diff --git a/src/main/java/io/qyi/e5/bean/core/WebExceptionAspect.java b/src/main/java/io/qyi/e5/bean/core/WebExceptionAspect.java index 7518441..2577017 100644 --- a/src/main/java/io/qyi/e5/bean/core/WebExceptionAspect.java +++ b/src/main/java/io/qyi/e5/bean/core/WebExceptionAspect.java @@ -4,6 +4,7 @@ import com.baomidou.mybatisplus.core.toolkit.StringUtils; import com.fasterxml.jackson.core.JsonGenerator; import com.fasterxml.jackson.databind.ObjectMapper; import io.qyi.e5.util.ResultUtil; +import lombok.extern.slf4j.Slf4j; import org.aspectj.lang.JoinPoint; import org.aspectj.lang.annotation.AfterThrowing; import org.aspectj.lang.annotation.Aspect; @@ -26,6 +27,7 @@ import java.io.PrintWriter; **/ @Aspect @Component +@Slf4j public class WebExceptionAspect { private final Logger logger = LoggerFactory.getLogger(this.getClass()); @@ -58,6 +60,11 @@ public class WebExceptionAspect { * @param content 输出内容 */ public static void writeContent(Integer code, String content, long time) { + if (RequestContextHolder.getRequestAttributes()==null) { + log.error("writeContent 异常!"); + return; + } + HttpServletResponse response = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()) .getResponse(); response.setCharacterEncoding("UTF-8"); diff --git a/src/main/java/io/qyi/e5/config/security/SecurityConfig.java b/src/main/java/io/qyi/e5/config/security/SecurityConfig.java index d5fe0a2..6005f87 100644 --- a/src/main/java/io/qyi/e5/config/security/SecurityConfig.java +++ b/src/main/java/io/qyi/e5/config/security/SecurityConfig.java @@ -1,11 +1,17 @@ package io.qyi.e5.config.security; import io.qyi.e5.config.security.filter.LinkTokenAuthenticationFilter; +import io.qyi.e5.config.security.filter.LoginAuthenticationFilter; +import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Configuration; +import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.ObjectPostProcessor; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; @@ -20,42 +26,59 @@ import org.springframework.security.web.authentication.UsernamePasswordAuthentic **/ @Configuration @EnableWebSecurity //开启wen安全功能 +@EnableGlobalMethodSecurity(prePostEnabled = true) +@Slf4j public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired SecurityAuthenticationHandler securityAuthenticationHandler; - - @Autowired - UsernamePasswordAuthenticationConfig usernamePasswordAuthenticationConfig; - + UsernamePasswordAuthenticationProvider usernamePasswordAuthenticationProvider; @Autowired UrlAccessDecisionManager myAccessDecisionManager; - @Autowired UrlInvocationSecurityMetadataSourceService myInvocationSecurityMetadataSourceService; + @Value("${web.static.filtrate}") + String[] webFiltrate; @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { System.out.println("AuthenticationManagerBuilder auth"); } + @Override + public void configure(WebSecurity web) throws Exception { +// super.configure(web); + /*放行静态资源*/ + web.ignoring().antMatchers(webFiltrate); + } + // 通过重载该方法,可配置如何通过拦截器保护请求。 @Override protected void configure(HttpSecurity http) throws Exception { System.out.println("HttpSecurity http"); + /*自定义*/ + http.csrf().disable(); + LoginAuthenticationFilter authenticationFilter = new LoginAuthenticationFilter(); + + log.info("自定义用户认证处理逻辑"); +// 自定义用户认证处理逻辑时,需要指定AuthenticationManager,否则无法认证 + authenticationFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class)); + +// 指定自定义的认证成功和失败的处理器 + authenticationFilter.setAuthenticationSuccessHandler(securityAuthenticationHandler); + authenticationFilter.setAuthenticationFailureHandler(securityAuthenticationHandler); + +// 把自定义的用户名密码认证过滤器和处理器添加到UsernamePasswordAuthenticationFilter过滤器之前 + http.authenticationProvider(usernamePasswordAuthenticationProvider).addFilterBefore(authenticationFilter, UsernamePasswordAuthenticationFilter.class); + http.authorizeRequests().anyRequest().authenticated().withObjectPostProcessor(filterSecurityInterceptorObjectPostProcessor()); + http.addFilterBefore(new LinkTokenAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class); + /*关闭创建session*/ http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); -// http.authorizeRequests().antMatchers("/user/login", "/user/loginFrom", "/auth2/getGithubUrl").permitAll()// 指定相应的请求 不需要验证 -// .accessDecisionManager(myAccessDecisionManager) - http.authorizeRequests(). - anyRequest().authenticated().withObjectPostProcessor(filterSecurityInterceptorObjectPostProcessor()); - http.addFilterBefore(new LinkTokenAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class); - /*自定义*/ - http.csrf().disable().apply(usernamePasswordAuthenticationConfig); - //自定义过滤器 } + /** * 自定义 FilterSecurityInterceptor ObjectPostProcessor 以替换默认配置达到动态权限的目的 * @return ObjectPostProcessor diff --git a/src/main/java/io/qyi/e5/config/security/UsernamePasswordAuthenticationConfig.java b/src/main/java/io/qyi/e5/config/security/UsernamePasswordAuthenticationConfig.java deleted file mode 100644 index 27beae0..0000000 --- a/src/main/java/io/qyi/e5/config/security/UsernamePasswordAuthenticationConfig.java +++ /dev/null @@ -1,51 +0,0 @@ -package io.qyi.e5.config.security; - -import io.qyi.e5.config.security.filter.LinkTokenAuthenticationFilter; -import io.qyi.e5.config.security.filter.LoginAuthenticationFilter; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.Bean; -import org.springframework.security.authentication.AuthenticationManager; -import org.springframework.security.config.annotation.SecurityConfigurerAdapter; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.web.DefaultSecurityFilterChain; -import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; -import org.springframework.stereotype.Component; - -/** - * @program: e5 - * @description: - * @author: 落叶随风 - * @create: 2020-02-28 16:24 - **/ -@Component -public class UsernamePasswordAuthenticationConfig extends SecurityConfigurerAdapter { - private final Logger logger = LoggerFactory.getLogger(this.getClass()); - @Autowired - UsernamePasswordAuthenticationProvider usernamePasswordAuthenticationProvider; - @Autowired - SecurityAuthenticationHandler securityAuthenticationHandler; - - - @Override - public void configure(HttpSecurity http) throws Exception { - LoginAuthenticationFilter authenticationFilter = new LoginAuthenticationFilter(); - - - logger.info("自定义用户认证处理逻辑"); -// 自定义用户认证处理逻辑时,需要指定AuthenticationManager,否则无法认证 - authenticationFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class)); - -// 指定自定义的认证成功和失败的处理器 - authenticationFilter.setAuthenticationSuccessHandler(securityAuthenticationHandler); - authenticationFilter.setAuthenticationFailureHandler(securityAuthenticationHandler); -// 把自定义的用户名密码认证过滤器和处理器添加到UsernamePasswordAuthenticationFilter过滤器之前 - http.authenticationProvider(usernamePasswordAuthenticationProvider) - .addFilterBefore(authenticationFilter, UsernamePasswordAuthenticationFilter.class); - - - } - -} diff --git a/src/main/java/io/qyi/e5/config/security/filter/LinkTokenAuthenticationFilter.java b/src/main/java/io/qyi/e5/config/security/filter/LinkTokenAuthenticationFilter.java index 02510e2..2c5f21a 100644 --- a/src/main/java/io/qyi/e5/config/security/filter/LinkTokenAuthenticationFilter.java +++ b/src/main/java/io/qyi/e5/config/security/filter/LinkTokenAuthenticationFilter.java @@ -52,7 +52,7 @@ public class LinkTokenAuthenticationFilter extends OncePerRequestFilter { log.info("--------------Token鉴权---------------"); /*设置跨域*/ HttpServletResponse response = httpServletResponse; - response.setHeader("Access-Control-Allow-Origin", "*"); + response.setHeader("Access-Control-Allow-Origin", "e5.qyi.io"); response.setHeader("Access-Control-Allow-Credentials", "true"); response.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST"); response.setHeader("Access-Control-Max-Age", "3600"); diff --git a/src/main/java/io/qyi/e5/config/security/filter/LoginAuthenticationFilter.java b/src/main/java/io/qyi/e5/config/security/filter/LoginAuthenticationFilter.java index 7ea95d9..dbc8e66 100644 --- a/src/main/java/io/qyi/e5/config/security/filter/LoginAuthenticationFilter.java +++ b/src/main/java/io/qyi/e5/config/security/filter/LoginAuthenticationFilter.java @@ -1,6 +1,7 @@ package io.qyi.e5.config.security.filter; import io.qyi.e5.config.security.UsernamePasswordAuthenticationToken; +import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.StringUtils; import org.springframework.http.HttpMethod; import org.springframework.security.authentication.AuthenticationServiceException; @@ -23,6 +24,7 @@ import java.io.IOException; * @author: 落叶随风 * @create: 2020-02-28 11:56 **/ +@Slf4j public class LoginAuthenticationFilter extends AbstractAuthenticationProcessingFilter { protected LoginAuthenticationFilter(String defaultFilterProcessesUrl) { super(defaultFilterProcessesUrl); @@ -34,6 +36,7 @@ public class LoginAuthenticationFilter extends AbstractAuthenticationProcessingF public LoginAuthenticationFilter() { super(new AntPathRequestMatcher("/auth2/receive", "GET")); + log.info("注册 LoginAuthenticationFilter"); }