Home Explore Help
Sign In
liaoyitao
/
CMJKC-SERVER
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 4a16c75a37
Branches Tags
CMJKC-SERVER
/
src
/
main
/
java
/
com
/
lqkj
/
framework
/
security
/
ResourceServerConfig.java

ResourceServerConfig.java 2.7 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263 
  1. package com.lqkj.framework.security;
    2. 

  2. 

  3. 

  4. import com.lqkj.framework.security.handler.CustomAuthExceptionEntryPoint;
    5. 

  5. import com.lqkj.framework.security.handler.CustomAuthenctiationFailureHandler;
    6. 

  6. import com.lqkj.framework.security.handler.CustomAuthenticationSuccessHandler;
    7. 

  7. import com.lqkj.framework.security.handler.CustomLogoutSuccessHandler;
    8. 

  8. import org.springframework.beans.factory.annotation.Autowired;
    9. 

  9. import org.springframework.context.annotation.Configuration;
    10. 

  10. import org.springframework.security.config.annotation.web.builders.HttpSecurity;
    11. 

  11. import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
    12. 

  12. import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
    13. 

  13. import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
    14. 

  14. 

  15. /**
    16. 

  16.  * 资源服务器配置
    17. 

  17.  */
    18. 

  18. @Configuration
    19. 

  19. @EnableResourceServer
    20. 

  20. public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
    21. 

  21. 

  22.     @Autowired
    23. 

  23.     private CustomAuthenctiationFailureHandler customAuthenctiationFailureHandler;
    24. 

  24.     @Autowired
    25. 

  25.     private CustomAuthenticationSuccessHandler customAuthenticationSuccessHandler;
    26. 

  26.     @Autowired
    27. 

  27.     private CustomAuthExceptionEntryPoint customAuthExceptionEntryPoint;
    28. 

  28.     @Autowired
    29. 

  29.     private CustomLogoutSuccessHandler customLogoutSuccessHandler;
    30. 

  30.     @Override
    31. 

  31.     public void configure(ResourceServerSecurityConfigurer resources) {
    32. 

  32.         resources.authenticationEntryPoint(customAuthExceptionEntryPoint);
    33. 

  33.     }
    34. 

  34.     @Override
    35. 

  35.     public void configure(HttpSecurity http) throws Exception {
    36. 

  36.         http.formLogin()
    37. 

  37.                 .loginProcessingUrl("/login")
    38. 

  38.                 .successHandler(customAuthenticationSuccessHandler)
    39. 

  39.                 .failureHandler(customAuthenctiationFailureHandler)
    40. 

  40.                 .and()
    41. 

  41.                 .logout()
    42. 

  42.                 .logoutUrl("/logout").logoutSuccessHandler(customLogoutSuccessHandler)
    43. 

  43.                 .and()
    44. 

  44.                 .authorizeRequests()
    45. 

  45.                 .antMatchers("/oauth/**",
    46. 

  46.                 "/v1/captchaImage",
    47. 

  47.                 "/business/cmsNews/front/**",
    48. 

  48.                 "/business/cmsCategory/front/**",
    49. 

  49.                 "/login",
    50. 

  50.                 "/**/*.css",
    51. 

  51.                 "/**/*.js",
    52. 

  52.                 "/profile/**").permitAll() //不需要身份认证即可访问
    53. 

  53.                 .antMatchers("/swagger-resources/**").anonymous()
    54. 

  54.                 .antMatchers("/webjars/**").anonymous()
    55. 

  55.                 .antMatchers("/*/api-docs").anonymous()
    56. 

  56.                 .anyRequest().authenticated() //其他请求路径都需要身份认证
    57. 

  57.                 .and().headers().frameOptions().disable()//支持前端vue中iframe中访问
    58. 

  58.                 .and().cors()
    59. 

  59.                 .and().csrf().disable();
    60. 

  60.     }
    61. 

  61. 

  62. 

  63. }
    64.