mirror of
https://gitee.com/log4j/pig.git
synced 2025-01-03 23:42:22 +08:00
Spring Security 6.1 Lambda
This commit is contained in:
parent
ff6759e2a5
commit
4aaf739854
@ -22,6 +22,9 @@ import org.springframework.context.annotation.Bean;
|
|||||||
import org.springframework.core.annotation.Order;
|
import org.springframework.core.annotation.Order;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
|
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||||
|
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
|
||||||
|
import org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer;
|
||||||
import org.springframework.security.web.SecurityFilterChain;
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -42,8 +45,10 @@ public class WebSecurityConfiguration {
|
|||||||
@Bean
|
@Bean
|
||||||
SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
|
SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||||
http.authorizeHttpRequests(authorizeRequests -> authorizeRequests.requestMatchers("/token/*").permitAll()// 开放自定义的部分端点
|
http.authorizeHttpRequests(authorizeRequests -> authorizeRequests.requestMatchers("/token/*").permitAll()// 开放自定义的部分端点
|
||||||
.anyRequest().authenticated()).headers().frameOptions().sameOrigin()// 避免iframe同源无法登录
|
.anyRequest().authenticated()).headers(httpSecurityHeadersConfigurer -> {
|
||||||
.and().apply(new FormIdentityLoginConfigurer()); // 表单登录个性化
|
// 避免iframe同源无法登录
|
||||||
|
httpSecurityHeadersConfigurer.frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin);
|
||||||
|
}).apply(new FormIdentityLoginConfigurer()); // 表单登录个性化
|
||||||
// 处理 UsernamePasswordAuthenticationToken
|
// 处理 UsernamePasswordAuthenticationToken
|
||||||
http.authenticationProvider(new PigDaoAuthenticationProvider());
|
http.authenticationProvider(new PigDaoAuthenticationProvider());
|
||||||
return http.build();
|
return http.build();
|
||||||
@ -51,7 +56,7 @@ public class WebSecurityConfiguration {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* 暴露静态资源
|
* 暴露静态资源
|
||||||
*
|
* <p>
|
||||||
* https://github.com/spring-projects/spring-security/issues/10938
|
* https://github.com/spring-projects/spring-security/issues/10938
|
||||||
* @param http
|
* @param http
|
||||||
* @return
|
* @return
|
||||||
@ -61,8 +66,9 @@ public class WebSecurityConfiguration {
|
|||||||
@Order(0)
|
@Order(0)
|
||||||
SecurityFilterChain resources(HttpSecurity http) throws Exception {
|
SecurityFilterChain resources(HttpSecurity http) throws Exception {
|
||||||
http.securityMatchers((matchers) -> matchers.requestMatchers("/actuator/**", "/css/**", "/error"))
|
http.securityMatchers((matchers) -> matchers.requestMatchers("/actuator/**", "/css/**", "/error"))
|
||||||
.authorizeHttpRequests((authorize) -> authorize.anyRequest().permitAll()).requestCache().disable()
|
.authorizeHttpRequests((authorize) -> authorize.anyRequest().permitAll())
|
||||||
.securityContext().disable().sessionManagement().disable();
|
.requestCache(RequestCacheConfigurer::disable).securityContext(AbstractHttpConfigurer::disable)
|
||||||
|
.sessionManagement(AbstractHttpConfigurer::disable);
|
||||||
return http.build();
|
return http.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -8,7 +8,7 @@ import org.springframework.security.config.annotation.web.configurers.AbstractHt
|
|||||||
/**
|
/**
|
||||||
* @author lengleng
|
* @author lengleng
|
||||||
* @data 2022-06-04
|
* @data 2022-06-04
|
||||||
*
|
* <p>
|
||||||
* 基于授权码模式 统一认证登录 spring security & sas 都可以使用 所以抽取成 HttpConfigurer
|
* 基于授权码模式 统一认证登录 spring security & sas 都可以使用 所以抽取成 HttpConfigurer
|
||||||
*/
|
*/
|
||||||
public final class FormIdentityLoginConfigurer
|
public final class FormIdentityLoginConfigurer
|
||||||
@ -21,9 +21,13 @@ public final class FormIdentityLoginConfigurer
|
|||||||
formLogin.loginProcessingUrl("/token/form");
|
formLogin.loginProcessingUrl("/token/form");
|
||||||
formLogin.failureHandler(new FormAuthenticationFailureHandler());
|
formLogin.failureHandler(new FormAuthenticationFailureHandler());
|
||||||
|
|
||||||
}).logout() // SSO登出成功处理
|
}).logout(httpSecurityLogoutConfigurer -> {
|
||||||
.logoutSuccessHandler(new SsoLogoutSuccessHandler()).deleteCookies("JSESSIONID")
|
// SSO登出成功处理
|
||||||
.invalidateHttpSession(true).and().csrf().disable();
|
