package com.lqkj.framework.security;


import com.lqkj.framework.security.handler.CustomAuthExceptionEntryPoint;
import com.lqkj.framework.security.handler.CustomAuthenctiationFailureHandler;
import com.lqkj.framework.security.handler.CustomAuthenticationSuccessHandler;
import com.lqkj.framework.security.handler.CustomLogoutSuccessHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;

/**
 * 资源服务器配置
 */
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Autowired
    private CustomAuthenctiationFailureHandler customAuthenctiationFailureHandler;
    @Autowired
    private CustomAuthenticationSuccessHandler customAuthenticationSuccessHandler;
    @Autowired
    private CustomAuthExceptionEntryPoint customAuthExceptionEntryPoint;
    @Autowired
    private CustomLogoutSuccessHandler customLogoutSuccessHandler;
    @Override
    public void configure(ResourceServerSecurityConfigurer resources) {
        resources.authenticationEntryPoint(customAuthExceptionEntryPoint);
    }
    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.formLogin()
                .loginProcessingUrl("/login")
                .successHandler(customAuthenticationSuccessHandler)
                .failureHandler(customAuthenctiationFailureHandler)
                .and()
                .logout()
                .logoutUrl("/logout").logoutSuccessHandler(customLogoutSuccessHandler)
                .and()
                .authorizeRequests()
                .antMatchers("/oauth/**",
                "/v1/captchaImage",
                "/business/cmsNews/front/**",
                "/business/cmsCategory/front/**",
                "/login",
                "/**/*.css",
                "/**/*.js",
                "/profile/**").permitAll() //不需要身份认证即可访问
                .antMatchers("/swagger-resources/**").anonymous()
                .antMatchers("/webjars/**").anonymous()
                .antMatchers("/*/api-docs").anonymous()
                .anyRequest().authenticated() //其他请求路径都需要身份认证
                .and().headers().frameOptions().disable()//支持前端vue中iframe中访问
                .and().cors()
                .and().csrf().disable();
    }


}