@Configuration @ConditionalOnBean(value=AbstractSecurityConfig.class) @ConditionalOnClass(value={org.springframework.security.authentication.DefaultAuthenticationEventPublisher.class,org.springframework.security.config.annotation.web.configuration.EnableWebSecurity.class,org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.class,AbstractSecurityConfig.class}) @ConditionalOnProperty(prefix="yishuifengxiao.security", name="enable", havingValue="true", matchIfMissing=true) public class HttpSecurityAutoConfiguration extends Object
配置系统中的资源授权拦截器HttpSecurityInterceptor
Constructor and Description |
---|
HttpSecurityAutoConfiguration() |
Modifier and Type | Method and Description |
---|---|
HttpSecurityInterceptor |
authorizeResourceInterceptor(PropertyResource propertyResource)
配置需要拦截哪些资源
|
WebSecurityProvider |
firewallWebSecurityProvider()
默认实现的HttpFirewall,主要是解决路径里包含 // 路径报错的问题
|
WebSecurityProvider |
ignoreResourceProvider(SecurityProperties securityProperties)
忽视资源授权器
|
SecurityTokenExtractor |
securityTokenExtractor() |
HttpSecurityInterceptor |
smsLoginInterceptor(org.springframework.security.web.authentication.AuthenticationSuccessHandler authenticationFailureHandler,
org.springframework.security.web.authentication.AuthenticationFailureHandler authenticationSuccessHandler,
SmsUserDetailsService smsUserDetailsService,
SecurityProperties securityProperties)
注入短信登录配置
|
TokenBuilder |
tokenBuilder(TokenHolder tokenHolder)
注入一个TokenBuilder
|
TokenHolder |
tokenHolder()
注入一个基于内存的token存取工具
|
SecurityRequestFilter |
userAuthServiceFilter(PropertyResource propertyResource,
HandlerProcessor handlerProcessor,
SecurityTokenExtractor securityTokenExtractor,
SecurityHelper securityHelper) |
SecurityRequestFilter |
usernamePasswordAuthFilter(HandlerProcessor handlerProcessor,
SecurityHelper securityHelper,
PropertyResource propertyResource,
SecurityExtractor securityExtractor) |
SecurityRequestFilter |
validateCodeFilter(CodeProcessor codeProcessor,
SecurityProperties securityProperties,
HandlerProcessor handlerProcessor)
注入一个验证码过滤器
|
@Bean @ConditionalOnMissingBean(name="redisTemplate", value=TokenHolder.class) public TokenHolder tokenHolder()
@Bean @ConditionalOnMissingBean(value=TokenBuilder.class) public TokenBuilder tokenBuilder(TokenHolder tokenHolder)
tokenHolder
- token存取工具@Bean(value="authorizeResourceInterceptor") @ConditionalOnMissingBean(name="authorizeResourceInterceptor") public HttpSecurityInterceptor authorizeResourceInterceptor(PropertyResource propertyResource)
propertyResource
- 资源管理器@Bean(value="usernamePasswordAuthFilter") @ConditionalOnMissingBean(name="usernamePasswordAuthFilter") public SecurityRequestFilter usernamePasswordAuthFilter(HandlerProcessor handlerProcessor, SecurityHelper securityHelper, PropertyResource propertyResource, SecurityExtractor securityExtractor)
@Bean @ConditionalOnMissingBean(value=SecurityTokenExtractor.class) public SecurityTokenExtractor securityTokenExtractor()
@Bean(value="userAuthServiceFilter") @ConditionalOnMissingBean(name="userAuthServiceFilter") public SecurityRequestFilter userAuthServiceFilter(PropertyResource propertyResource, HandlerProcessor handlerProcessor, SecurityTokenExtractor securityTokenExtractor, SecurityHelper securityHelper) throws javax.servlet.ServletException
javax.servlet.ServletException
@Bean(value="validateCodeFilter") @ConditionalOnMissingBean(name="validateCodeFilter") @ConditionalOnBean(value=CodeRepository.class) public SecurityRequestFilter validateCodeFilter(CodeProcessor codeProcessor, SecurityProperties securityProperties, HandlerProcessor handlerProcessor)
codeProcessor
- 验证码处理器securityProperties
- 安全属性配置handlerProcessor
- 协助处理器@Bean(value="smsLoginInterceptor") @ConditionalOnProperty(prefix="yishuifengxiao.security.code", name="sms-login-url") @ConditionalOnMissingBean(name="smsLoginInterceptor") @ConditionalOnBean(value=SmsUserDetailsService.class) public HttpSecurityInterceptor smsLoginInterceptor(org.springframework.security.web.authentication.AuthenticationSuccessHandler authenticationFailureHandler, org.springframework.security.web.authentication.AuthenticationFailureHandler authenticationSuccessHandler, SmsUserDetailsService smsUserDetailsService, SecurityProperties securityProperties)
配置短信验证码登陆功能
要想使短信验证码功能生效,需要配置: 1 先配置一个短信登陆地址属性(yishuifengxiao.security.code.sms-login-url
), 2
再配置一个名为 smsUserDetailsService 的 UserDetailsService
实例authenticationFailureHandler
- 认证失败处理器authenticationSuccessHandler
- 认证成功处理器smsUserDetailsService
- 短信登陆逻辑securityProperties
- 安全属性配置@Bean(name="ignoreResourceProvider") @ConditionalOnMissingBean(name="ignoreResourceProvider") public WebSecurityProvider ignoreResourceProvider(SecurityProperties securityProperties)
忽视资源授权器
securityProperties
- 安全属性配置@Bean(value="firewallWebSecurityProvider") @ConditionalOnMissingBean(name="firewallWebSecurityProvider") public WebSecurityProvider firewallWebSecurityProvider()
Copyright © 2021. All rights reserved.