@Configuration @ConditionalOnBean(value=AbstractSecurityConfig.class) @ConditionalOnClass(value={org.springframework.security.authentication.DefaultAuthenticationEventPublisher.class,org.springframework.security.config.annotation.web.configuration.EnableWebSecurity.class,org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.class,AbstractSecurityConfig.class}) @ConditionalOnProperty(prefix="yishuifengxiao.security", name="enable", havingValue="true", matchIfMissing=true) public class HttpSecurityAutoConfiguration extends Object
配置系统中的资源授权拦截器HttpSecurityInterceptor
| Constructor and Description |
|---|
HttpSecurityAutoConfiguration() |
| Modifier and Type | Method and Description |
|---|---|
HttpSecurityInterceptor |
authorizeResourceInterceptor(PropertyResource propertyResource)
配置需要拦截哪些资源
|
WebSecurityProvider |
firewallWebSecurityProvider()
默认实现的HttpFirewall,主要是解决路径里包含 // 路径报错的问题
|
WebSecurityProvider |
ignoreResourceProvider(SecurityProperties securityProperties)
忽视资源授权器
|
SecurityTokenExtractor |
securityTokenExtractor() |
HttpSecurityInterceptor |
smsLoginInterceptor(org.springframework.security.web.authentication.AuthenticationSuccessHandler authenticationFailureHandler,
org.springframework.security.web.authentication.AuthenticationFailureHandler authenticationSuccessHandler,
SmsUserDetailsService smsUserDetailsService,
SecurityProperties securityProperties)
注入短信登录配置
|
TokenBuilder |
tokenBuilder(TokenHolder tokenHolder)
注入一个TokenBuilder
|
TokenHolder |
tokenHolder()
注入一个基于内存的token存取工具
|
SecurityRequestFilter |
userAuthServiceFilter(PropertyResource propertyResource,
HandlerProcessor handlerProcessor,
SecurityTokenExtractor securityTokenExtractor,
SecurityHelper securityHelper) |
SecurityRequestFilter |
usernamePasswordAuthFilter(HandlerProcessor handlerProcessor,
SecurityHelper securityHelper,
PropertyResource propertyResource,
SecurityExtractor securityExtractor) |
SecurityRequestFilter |
validateCodeFilter(CodeProcessor codeProcessor,
SecurityProperties securityProperties,
HandlerProcessor handlerProcessor)
注入一个验证码过滤器
|
@Bean
@ConditionalOnMissingBean(name="redisTemplate",
value=TokenHolder.class)
public TokenHolder tokenHolder()
@Bean @ConditionalOnMissingBean(value=TokenBuilder.class) public TokenBuilder tokenBuilder(TokenHolder tokenHolder)
tokenHolder - token存取工具@Bean(value="authorizeResourceInterceptor") @ConditionalOnMissingBean(name="authorizeResourceInterceptor") public HttpSecurityInterceptor authorizeResourceInterceptor(PropertyResource propertyResource)
propertyResource - 资源管理器@Bean(value="usernamePasswordAuthFilter") @ConditionalOnMissingBean(name="usernamePasswordAuthFilter") public SecurityRequestFilter usernamePasswordAuthFilter(HandlerProcessor handlerProcessor, SecurityHelper securityHelper, PropertyResource propertyResource, SecurityExtractor securityExtractor)
@Bean @ConditionalOnMissingBean(value=SecurityTokenExtractor.class) public SecurityTokenExtractor securityTokenExtractor()
@Bean(value="userAuthServiceFilter") @ConditionalOnMissingBean(name="userAuthServiceFilter") public SecurityRequestFilter userAuthServiceFilter(PropertyResource propertyResource, HandlerProcessor handlerProcessor, SecurityTokenExtractor securityTokenExtractor, SecurityHelper securityHelper) throws javax.servlet.ServletException
javax.servlet.ServletException@Bean(value="validateCodeFilter") @ConditionalOnMissingBean(name="validateCodeFilter") @ConditionalOnBean(value=CodeRepository.class) public SecurityRequestFilter validateCodeFilter(CodeProcessor codeProcessor, SecurityProperties securityProperties, HandlerProcessor handlerProcessor)
codeProcessor - 验证码处理器securityProperties - 安全属性配置handlerProcessor - 协助处理器@Bean(value="smsLoginInterceptor")
@ConditionalOnProperty(prefix="yishuifengxiao.security.code",
name="sms-login-url")
@ConditionalOnMissingBean(name="smsLoginInterceptor")
@ConditionalOnBean(value=SmsUserDetailsService.class)
public HttpSecurityInterceptor smsLoginInterceptor(org.springframework.security.web.authentication.AuthenticationSuccessHandler authenticationFailureHandler,
org.springframework.security.web.authentication.AuthenticationFailureHandler authenticationSuccessHandler,
SmsUserDetailsService smsUserDetailsService,
SecurityProperties securityProperties)
配置短信验证码登陆功能
要想使短信验证码功能生效,需要配置: 1 先配置一个短信登陆地址属性(yishuifengxiao.security.code.sms-login-url), 2
再配置一个名为 smsUserDetailsService 的 UserDetailsService 实例authenticationFailureHandler - 认证失败处理器authenticationSuccessHandler - 认证成功处理器smsUserDetailsService - 短信登陆逻辑securityProperties - 安全属性配置@Bean(name="ignoreResourceProvider") @ConditionalOnMissingBean(name="ignoreResourceProvider") public WebSecurityProvider ignoreResourceProvider(SecurityProperties securityProperties)
忽视资源授权器
securityProperties - 安全属性配置@Bean(value="firewallWebSecurityProvider") @ConditionalOnMissingBean(name="firewallWebSecurityProvider") public WebSecurityProvider firewallWebSecurityProvider()
Copyright © 2021. All rights reserved.