templates.service.SecurityConfig.ftl Maven / Gradle / Ivy
package ${packageName}.service.config;
import jakarta.annotation.Resource;
import lombok.AllArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.DelegatingReactiveAuthenticationManager;
import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.server.SecurityWebFilterChain;
import ${packageName}.common.constants.Constants;
import ${packageName}.service.security.*;
import reactor.core.publisher.Mono;
import java.util.LinkedList;
@Configuration
@EnableWebFluxSecurity
@AllArgsConstructor
@EnableMethodSecurity
@EnableReactiveMethodSecurity
public class SecurityConfig {
@Resource
private DefaultAuthorizationManager defaultAuthorizationManager;
@Resource
private TokenAuthenticationManager tokenAuthenticationManager;
@Resource
private DefaultSecurityContextRepository defaultSecurityContextRepository;
@Resource
private DefaultAuthenticationEntryPoint defaultAuthenticationEntryPoint;
@Resource
private DefaultAccessDeniedHandler defaultAccessDeniedHandler;
@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity httpSecurity) {
httpSecurity
// 登录认证处理
.authenticationManager(reactiveAuthenticationManager())
.securityContextRepository(defaultSecurityContextRepository)
// .securityMatcher(ServerWebExchangeMatchers.pathMatchers("/sys/**"))
.authorizeExchange(exchange -> exchange
.pathMatchers("/sys/validate/code").permitAll()
.pathMatchers("/sys/admin/login").permitAll()
.pathMatchers("/doc.html").permitAll()
.pathMatchers("/swagger-resources/**").permitAll()
.pathMatchers("/webjars/**").permitAll()
.pathMatchers("/v2/**").permitAll()
.pathMatchers("/v3/**").permitAll()
.pathMatchers("/swagger-ui.html/**").permitAll()
.pathMatchers("/*/api-docs").permitAll()
.pathMatchers("/druid/**").permitAll()
.pathMatchers(HttpMethod.OPTIONS).permitAll()
.anyExchange().access(defaultAuthorizationManager)
)
.formLogin().and()
.exceptionHandling().authenticationEntryPoint(defaultAuthenticationEntryPoint).and()
// 访问被拒绝时自定义处理器
.exceptionHandling().accessDeniedHandler(defaultAccessDeniedHandler).and()
.csrf().disable();
return httpSecurity.build();
}
/**
* BCrypt密码编码
*/
@Bean("passwordEncoder")
public PasswordEncoder passwordEncoder() {
return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}
/**
* 注册用户信息验证管理器,可按需求添加多个按顺序执行
*/
@Bean
ReactiveAuthenticationManager reactiveAuthenticationManager() {
LinkedList managers = new LinkedList<>();
managers.add(authentication -> {
// 其他登陆方式 (比如手机号验证码登陆) 可在此设置不得抛出异常或者 Mono.error
return Mono.empty();
});
managers.add(tokenAuthenticationManager);
return new DelegatingReactiveAuthenticationManager(managers);
}
}