Merge branch 'jdk17' into jdk17-dev

2024-12-22 12:48:58 +08:00 · 2024-12-14 16:13:39 +08:00 · 2024-12-14 16:13:39 +08:00 · 010774c689
commit 010774c689
parent 4d29f55fe4 0193824670
1 changed files with 0 additions and 77 deletions
--- a/pig-auth/src/main/java/com/pig4cloud/pig/auth/config/WebSecurityConfiguration.java
+++ b/pig-auth/src/main/java/com/pig4cloud/pig/auth/config/WebSecurityConfiguration.java
@ -1,77 +0,0 @@
-/*
- * Copyright (c) 2020 pig4cloud Authors. All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.pig4cloud.pig.auth.config;
-
-import com.pig4cloud.pig.auth.support.core.FormIdentityLoginConfigurer;
-import com.pig4cloud.pig.auth.support.core.PigDaoAuthenticationProvider;
-import org.springframework.context.annotation.Bean;
-import org.springframework.core.annotation.Order;
-import org.springframework.security.config.Customizer;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
-import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
-import org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer;
-import org.springframework.security.web.SecurityFilterChain;
-
-/**
- * 服务安全相关配置
- *
- * @author lengleng
- * @date 2022/1/12
- */
-@EnableWebSecurity
-public class WebSecurityConfiguration {
-
-	/**
-	 * spring security 默认的安全策略
-	 * @param http security注入点
-	 * @return SecurityFilterChain
-	 * @throws Exception
-	 */
-	@Bean
-	SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
-		http.authorizeHttpRequests(authorizeRequests -> authorizeRequests.requestMatchers("/token/*")
-			.permitAll()// 开放自定义的部分端点
-			.anyRequest()
-			.authenticated()).headers(header -> header.frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin)// 避免iframe同源无法登录许iframe
-		).with(new FormIdentityLoginConfigurer(), Customizer.withDefaults()); // 表单登录个性化
-		// 处理 UsernamePasswordAuthenticationToken
-		http.authenticationProvider(new PigDaoAuthenticationProvider());
-		return http.build();
-	}
-
-	/**
-	 * 暴露静态资源
-	 *
-	 * https://github.com/spring-projects/spring-security/issues/10938
-	 * @param http
-	 * @return
-	 * @throws Exception
-	 */
-	@Bean
-	@Order(0)
-	SecurityFilterChain resources(HttpSecurity http) throws Exception {
-		http.securityMatchers((matchers) -> matchers.requestMatchers("/actuator/**", "/css/**", "/error"))
-			.authorizeHttpRequests((authorize) -> authorize.anyRequest().permitAll())
-			.requestCache(RequestCacheConfigurer::disable)
-			.securityContext(AbstractHttpConfigurer::disable)
-			.sessionManagement(AbstractHttpConfigurer::disable);
-		return http.build();
-	}
-
-}