler savedRequestAwareAuthenticationSuccessHandler(){
return new SavedRequestAwareAuthenticationSuccessHandler();
}
@Bean
@ConditionalOnMissingBean
public SimpleUrlAuthenticationFailureHandler simpleUrlAuthenticationFailureHandler(){
return new SimpleUrlAuthenticationFailureHandler();
}
@Bean
public ExpandAuthenticationDetailsSource expandAuthenticationDetailsSource(){
return new ExpandAuthenticationDetailsSource();
}
@Bean
public AccessDeniedHandler accessDeniedHandler(){
return new AccessDeniedHandler();
}
@Bean
@ConditionalOnMissingBean
public VerifyHandler verifyHandler(){
return new VerifyHandler();
}
/*@Bean
public DaoAuthenticationProvider daoAuthenticationProvider(){
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
daoAuthenticationProvider.setHideUserNotFoundExceptions(false);
return daoAuthenticationProvider;
}*/
/*@Bean
public DefaultWebSecurityExpressionHandler defaultWebSecurityExpressionHandler() {
DefaultWebSecurityExpressionHandler handler = new DefaultWebSecurityExpressionHandler();
handler.setDefaultRolePrefix();
handler.setPermissionEvaluator();
return handler;
}*/
@Bean
public PasswordEncoder passwordEncoder(List securityAuthenticationProviderList, List securityInvalidProviderList) {
JsonUtils.registerModule(new SimpleModule().addDeserializer(SimpleGrantedAuthority.class, new SimpleGrantedAuthorityDeserializer()));
return null == securityInvoke(securityAuthenticationProviderList, securityInvalidProviderList).passwordEncoder() ? new BCryptPasswordEncoder() : securityInvoke(securityAuthenticationProviderList, securityInvalidProviderList).passwordEncoder();
}
@Bean
@ConditionalOnBean(value = {SavedRequestAwareAuthenticationSuccessHandler.class, SimpleUrlAuthenticationFailureHandler.class})
public com.luues.security.configuration.core.config.web.configurers.FormLoginConfigurer formLoginConfigurer(){
return new com.luues.security.configuration.core.config.web.configurers.FormLoginConfigurer();
}
@Bean
@ConditionalOnBean(value = {SavedRequestAwareAuthenticationSuccessHandler.class, SimpleUrlAuthenticationFailureHandler.class})
public com.luues.security.configuration.core.config.web.configurers.LogoutConfigurer logoutConfigurer(){
return new com.luues.security.configuration.core.config.web.configurers.LogoutConfigurer();
}
@Bean
public ExpressionUrlAuthorizationConfigurer expressionUrlAuthorizationConfigurer(){
return new ExpressionUrlAuthorizationConfigurer();
}
@Bean
public SessionManagementConfigurer sessionManagementConfigurer(){
return new SessionManagementConfigurer();
}
@Bean
public LogoutSuccessHandler logoutSuccessHandler(){
return new LogoutSuccessHandler();
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy