类 WebSecurityConfig
java.lang.Object
com.iplatform.core.PlatformConfiguration
com.iplatform.security.config.WebSecurityConfig
@Configuration
public class WebSecurityConfig
extends com.iplatform.core.PlatformConfiguration
-
字段概要
从类继承的字段 com.iplatform.core.PlatformConfiguration
logger -
构造器概要
构造器构造器说明WebSecurityConfig(MenuCacheProvider menuCacheProvider, UserServiceImpl userService, com.walker.web.UserOnlineProvider userOnlineProvider, UserCacheProvider userCacheProvider, UserLoginCache userLoginCache) -
方法概要
修饰符和类型方法说明org.springframework.security.access.AccessDecisionManagerorg.springframework.security.web.access.AccessDeniedHandler已认证用户拒绝访问资源。org.springframework.security.web.authentication.AuthenticationFailureHandlerorg.springframework.security.authentication.AuthenticationManagerauthenticationManager(org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration authenticationConfiguration) 获取AuthenticationManager(认证管理器),登录时认证使用authenticationProvider(org.springframework.security.core.userdetails.UserDetailsService userDetailsService, SecurityProperties securityProperties) 配置自定义认证提供者,自己实现密码认证细节,否则spring会默认密码比较,导致手机短信验证码作为密码比较失效。captchaPasswordLoginCallback(com.walker.web.TokenGenerator tokenGenerator, org.springframework.security.crypto.password.PasswordEncoder passwordEncoder, SecurityProperties securityProperties, com.walker.web.CaptchaProvider<com.walker.web.CaptchaResult> smsCaptchaProvider, com.walker.web.CaptchaProvider<com.walker.web.CaptchaResult> imageCaptchaProvider, JigsawCaptchaProvider jigsawCaptchaProvider) 用户名、密码(明文)登录方式回调实现,包含:验证码组件,适合PC端使用。org.springframework.web.filter.CorsFilter解决同源跨域问题。org.springframework.security.web.AuthenticationEntryPoint匿名用户无法访问异常返回org.springframework.security.web.SecurityFilterChainfilterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http) HttpSecurity:忽略 antMatchers 中使用的端点的身份验证,其他安全功能将生效。jwtAuthenticationTokenFilter(DefaultUserDetailsService userDetailsService) 定义token过滤器org.springframework.security.web.authentication.logout.LogoutSuccessHandlermobilePassCaptchaLoginCallback(org.springframework.security.crypto.password.PasswordEncoder passwordEncoder, com.walker.web.TokenGenerator tokenGenerator, SecurityProperties securityProperties, com.walker.web.CaptchaProvider<com.walker.web.CaptchaResult> smsCaptchaProvider, com.walker.web.CaptchaProvider<com.walker.web.CaptchaResult> imageCaptchaProvider, JigsawCaptchaProvider jigsawCaptchaProvider) 移动端使用:用户名、密码(AES) + 普通验证码登录方式。noneCaptchaPasswordLoginCallback(org.springframework.security.crypto.password.PasswordEncoder passwordEncoder, com.walker.web.TokenGenerator tokenGenerator) 账号、密码(加密方式)登录的回调实现,不包含:用户验证码。org.springframework.security.crypto.password.PasswordEncodercom.walker.web.security.ResourceLoadProvider把资源提供者独立出来,可以复用。roleSecurityUpdateListener(com.walker.web.security.ResourceLoadProvider resourceLoadProvider) 角色权限变更后,处理通知,并重新加载资源信息。org.springframework.security.web.access.intercept.FilterSecurityInterceptorcom.walker.web.security.DefaultSecurityMetadataSourcesecurityMetadataSource(com.walker.web.security.ResourceLoadProvider resourceLoadProvider) smsCodeLoginCallback(com.walker.web.TokenGenerator tokenGenerator, com.walker.cache.CacheProvider<String> captchaCacheProvider, SecurityProperties securityProperties, com.walker.web.CaptchaProvider<com.walker.web.CaptchaResult> smsCaptchaProvider, com.walker.web.CaptchaProvider<com.walker.web.CaptchaResult> imageCaptchaProvider, JigsawCaptchaProvider jigsawCaptchaProvider) 短信验证码登录方式回调实现。thirdPartyLoginCallback(org.springframework.security.crypto.password.PasswordEncoder passwordEncoder, com.walker.web.TokenGenerator tokenGenerator) 第三方的对接登录回调实现。com.walker.web.TokenGeneratoruserDetailsService(SecurityProperties securityProperties, UserCacheProvider userCacheProvider) wechatLoginCallback(org.springframework.security.crypto.password.PasswordEncoder passwordEncoder, com.walker.web.TokenGenerator tokenGenerator) 微信登录回调实现。
-
构造器详细资料
-
WebSecurityConfig
@Autowired public WebSecurityConfig(MenuCacheProvider menuCacheProvider, UserServiceImpl userService, com.walker.web.UserOnlineProvider userOnlineProvider, UserCacheProvider userCacheProvider, UserLoginCache userLoginCache)
-
-
方法详细资料
-
securityProperties
-
filterChain
@Bean public org.springframework.security.web.SecurityFilterChain filterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http) throws Exception HttpSecurity:忽略 antMatchers 中使用的端点的身份验证,其他安全功能将生效。
WebSecurity:直接忽略也不会进行 CSRF xss等攻击保护。- 参数:
http-- 返回:
- 抛出:
Exception
-
authenticationManager
@Bean public org.springframework.security.authentication.AuthenticationManager authenticationManager(org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration authenticationConfiguration) throws Exception 获取AuthenticationManager(认证管理器),登录时认证使用- 参数:
authenticationConfiguration-- 返回:
- 抛出:
Exception
-
userDetailsService
@Bean public DefaultUserDetailsService userDetailsService(SecurityProperties securityProperties, UserCacheProvider userCacheProvider) -
passwordEncoder
@Bean public org.springframework.security.crypto.password.PasswordEncoder passwordEncoder() -
failedAuthenticationEntryPoint
@Bean public org.springframework.security.web.AuthenticationEntryPoint failedAuthenticationEntryPoint()匿名用户无法访问异常返回- 返回:
-
accessDeniedHandler
@Bean public org.springframework.security.web.access.AccessDeniedHandler accessDeniedHandler()已认证用户拒绝访问资源。- 返回:
-
authenticationFailureHandler
@Bean public org.springframework.security.web.authentication.AuthenticationFailureHandler authenticationFailureHandler() -
logoutSuccessHandler
@Bean public org.springframework.security.web.authentication.logout.LogoutSuccessHandler logoutSuccessHandler() -
accessDecisionManager
@Bean public org.springframework.security.access.AccessDecisionManager accessDecisionManager() -
securityMetadataSource
@Bean public com.walker.web.security.DefaultSecurityMetadataSource securityMetadataSource(com.walker.web.security.ResourceLoadProvider resourceLoadProvider) -
securityInterceptor
@Bean public org.springframework.security.web.access.intercept.FilterSecurityInterceptor securityInterceptor() -
jwtAuthenticationTokenFilter
@Bean public JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter(DefaultUserDetailsService userDetailsService) 定义token过滤器- 返回:
-
tokenGenerator
@Bean public com.walker.web.TokenGenerator tokenGenerator() -
wechatLoginCallback
