|
|
@@ -6,16 +6,10 @@ import com.jeeplus.security.jwt.JWTConfigurer;
|
|
|
import com.jeeplus.security.jwt.TokenProvider;
|
|
|
import com.jeeplus.security.service.CustomUserDetailsService;
|
|
|
import com.jeeplus.security.util.DaoAuthenticationProvider;
|
|
|
-import org.jasig.cas.client.validation.Cas20ServiceTicketValidator;
|
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
|
import org.springframework.context.annotation.Bean;
|
|
|
import org.springframework.http.HttpMethod;
|
|
|
import org.springframework.security.authentication.AuthenticationManager;
|
|
|
-import org.springframework.security.cas.ServiceProperties;
|
|
|
-import org.springframework.security.cas.authentication.CasAssertionAuthenticationToken;
|
|
|
-import org.springframework.security.cas.authentication.CasAuthenticationProvider;
|
|
|
-import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
|
|
|
-import org.springframework.security.cas.web.CasAuthenticationFilter;
|
|
|
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
|
|
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
|
@@ -23,16 +17,13 @@ import org.springframework.security.config.annotation.web.builders.WebSecurity;
|
|
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|
|
import org.springframework.security.config.http.SessionCreationPolicy;
|
|
|
-import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
|
|
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
|
|
-import org.springframework.security.web.authentication.logout.LogoutFilter;
|
|
|
-import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
|
|
|
|
|
|
@EnableWebSecurity
|
|
|
@EnableGlobalMethodSecurity(prePostEnabled = true) // 开启方法级安全验证
|
|
|
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
|
|
- // @Autowired
|
|
|
-// private CustomUserDetailsService userDatailService;
|
|
|
+ @Autowired
|
|
|
+ private CustomUserDetailsService userDatailService;
|
|
|
@Autowired
|
|
|
private JwtAuthenticationEntryPoint unauthorizedHandler;
|
|
|
@Autowired
|
|
|
@@ -47,16 +38,16 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
|
|
@Override
|
|
|
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
|
|
// super.configure(auth);
|
|
|
- auth.authenticationProvider(casAuthenticationProvider());
|
|
|
-// DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
|
|
|
-// // 设置不隐藏 未找到用户异常
|
|
|
-// provider.setHideUserNotFoundExceptions(true);
|
|
|
-// // 用户认证service - 查询数据库的逻辑
|
|
|
-// provider.setUserDetailsService(userDetailsService());
|
|
|
-// // 设置密码加密算法
|
|
|
-// provider.setPasswordEncoder(passwordEncoder());
|
|
|
-// provider.setUserDetailsService ( userDatailService );
|
|
|
-// auth.authenticationProvider(provider);
|
|
|
+ //auth.authenticationProvider(casAuthenticationProvider());
|
|
|
+ DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
|
|
|
+ // 设置不隐藏 未找到用户异常
|
|
|
+ provider.setHideUserNotFoundExceptions(true);
|
|
|
+ // 用户认证service - 查询数据库的逻辑
|
|
|
+ provider.setUserDetailsService(userDetailsService());
|
|
|
+ // 设置密码加密算法
|
|
|
+ provider.setPasswordEncoder(passwordEncoder());
|
|
|
+ provider.setUserDetailsService ( userDatailService );
|
|
|
+ auth.authenticationProvider(provider);
|
|
|
}
|
|
|
|
|
|
|
|
|
@@ -75,7 +66,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
|
|
.csrf().disable()
|
|
|
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
|
|
|
// 基于token,所以不需要session
|
|
|
-// .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
|
|
|
+ .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
|
|
|
.authorizeRequests()
|
|
|
.antMatchers ( "/401"
|
|
|
,"/404",
|
|
|
@@ -86,6 +77,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
|
|
"/weboffice/**",
|
|
|
"/ReportServer/**",
|
|
