SpringBoot使用的心得记录
2016-03-22 13:40
591 查看
security配置
配置拦截器
import com.yineng.corpsysland.security.*; import com.yineng.corpsysland.web.filter.AuthorizationActiveFilter; import com.yineng.corpsysland.web.filter.AuthorizationExpiredFilter; import com.yineng.corpsysland.web.filter.CsrfCookieGeneratorFilter; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.env.Environment; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.data.repository.query.SecurityEvaluationContextExtension; import org.springframework.security.web.authentication.AuthenticationFailureHandler; import org.springframework.security.web.authentication.RememberMeServices; import org.springframework.security.web.csrf.CsrfFilter; import javax.inject.Inject; import javax.servlet.Filter; @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true) public class SecurityConfiguration extends WebSecurityConfigurerAdapter { @Inject private Environment env; @Inject private AjaxAuthenticationSuccessHandler ajaxAuthenticationSuccessHandler; @Inject private AjaxLogoutSuccessHandler ajaxLogoutSuccessHandler; @Inject private AuthenticationProvider authenticationProvider; @Inject private RememberMeServices rememberMeServices; @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } @Inject public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth.authenticationProvider(authenticationProvider); } @Override public void configure(WebSecurity web) throws Exception { web.ignoring() .antMatchers("/oauth/**"); } @Override protected void configure(HttpSecurity http) throws Exception { http .csrf() .ignoringAntMatchers("/websocket/**") .ignoringAntMatchers("/api/authentication/**") .ignoringAntMatchers("/api/logout/**") .and() .addFilterAfter(new CsrfCookieGeneratorFilter(), CsrfFilter.class) .addFilterBefore(authorizationActiveFilter(), AuthenticationFilter.class) .addFilterAfter(authorizationExpiredFilter(), AuthenticationFilter.class) .rememberMe() .rememberMeServices(rememberMeServices) .rememberMeParameter("remember-me") .key(env.getProperty("jhipster.security.rememberme.key")) .and() .formLogin().loginPage("/login.html") .loginProcessingUrl("/api/authentication") .successHandler(ajaxAuthenticationSuccessHandler) .failureHandler(authenticationFailureHandler()) .usernameParameter("j_username") .passwordParameter("j_password") .permitAll() .and() .logout() .logoutUrl("/api/logout") .logoutSuccessHandler(ajaxLogoutSuccessHandler) .deleteCookies("JSESSIONID") .permitAll() .and() .headers() .frameOptions() .disable() .and() .authorizeRequests().anyRequest().authenticated() .antMatchers("/activeSystem").permitAll() .antMatchers("/api/register").permitAll() .antMatchers("/api/activate").permitAll() .antMatchers("/api/authenticate").permitAll() .antMatchers("/api/account/reset_password/init").permitAll() .antMatchers("/api/account/reset_password/finish").permitAll() .antMatchers("/api/logs/**").hasAuthority(AuthoritiesConstants.ADMIN) .antMatchers("/api/**").authenticated() .antMatchers("/metrics/**").hasAuthority(AuthoritiesConstants.ADMIN) .antMatchers("/health/**").hasAuthority(AuthoritiesConstants.ADMIN) .antMatchers("/trace/**").hasAuthority(AuthoritiesConstants.ADMIN) .antMatchers("/dump/**").hasAuthority(AuthoritiesConstants.ADMIN) .antMatchers("/shutdown/**").hasAuthority(AuthoritiesConstants.ADMIN) .antMatchers("/beans/**").hasAuthority(AuthoritiesConstants.ADMIN) .antMatchers("/configprops/**").hasAuthority(AuthoritiesConstants.ADMIN) .antMatchers("/info/**").hasAuthority(AuthoritiesConstants.ADMIN) .antMatchers("/autoconfig/**").hasAuthority(AuthoritiesConstants.ADMIN) .antMatchers("/env/**").hasAuthority(AuthoritiesConstants.ADMIN) .antMatchers("/trace/**").hasAuthority(AuthoritiesConstants.ADMIN) .antMatchers("/api-docs/**").hasAuthority(AuthoritiesConstants.ADMIN) .antMatchers("/protected/**").authenticated(); } @Bean public SecurityEvaluationContextExtension securityEvaluationContextExtension() { return new SecurityEvaluationContextExtension(); } @Bean public AuthenticationFailureHandler authenticationFailureHandler() { return new AjaxAuthenticationFailureHandler("/activeSystem"); } @Bean public Filter authorizationActiveFilter() { return new AuthorizationActiveFilter(authenticationFailureHandler()); } @Bean public Filter authorizationExpiredFilter() { return new AuthorizationExpiredFilter(authenticationFailureHandler()); } }
配置拦截器
import com.yineng.corpsysland.config.locale.AngularCookieLocaleResolver; import com.yineng.corpsysland.security.TokenAuthHandler; import org.springframework.boot.bind.RelaxedPropertyResolver; import org.springframework.context.EnvironmentAware; import org.springframework.context.MessageSource; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.support.ReloadableResourceBundleMessageSource; import org.springframework.core.env.Environment; import org.springframework.web.servlet.LocaleResolver; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; import org.springframework.web.servlet.i18n.LocaleChangeInterceptor; @Configuration public class MyConfiguration extends WebMvcConfigurerAdapter{ @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(new TokenAuthHandler()).addPathPatterns("/third/**"); } }
@Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true) public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
相关文章推荐
- Java基础之static的使用
- Spring 一二事(9) - xml 形式的 AOP
- java将字符串进行MD5加密和将时间戳格式化输出的方法
- java编程,ATM简例。
- Java Generics and Collections-2.2
- JAVA集合的学习
- java序列化和反序列话总结
- java-volatile
- spring 加载多个资源文件
- Java多线程中Synchronized简介和Static Synchronized的区别
- spring mvc ehcache 详细配置 亲测可用
- 解决eclipse中maven出现的Failure to transfer XXX.jar的问题
- Intelli IDEA与java/maven
- java函数调用
- Spring MVC 执行过程浅析
- 网易笔试编程题-java版
- java并发包研究之-ConcurrentHashMap
- struts 迭代器iterator四种使用方式 S标签
- struts2中如何定义拦截器
- (qq:951449465)SpringMVC+mybatis+shiro+Restful+dubbo+maven分布式框架设计