package com.mes.common.config;
|
|
|
import com.mes.common.filter.JwtAuthenticationTokenFilter;
|
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Configuration;
|
import org.springframework.security.authentication.AuthenticationManager;
|
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
import org.springframework.security.config.http.SessionCreationPolicy;
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
|
@Configuration
|
//@EnableWebSecurity
|
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
public class TokenWebSecurityConfig extends WebSecurityConfigurerAdapter {
|
@Autowired
|
private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;
|
|
@Bean
|
public PasswordEncoder passwordEncoder() {
|
return new BCryptPasswordEncoder();
|
}
|
|
/**
|
* 配置过滤规则
|
*/
|
@Override
|
protected void configure(HttpSecurity http) throws Exception {
|
http
|
//关闭csrf
|
.csrf().disable()
|
//不通过Session获取SecurityContext
|
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
|
.and()
|
.authorizeRequests()
|
// 对于登录接口 允许匿名访问
|
.antMatchers("/userinfo/login").anonymous()
|
.antMatchers("/hello").permitAll()
|
// 除上面外的所有请求全部需要鉴权认证
|
.anyRequest().permitAll();
|
// http.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
|
}
|
|
@Bean
|
@Override
|
public AuthenticationManager authenticationManagerBean() throws Exception {
|
return super.authenticationManagerBean();
|
}
|
}
|