|
"/sys/login",
|
|
|
+ "/sys/loginGetToken",
|
|
|
"/app/sys/login",
|
|
|
"/sys/sysConfig/getConfig",
|
|
|
"/getAppFlowChart",
|
|
|
@@ -104,12 +96,9 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
|
|
.and ()
|
|
|
.apply(securityConfigurerAdapter());
|
|
|
|
|
|
- http.exceptionHandling().authenticationEntryPoint(casAuthenticationEntryPoint())
|
|
|
- .and()
|
|
|
- .addFilter(casAuthenticationFilter())
|
|
|
- .addFilterBefore(casLogoutFilter(),LogoutFilter.class)
|
|
|
- .addFilterBefore(singleSignOutFilter(), CasAuthenticationFilter.class);
|
|
|
-
|
|
|
+// http.exceptionHandling().and()
|
|
|
+// .addFilter(casLogoutFilter())
|
|
|
+// .addFilterBefore(singleSignOutFilter(), CasAuthenticationFilter.class);
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
@@ -128,72 +117,75 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
|
|
"/webjars/**");
|
|
|
}
|
|
|
|
|
|
- /**认证的入口*/
|
|
|
- @Bean
|
|
|
- public CasAuthenticationEntryPoint casAuthenticationEntryPoint() {
|
|
|
- CasAuthenticationEntryPoint casAuthenticationEntryPoint = new CasAuthenticationEntryPoint();
|
|
|
- casAuthenticationEntryPoint.setLoginUrl(casProperties.getCasServerLoginUrl());
|
|
|
- casAuthenticationEntryPoint.setServiceProperties(serviceProperties());
|
|
|
- return casAuthenticationEntryPoint;
|
|
|
- }
|
|
|
-
|
|
|
- /**指定service相关信息*/
|
|
|
- @Bean
|
|
|
- public ServiceProperties serviceProperties() {
|
|
|
- ServiceProperties serviceProperties = new ServiceProperties();
|
|
|
- serviceProperties.setService(casProperties.getAppServerUrl() + casProperties.getAppLoginUrl());
|
|
|
- serviceProperties.setAuthenticateAllArtifacts(true);
|
|
|
- return serviceProperties;
|
|
|
- }
|
|
|
-
|
|
|
- /**CAS认证过滤器*/
|
|
|
- @Bean
|
|
|
- public CasAuthenticationFilter casAuthenticationFilter() throws Exception {
|
|
|
- CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter();
|
|
|
- casAuthenticationFilter.setAuthenticationManager(authenticationManager());
|
|
|
- casAuthenticationFilter.setFilterProcessesUrl(casProperties.getAppLoginUrl());
|
|
|
- return casAuthenticationFilter;
|
|
|
- }
|
|
|
-
|
|
|
- /**cas 认证 Provider*/
|
|
|
- @Bean
|
|
|
- public CasAuthenticationProvider casAuthenticationProvider() {
|
|
|
- CasAuthenticationProvider casAuthenticationProvider = new CasAuthenticationProvider();
|
|
|
- casAuthenticationProvider.setAuthenticationUserDetailsService(customUserDetailsService());
|
|
|
- //casAuthenticationProvider.setUserDetailsService(customUserDetailsService()); //这里只是接口类型,实现的接口不一样,都可以的。
|
|
|
- casAuthenticationProvider.setServiceProperties(serviceProperties());
|
|
|
- casAuthenticationProvider.setTicketValidator(cas20ServiceTicketValidator());
|
|
|
- casAuthenticationProvider.setKey("casAuthenticationProviderKey");
|
|
|
- return casAuthenticationProvider;
|
|
|
- }
|
|
|
-
|
|
|
- /**用户自定义的AuthenticationUserDetailsService*/
|
|
|
- @Bean
|
|
|
- public AuthenticationUserDetailsService<CasAssertionAuthenticationToken> customUserDetailsService(){
|
|
|
- return new CustomUserDetailsService();
|
|
|
- }
|
|
|
-
|
|
|
- @Bean
|
|
|
- public Cas20ServiceTicketValidator cas20ServiceTicketValidator() {
|
|
|
- return new Cas20ServiceTicketValidator(casProperties.getCasServerUrl());
|
|
|
- }
|
|
|
-
|
|
|
- /**单点登出过滤器*/
|
|
|
- @Bean
|
|
|
- public SingleSignOutFilter singleSignOutFilter() {
|
|
|
- SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter();
|
|
|
- singleSignOutFilter.setCasServerUrlPrefix(casProperties.getCasServerUrl());
|
|
|
- singleSignOutFilter.setIgnoreInitConfiguration(true);
|
|
|
- return singleSignOutFilter;
|
|
|
- }
|
|
|
-
|
|
|
- /**请求单点退出过滤器*/
|
|
|
- @Bean
|
|
|
- public LogoutFilter casLogoutFilter() {
