Spring Boot——配置Spring Security配置类DEMO
源代码
package club.zstuca.myzstu.filter;import club.zstuca.myzstu.entity.Resource;
import club.zstuca.myzstu.entity.Role;
import club.zstuca.myzstu.mapper.ResourceMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.stereotype.Component;
import org.springframework.util.AntPathMatcher;import java.util.Collection;
import java.util.List;/*** @Author ShenTuZhiGang* @Version 1.0.0* @Date 2020-03-07 21:57*/
@Component
public class CustomFilterInvocationSecurityMetadataSourceimplements FilterInvocationSecurityMetadataSource {AntPathMatcher antPathMatcher = new AntPathMatcher();@Autowiredprivate ResourceMapper resourceMapper;@Overridepublic Collection getAttributes(Object o) throws IllegalArgumentException {String ruquestUrl = ((FilterInvocation) o).getRequestUrl();List resources = resourceMapper.getAllResource();for (Resource resource : resources){if(antPathMatcher.match(resource.getPattern(),ruquestUrl)){List roles = resource.getRoles();String[] roleArr = new String[roles.size()];for (int i = 0; i < roleArr.length;i++ ){roleArr[i] = roles.get(i).getName();}return SecurityConfig.createList(roleArr);}}return SecurityConfig.createList("ROLE_LOGIN");}@Overridepublic Collection getAllConfigAttributes() {return null;}@Overridepublic boolean supports(Class aClass) {return FilterInvocation.class.isAssignableFrom(aClass);}
}
package club.zstuca.myzstu.filter;import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.stereotype.Component;import java.util.Collection;/*** @Author ShenTuZhiGang* @Version 1.0.0* @Date 2020-03-07 22:26*/
@Component
public class CustomAccessDecisionManager implements AccessDecisionManager {@Overridepublic void decide(Authentication authentication, Object o, Collection collection) throws AccessDeniedException, InsufficientAuthenticationException {Collection auths = authentication.getAuthorities();for(ConfigAttribute configAttribute:collection){if("ROLE_LOGIN".equals(configAttribute.getAttribute())&& authentication instanceof UsernamePasswordAuthenticationToken){return;}for(GrantedAuthority authority : auths){if(configAttribute.getAttribute().equals(authority.getAuthority())){return;}}}throw new AccessDeniedException("权限不足");}@Overridepublic boolean supports(ConfigAttribute configAttribute) {return true;}@Overridepublic boolean supports(Class aClass) {return true;}
}
package club.zstuca.myzstu.config;import club.zstuca.myzstu.dto.ApiResponse;
import club.zstuca.myzstu.handler.AuthenticationAccessDeniedHandler;
import club.zstuca.myzstu.security.CustomAccessDecisionManager;
import club.zstuca.myzstu.security.CustomFilterInvocationSecurityMetadataSource;
import club.zstuca.myzstu.service.IUserService;
import club.zstuca.myzstu.utils.ApiResponseUtil;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;/*** @Author ShenTuZhiGang* @Version 1.0.0* @Date 2020-03-07 16:48*/
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class MyZSTUWebSecurityConfig extends WebSecurityConfigurerAdapter {@AutowiredIUserService iUserService;@AutowiredCustomFilterInvocationSecurityMetadataSource customFilterInvocationSecurityMetadataSource;@AutowiredCustomAccessDecisionManager customAccessDecisionManager;@AutowiredAuthenticationAccessDeniedHandler authenticationAccessDeniedHandler;@BeanPasswordEncoder passwordEncoder(){return NoOpPasswordEncoder.getInstance();}@Overridepublic void configure(WebSecurity web){web.ignoring().antMatchers("/index.html");}@Overrideprotected void configure(AuthenticationManagerBuilder auth)throws Exception{auth.userDetailsService(iUserService);}@Overrideprotected void configure(HttpSecurity http)throws Exception{http.authorizeRequests().withObjectPostProcessor(new ObjectPostProcessor() {@Overridepublic O postProcess(O object) {object.setSecurityMetadataSource(customFilterInvocationSecurityMetadataSource);object.setAccessDecisionManager(customAccessDecisionManager);return object;}}).and().formLogin()//.loginPage("/login").loginProcessingUrl("/login").usernameParameter("username").passwordParameter("password").failureHandler(new AuthenticationFailureHandler() {@Overridepublic void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {httpServletResponse.setContentType("application/json;charset=UTF-8");ApiResponse retTemp = ApiResponseUtil.getRetTemp();retTemp.setCode("400");retTemp.setMsg("登录失败");PrintWriter out = httpServletResponse.getWriter();out.write(new ObjectMapper().writeValueAsString(retTemp));out.flush();out.close();}}).successHandler(new AuthenticationSuccessHandler() {@Overridepublic void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {httpServletResponse.setContentType("application/json;charset=UTF-8");ApiResponse retTemp = ApiResponseUtil.getRetTemp();retTemp.setCode("200");retTemp.setMsg("登录成功");retTemp.setData(authentication.getPrincipal());PrintWriter out = httpServletResponse.getWriter();out.write(new ObjectMapper().writeValueAsString(retTemp));out.flush();out.close();}}).permitAll().and().logout().permitAll().and().csrf().disable().exceptionHandling().accessDeniedHandler(authenticationAccessDeniedHandler);}
}
教学资源
https://www.bilibili.com/video/av73730658?p=13
常见问题
Filter过滤器注入Bean时注入失败[NULL]
参考文章
https://blog.csdn.net/qushapos/article/details/84940810
https://segmentfault.com/a/1190000010232638
https://blog.csdn.net/lichuangcsdn/article/details/95041605
https://github.com/lenve/vhr
本文来自互联网用户投稿,文章观点仅代表作者本人,不代表本站立场,不承担相关法律责任。如若转载,请注明出处。 如若内容造成侵权/违法违规/事实不符,请点击【内容举报】进行投诉反馈!