@Bean public WechatLoginCallback wechatLoginCallback(org.springframework.security.crypto.password.PasswordEncoder passwordEncoder, com.walker.web.TokenGenerator tokenGenerator) 微信登录回调实现。- 参数:
passwordEncoder-tokenGenerator-- 返回:
-
thirdPartyLoginCallback
@Bean public ThirdPartyLoginCallback thirdPartyLoginCallback(org.springframework.security.crypto.password.PasswordEncoder passwordEncoder, com.walker.web.TokenGenerator tokenGenerator) 第三方的对接登录回调实现。(为预算一体化对接使用,更多需要抽象)- 参数:
passwordEncoder-tokenGenerator-- 返回:
-
mobilePassCaptchaLoginCallback
@Bean public MobilePassCaptchaLoginCallback mobilePassCaptchaLoginCallback(org.springframework.security.crypto.password.PasswordEncoder passwordEncoder, com.walker.web.TokenGenerator tokenGenerator, SecurityProperties securityProperties, com.walker.web.CaptchaProvider<com.walker.web.CaptchaResult> smsCaptchaProvider, com.walker.web.CaptchaProvider<com.walker.web.CaptchaResult> imageCaptchaProvider, JigsawCaptchaProvider jigsawCaptchaProvider) 移动端使用:用户名、密码(AES) + 普通验证码登录方式。- 参数:
passwordEncoder-tokenGenerator-securityProperties-smsCaptchaProvider-imageCaptchaProvider-jigsawCaptchaProvider-- 返回:
-
noneCaptchaPasswordLoginCallback
@Bean public NoneCaptchaLoginCallback noneCaptchaPasswordLoginCallback(org.springframework.security.crypto.password.PasswordEncoder passwordEncoder, com.walker.web.TokenGenerator tokenGenerator) 账号、密码(加密方式)登录的回调实现,不包含:用户验证码。适合在移动端使用
- 参数:
passwordEncoder-tokenGenerator-- 返回:
-
captchaPasswordLoginCallback
@Bean public EncryptPasswordLoginCallback captchaPasswordLoginCallback(com.walker.web.TokenGenerator tokenGenerator, org.springframework.security.crypto.password.PasswordEncoder passwordEncoder, SecurityProperties securityProperties, com.walker.web.CaptchaProvider<com.walker.web.CaptchaResult> smsCaptchaProvider, com.walker.web.CaptchaProvider<com.walker.web.CaptchaResult> imageCaptchaProvider, JigsawCaptchaProvider jigsawCaptchaProvider) 用户名、密码(明文)登录方式回调实现,包含:验证码组件,适合PC端使用。- 参数:
tokenGenerator-passwordEncoder-- 返回:
-
smsCodeLoginCallback
@Bean public SmsCodeLoginCallback smsCodeLoginCallback(com.walker.web.TokenGenerator tokenGenerator, com.walker.cache.CacheProvider<String> captchaCacheProvider, SecurityProperties securityProperties, com.walker.web.CaptchaProvider<com.walker.web.CaptchaResult> smsCaptchaProvider, com.walker.web.CaptchaProvider<com.walker.web.CaptchaResult> imageCaptchaProvider, JigsawCaptchaProvider jigsawCaptchaProvider) 短信验证码登录方式回调实现。- 参数:
tokenGenerator-captchaCacheProvider-- 返回:
-
corsFilter
@Bean public org.springframework.web.filter.CorsFilter corsFilter()解决同源跨域问题。 调整为直接返回CorsFilter对象,升级到 SpringBoot 3.2.0 之后,有所变化。- 返回:
-
authenticationProvider
@Bean public DefaultAuthenticationProvider authenticationProvider(org.springframework.security.core.userdetails.UserDetailsService userDetailsService, SecurityProperties securityProperties) 配置自定义认证提供者,自己实现密码认证细节,否则spring会默认密码比较,导致手机短信验证码作为密码比较失效。- 参数:
userDetailsService-- 返回:
-
resourceLoadProvider
@Bean public com.walker.web.security.ResourceLoadProvider resourceLoadProvider()把资源提供者独立出来,可以复用。- 返回:
-
roleSecurityUpdateListener
@Bean public RoleSecurityUpdateListener roleSecurityUpdateListener(com.walker.web.security.ResourceLoadProvider resourceLoadProvider) 角色权限变更后,处理通知,并重新加载资源信息。- 参数:
resourceLoadProvider-- 返回:
-