83 lines
3.1 KiB
Java
83 lines
3.1 KiB
Java
package com.cm.partybuilding.config;
|
|
|
|
import com.cm.common.config.properties.OauthProperties;
|
|
import com.cm.common.plugin.converter.ClientUserAccessTokenConverter;
|
|
import com.cm.common.plugin.utils.RestTemplateUtil;
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
|
|
import org.springframework.context.annotation.Bean;
|
|
import org.springframework.context.annotation.Primary;
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
|
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
|
|
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
|
|
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
|
|
|
|
/**
|
|
* @ClassName: AuthClientSecurityConfig
|
|
* @Description: 党建系统认证配置
|
|
* @Author: WenG
|
|
* @Date: 2020-10-15
|
|
**/
|
|
@EnableWebSecurity
|
|
@EnableOAuth2Sso
|
|
public class AuthClientSecurityConfig extends WebSecurityConfigurerAdapter {
|
|
|
|
@Autowired
|
|
private OauthProperties authServer;
|
|
@Autowired
|
|
private RestTemplateUtil restTemplateUtil;
|
|
@Autowired
|
|
private OauthProperties oauthProperties;
|
|
|
|
@Override
|
|
protected void configure(HttpSecurity http) throws Exception {
|
|
http.formLogin()
|
|
.defaultSuccessUrl("/authorize", true)
|
|
.and()
|
|
.logout().logoutSuccessUrl(authServer.getOauthLogout())
|
|
.and()
|
|
.authorizeRequests().antMatchers("/app/**", "/route/file/**", "/assets/**","/resource/**").permitAll()
|
|
.and()
|
|
.authorizeRequests()
|
|
.anyRequest()
|
|
.access("@clientRbacService.hasPermission(request, authentication)")
|
|
.and()
|
|
.headers().frameOptions().sameOrigin()
|
|
.and()
|
|
.cors()
|
|
.and()
|
|
.csrf().disable();
|
|
}
|
|
|
|
@Bean
|
|
@Primary
|
|
public DefaultTokenServices defaultTokenServices() {
|
|
DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
|
|
defaultTokenServices.setTokenStore(jwtTokenStore());
|
|
return defaultTokenServices;
|
|
}
|
|
|
|
@Bean
|
|
public JwtTokenStore jwtTokenStore() {
|
|
return new JwtTokenStore(jwtAccessTokenConverter());
|
|
}
|
|
|
|
@Bean
|
|
public JwtAccessTokenConverter jwtAccessTokenConverter() {
|
|
JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
|
|
jwtAccessTokenConverter.setAccessTokenConverter(new ClientUserAccessTokenConverter(this.oauthProperties, this.restTemplateUtil));
|
|
jwtAccessTokenConverter.setSigningKey("cmxx");
|
|
return jwtAccessTokenConverter;
|
|
}
|
|
|
|
@Bean
|
|
public PasswordEncoder passwordEncoder() {
|
|
return new BCryptPasswordEncoder();
|
|
}
|
|
|
|
}
|