httpSecurityLogoutConfigurer.logoutSuccessHandler(new SsoLogoutSuccessHandler()).deleteCookies("JSESSIONID")
|
||||||
|
.invalidateHttpSession(true);
|
||||||
|
}
|
||||||
|
|
||||||
|
).csrf(AbstractHttpConfigurer::disable);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -24,13 +24,15 @@ import org.springframework.core.Ordered;
|
|||||||
import org.springframework.core.annotation.Order;
|
import org.springframework.core.annotation.Order;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
|
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||||
|
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
|
||||||
import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
|
import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
|
||||||
import org.springframework.security.web.SecurityFilterChain;
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author lengleng
|
* @author lengleng
|
||||||
* @date 2022-06-04
|
* @date 2022-06-04
|
||||||
*
|
* <p>
|
||||||
* 资源服务器认证授权配置
|
* 资源服务器认证授权配置
|
||||||
*/
|
*/
|
||||||
@Slf4j
|
@Slf4j
|
||||||
@ -57,7 +59,9 @@ public class PigResourceServerConfiguration {
|
|||||||
oauth2 -> oauth2.opaqueToken(token -> token.introspector(customOpaqueTokenIntrospector))
|
oauth2 -> oauth2.opaqueToken(token -> token.introspector(customOpaqueTokenIntrospector))
|
||||||
.authenticationEntryPoint(resourceAuthExceptionEntryPoint)
|
.authenticationEntryPoint(resourceAuthExceptionEntryPoint)
|
||||||
.bearerTokenResolver(pigBearerTokenExtractor))
|
.bearerTokenResolver(pigBearerTokenExtractor))
|
||||||
.headers().frameOptions().disable().and().csrf().disable();
|
.headers(httpSecurityHeadersConfigurer -> httpSecurityHeadersConfigurer
|
||||||
|
.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable))
|
||||||
|
.csrf(AbstractHttpConfigurer::disable);
|
||||||
|
|
||||||
return http.build();
|
return http.build();
|
||||||
}
|
}
|
||||||
|
@ -20,6 +20,8 @@ import de.codecentric.boot.admin.server.config.AdminServerProperties;
|
|||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
|
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||||
|
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
|
||||||
import org.springframework.security.web.SecurityFilterChain;
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
|
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
|
||||||
|
|
||||||
@ -49,12 +51,21 @@ public class WebSecurityConfigurer {
|
|||||||
SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
|
SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
|
||||||
successHandler.setTargetUrlParameter("redirectTo");
|
successHandler.setTargetUrlParameter("redirectTo");
|
||||||
successHandler.setDefaultTargetUrl(adminContextPath + "/");
|
successHandler.setDefaultTargetUrl(adminContextPath + "/");
|
||||||
http.headers().frameOptions().disable().and().authorizeHttpRequests()
|
http.headers(httpSecurityHeadersConfigurer -> {
|
||||||
.requestMatchers(adminContextPath + "/assets/**", adminContextPath + "/login",
|
httpSecurityHeadersConfigurer.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable);
|
||||||
adminContextPath + "/instances/**", adminContextPath + "/actuator/**")
|
}).authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
|
||||||
.permitAll().anyRequest().authenticated().and().formLogin().loginPage(adminContextPath + "/login")
|
authorizationManagerRequestMatcherRegistry
|
||||||
.successHandler(successHandler).and().logout().logoutUrl(adminContextPath + "/logout").and().httpBasic()
|
.requestMatchers(adminContextPath + "/assets/**", adminContextPath + "/login",
|
||||||
.and().csrf().disable();
|
adminContextPath + "/instances/**", adminContextPath + "/actuator/**")
|
||||||
|
.permitAll().anyRequest().authenticated();
|
||||||
|
|
||||||
|
}).formLogin(httpSecurityFormLoginConfigurer -> {
|
||||||
|
httpSecurityFormLoginConfigurer.loginPage(adminContextPath + "/login");
|
||||||
|
httpSecurityFormLoginConfigurer.successHandler(successHandler);
|
||||||
|
}).logout(httpSecurityLogoutConfigurer -> {
|
||||||
|
httpSecurityLogoutConfigurer.logoutUrl(adminContextPath + "/logout");
|
||||||
|
}).httpBasic(httpSecurityHttpBasicConfigurer -> {
|
||||||
|
}).csrf(AbstractHttpConfigurer::disable);
|
||||||
return http.build();
|
return http.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user