Fix #381 disable auth config

This commit is contained in:
water.lyl 2019-01-13 13:19:12 +08:00
parent 2db55b1a71
commit a25e5eb650
3 changed files with 27 additions and 34 deletions

View File

@ -22,6 +22,7 @@ import com.alibaba.nacos.console.utils.JWTTokenUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.env.Environment;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.BeanIds;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
@ -56,6 +57,9 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private JWTTokenUtils tokenProvider;
@Autowired
private Environment env;
@Bean(name = BeanIds.AUTHENTICATION_MANAGER)
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
@ -69,39 +73,28 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) {
// TODO: we should use a better way to match the resources
// requests for resource and auth api are always allowed
web.ignoring()
.antMatchers("/")
.antMatchers("/**/*.css", "/**/*.js", "/**/*.html", "/**/*.map", "/**/*.svg", "/**/*.png", "/**/*.ico")
.antMatchers("/**.css", "/**.js", "/**.html", "/**.map", "/**.svg", "/**.png", "/**.ico")
.antMatchers("/console-fe/public/*")
.antMatchers("/v1/auth/login")
.antMatchers("/v1/cs/health");
String ignoreURLs = env.getProperty("nacos.security.ignore.urls", "/**");
for (String ignoreURL : ignoreURLs.trim().split(",")) {
web.ignoring().antMatchers(ignoreURL.trim());
}
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated().and()
// custom token authorize exception handler
.exceptionHandling()
.authenticationEntryPoint(unauthorizedHandler).and()
// since we use jwt, session is not necessary
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
// since we use jwt, csrf is not necessary
.csrf().disable();
http.addFilterBefore(new JwtAuthenticationTokenFilter(tokenProvider), UsernamePasswordAuthenticationFilter.class);
// TODO 做开关是否开启登录功能
if (false) {
http.authorizeRequests().antMatchers("/").permitAll();
} else {
http
.authorizeRequests()
.anyRequest().authenticated().and()
// custom token authorize exception handler
.exceptionHandling()
.authenticationEntryPoint(unauthorizedHandler).and()
// since we use jwt, session is not necessary
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
// since we use jwt, csrf is not necessary
.csrf().disable();
http.addFilterBefore(new JwtAuthenticationTokenFilter(tokenProvider), UsernamePasswordAuthenticationFilter.class);
// disable cache
http.headers().cacheControl();
}
// disable cache
http.headers().cacheControl();
}
@Bean

View File

@ -41,8 +41,10 @@ db.url.1=jdbc:mysql://11.163.152.91:3306/diamond_devtest?characterEncoding=utf8&
db.user=diamond_devtest
db.password=4b9622f3f70c7677835ac5a6719e7caf
#spring.security.enabled=false
#management.security=false
#security.basic.enabled=false
#nacos.security.ignore.urls=/**
nacos.security.ignore.urls=/,/**/*.css,/**/*.js,/**/*.html,/**/*.map,/**/*.svg,/**/*.png,/**/*.ico,/console-fe/public/*,/v1/auth/login,/v1/auth/health
enableAccessControl=false

View File

@ -184,8 +184,6 @@ CREATE TABLE roles (
role varchar(50) NOT NULL
);
INSERT INTO users (username, password, enabled) VALUES ('user', '$2a$16$71d1ewoFISFmOz1omV3o7OS6yZVx1YS9agqXZjdHebyVCS3wsJeVy', TRUE);
INSERT INTO users (username, password, enabled) VALUES ('admin', '$2a$16$71d1ewoFISFmOz1omV3o7OS6yZVx1YS9agqXZjdHebyVCS3wsJeVy', TRUE);
INSERT INTO users (username, password, enabled) VALUES ('admin', '$2a$10$HxtJtd59imujvbux.i55zOGewhnJiLVXX8D9AETDMV.XtBLDGOXtW', TRUE);
INSERT INTO roles (username, role) VALUES ('user', 'ROLE_USER');
INSERT INTO roles (username, role) VALUES ('admin', 'ROLE_ADMIN');