import com.vuebg.admin.security.JwtAuthenticationFilter;
import com.vuebg.admin.security.JwtAuthenticationProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler;/**
* Spring Security Config
* @author
* @date 2018-12-12*/@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled= true)public classWebSecurityConfig extends WebSecurityConfigurerAdapter {
@AutowiredprivateUserDetailsService userDetailsService;
@Overridepublic voidconfigure(AuthenticationManagerBuilder auth) throws Exception {//使用自定义身份验证组件
auth.authenticationProvider(newJwtAuthenticationProvider(userDetailsService));
}/**
* 添加不需要进行权限验证的url
* @param http
* @throws Exception*/@Overrideprotected voidconfigure(HttpSecurity http) throws Exception {//禁用 csrf, 由于使用的是JWT,我们这里不需要csrf
http.cors().and().csrf().disable()
.authorizeRequests()//跨域预检请求
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()...//修改密码
.antMatchers("/user/pwdupd").permitAll()//其他所有请求需要身份认证
.anyRequest().authenticated();//退出登录处理器
http.logout().logoutSuccessHandler(newHttpStatusReturningLogoutSuccessHandler());//token验证过滤器
http.addFilterBefore(new JwtAuthenticationFilter(authenticationManager()), UsernamePasswordAuthenticationFilter.class);
}
@Bean
@OverridepublicAuthenticationManager authenticationManager() throws Exception {returnsuper.authenticationManager();
}
}