• Home
• xyz.migoo.springboot
• migoo-spring-boot-starter-security
• 1.2.1
• source code
• MiGooWebSecurityConfigurerAdapter.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

xyz.migoo.framework.security.config.MiGooWebSecurityConfigurerAdapter Maven / Gradle / Ivy

package xyz.migoo.framework.security.config;

import jakarta.annotation.Resource;
import org.springframework.boot.autoconfigure.AutoConfigureOrder;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import xyz.migoo.framework.security.core.filter.JWTAuthenticationTokenFilter;
import xyz.migoo.framework.security.core.service.SecurityAuthFrameworkService;

/**
 * 自定义的 Spring Security 配置适配器实现
 *
 * @author xiaomi
 */
@Configuration
@AutoConfigureOrder(SecurityProperties.DEFAULT_FILTER_ORDER)
@EnableMethodSecurity(securedEnabled = true)
public class MiGooWebSecurityConfigurerAdapter {

    @Resource
    private xyz.migoo.framework.security.config.SecurityProperties properties;

    /**
     * 自定义用户【认证】逻辑
     */
    @Resource
    private SecurityAuthFrameworkService userDetailsService;
    /**
     * Spring Security 加密器
     */
    @Resource
    private PasswordEncoder passwordEncoder;
    /**
     * 认证失败处理类 Bean
     */
    @Resource
    private AuthenticationEntryPoint authenticationEntryPoint;
    /**
     * 权限不够处理器 Bean
     */
    @Resource
    private AccessDeniedHandler accessDeniedHandler;
    /**
     * 退出处理类 Bean
     */
    @Resource
    private LogoutSuccessHandler logoutSuccessHandler;
    /**
     * Token 认证过滤器 Bean
     */
    @Resource
    private JWTAuthenticationTokenFilter authenticationTokenFilter;

    /**
     * 由于 Spring Security 创建 AuthenticationManager 对象时，没声明 @Bean 注解，导致无法被注入
     * 通过覆写父类的该方法，添加 @Bean 注解，解决该问题
     */
    @Bean
    @ConditionalOnMissingBean(AuthenticationManager.class)
    public AuthenticationManager authenticationManagerBean(ObjectPostProcessor