|
|
|
- LogoutFilter logoutFilter = new LogoutFilter(casProperties.getCasServerLogoutUrl(), new SecurityContextLogoutHandler());
|
|
|
- logoutFilter.setFilterProcessesUrl(casProperties.getAppServerUrl() + casProperties.getAppLogoutUrl());
|
|
|
- return logoutFilter;
|
|
|
- }
|
|
|
+// /**认证的入口*/
|
|
|
+// @Bean
|
|
|
+// public CasAuthenticationEntryPoint casAuthenticationEntryPoint() {
|
|
|
+// CasAuthenticationEntryPoint casAuthenticationEntryPoint = new CasAuthenticationEntryPoint();
|
|
|
+// casAuthenticationEntryPoint.setLoginUrl(casProperties.getCasServerLoginUrl());
|
|
|
+// casAuthenticationEntryPoint.setServiceProperties(serviceProperties());
|
|
|
+// return casAuthenticationEntryPoint;
|
|
|
+// }
|
|
|
+//
|
|
|
+// /**指定service相关信息*/
|
|
|
+// @Bean
|
|
|
+// public ServiceProperties serviceProperties() {
|
|
|
+// ServiceProperties serviceProperties = new ServiceProperties();
|
|
|
+// serviceProperties.setService(casProperties.getAppServerUrl() + casProperties.getAppLoginUrl());
|
|
|
+// serviceProperties.setAuthenticateAllArtifacts(true);
|
|
|
+// return serviceProperties;
|
|
|
+// }
|
|
|
+//
|
|
|
+// /**CAS认证过滤器*/
|
|
|
+// @Bean
|
|
|
+// public CasAuthenticationFilter casAuthenticationFilter() throws Exception {
|
|
|
+// CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter();
|
|
|
+// casAuthenticationFilter.setAuthenticationManager(authenticationManager());
|
|
|
+// casAuthenticationFilter.setFilterProcessesUrl(casProperties.getAppLoginUrl());
|
|
|
+// return casAuthenticationFilter;
|
|
|
+// }
|
|
|
+//
|
|
|
+// /**cas 认证 Provider*/
|
|
|
+// @Bean
|
|
|
+// public CasAuthenticationProvider casAuthenticationProvider() {
|
|
|
+// CasAuthenticationProvider casAuthenticationProvider = new CasAuthenticationProvider();
|
|
|
+// casAuthenticationProvider.setAuthenticationUserDetailsService(customUserDetailsService());
|
|
|
+// //casAuthenticationProvider.setUserDetailsService(customUserDetailsService()); //这里只是接口类型,实现的接口不一样,都可以的。
|
|
|
+// casAuthenticationProvider.setServiceProperties(serviceProperties());
|
|
|
+// casAuthenticationProvider.setTicketValidator(cas20ServiceTicketValidator());
|
|
|
+// casAuthenticationProvider.setKey("casAuthenticationProviderKey");
|
|
|
+// return casAuthenticationProvider;
|
|
|
+// }
|
|
|
+//
|
|
|
+// /**用户自定义的AuthenticationUserDetailsService*/
|
|
|
+// @Bean
|
|
|
+// public AuthenticationUserDetailsService<CasAssertionAuthenticationToken> customUserDetailsService(){
|
|
|
+// return new CustomUserDetailsService();
|
|
|
+// }
|
|
|
+//
|
|
|
+// @Bean
|
|
|
+// public Cas20ServiceTicketValidator cas20ServiceTicketValidator() {
|
|
|
+// Cas20ServiceTicketValidator ticketValidator = new Cas20ServiceTicketValidator(casProperties.getCasServerUrl());
|
|
|
+// ticketValidator.setEncoding("UTF-8");
|
|
|
+// return ticketValidator;
|
|
|
+// }
|
|
|
+//
|
|
|
+//
|
|
|
+// /**单点登出过滤器*/
|
|
|
+// @Bean
|
|
|
+// public SingleSignOutFilter singleSignOutFilter() {
|
|
|
+// SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter();
|
|
|
+// singleSignOutFilter.setCasServerUrlPrefix(casProperties.getCasServerUrl());
|
|
|
+// singleSignOutFilter.setIgnoreInitConfiguration(true);
|
|
|
+// return singleSignOutFilter;
|
|
|
+// }
|
|
|
+//
|
|
|
+// /**请求单点退出过滤器*/
|
|
|
+// @Bean
|
|
|
+// public LogoutFilter casLogoutFilter() {
|
|
|
+// LogoutFilter logoutFilter = new LogoutFilter(casProperties.getCasServerLogoutUrl(), new SecurityContextLogoutHandler());
|
|
|
+// logoutFilter.setFilterProcessesUrl(casProperties.getAppServerUrl() + casProperties.getAppLogoutUrl());
|
|
|
+// return logoutFilter;
|
|
|
+// }
|
|
|
|
|
|
/**
|
|
|
* 描述: 密码加密算法 BCrypt 推荐使用
|
user5