package com.zhgd.xmgl.security; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpMethod; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.access.AccessDeniedHandler; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; /** * @program: devManage * @description: * @author: Mr.Peng * @create: 2019-09-24 11:35 **/ @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class WebSecurityConfig extends WebSecurityConfigurerAdapter { private final JwtAuthenticationEntryPoint unauthorizedHandler; private final AccessDeniedHandler accessDeniedHandler; private final UserDetailsService CustomUserDetailsService; private final JwtTokenFilter authenticationTokenFilter; @Value("${security.enable}") private boolean securityEnable; @Autowired public WebSecurityConfig(JwtAuthenticationEntryPoint unauthorizedHandler, @Qualifier("RestAuthenticationAccessDeniedHandler") AccessDeniedHandler accessDeniedHandler, @Qualifier("CustomUserDetailsService") UserDetailsService CustomUserDetailsService, JwtTokenFilter authenticationTokenFilter) { this.unauthorizedHandler = unauthorizedHandler; this.accessDeniedHandler = accessDeniedHandler; this.CustomUserDetailsService = CustomUserDetailsService; this.authenticationTokenFilter = authenticationTokenFilter; } @Autowired public void configureAuthentication(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception { authenticationManagerBuilder // 设置UserDetailsService .userDetailsService(this.CustomUserDetailsService) // 使用BCrypt进行密码的hash .passwordEncoder(passwordEncoder()); } @Override protected void configure(HttpSecurity http) throws Exception { http.headers().frameOptions().disable(); if (securityEnable) { http.authorizeRequests() //请求路径允许访问 .antMatchers("/xmgl/base/**").permitAll() .antMatchers("/zw/base/**").permitAll() .antMatchers("/zw/Index/**").permitAll() .antMatchers("/xmgl/lifterAlarm/queryLifterTowerPageList").permitAll() .antMatchers("/xmgl/aiAnalyseHardWareAlarmRecord/selectPageList").permitAll() .antMatchers("/xmgl/videoItem/selectProjectVideoList").permitAll() .antMatchers("/xmgl/tower/list").permitAll() .antMatchers("/xmgl/workerSafeEducation/list").permitAll() // .antMatchers("/").permitAll() //.antMatchers("/xmgl/base/login").permitAll() //.antMatchers("/xmgl/base/projectLogin").permitAll() //.antMatchers("/xmgl/base/companyLogin").permitAll() //.antMatchers("/api/**").permitAll() .antMatchers("/xmgl/callback/**").permitAll() .antMatchers("/xmgl/standardCurrentData/addCurrentData").permitAll() .antMatchers("/xmgl/ammeterData/**").permitAll() .antMatchers("/xmgl/planApi/**").permitAll() .antMatchers("/xmgl/project/saveZwProject").permitAll() .antMatchers("/xmgl/workerWagesPayment/salaryPdf").permitAll() .antMatchers("/xmgl/workerWagesPayment/attendancePdf").permitAll() .antMatchers("/xmgl/workerWagesPayment/excelProjectWages").permitAll() .antMatchers("/api/v1/events").permitAll() .antMatchers("/xmgl/projectApi/**").permitAll() .antMatchers("/xmgl/projectOperationsAnalysis/**").permitAll() .antMatchers("/xmgl/computerAuth/**").permitAll() .antMatchers("/xmgl/push/**").permitAll() .antMatchers("/xmgl/wirelessEducationQuestionSubject/getDeviceRandomEducationQuestion").permitAll() .antMatchers("/xmgl/wirelessEducationQuestionAnswer/add").permitAll() .antMatchers("/xmgl/safeEducationQuestionAnswer/getAnswerWorkerInfo").permitAll() .antMatchers("/xmgl/safeEducationQuestion/selectSafeEducationQuestionInfo").permitAll() .antMatchers("/xmgl/safeEducationQuestion/exportExcelWorkerEducation").permitAll() .antMatchers("/xmgl/gantryCraneApi/**").permitAll() .antMatchers("/xmgl/towerViolation/add").permitAll() .antMatchers("/xmgl/ufaceDev/retryYFAttendance").permitAll() .antMatchers("/xmgl/ufaceDev/retryNewJxJAttendance").permitAll() .antMatchers("/xmgl/projectCloseManageAnalysis/exporExcelAnalysisWorkerInfoList").permitAll() .antMatchers("/xmgl/projectCloseManageAnalysis/exporExcelProjectCloseManageAnalysis").permitAll() .antMatchers("/xmgl/projectCloseManageAnalysis/exporExcelEnterpriseCodeWorkerInfoList").permitAll() .antMatchers("/xmgl/projectCloseManageAnalysis/exporExcelAnalysisAllWorkerInfoList").permitAll() .antMatchers("/xmgl/projectEnterpriseWorkerStatistics/exporExcelProjectEnterpriseWorkerStatistics").permitAll() .antMatchers("/xmgl/projectEnterpriseWorkerStatistics/exporExcelDayEnterpriseWorkerStatisticsDetail").permitAll() .antMatchers("/xmgl/inspectTableLibrary/downloadExcelInspectTable").permitAll() .antMatchers("/xmgl/inspectTableLibrary/uploadExcelInspectTable").permitAll() .antMatchers("/xmgl/towerCurrentData/add").permitAll() .antMatchers("/xmgl/towerCurrentData/saveTowerData").permitAll() .antMatchers("/xmgl/inspectHiddenDangerLibrary/uploadExcelHiddenDangerLibrary").permitAll() .antMatchers("/xmgl/inspectHiddenDangerLibrary/downloadExcelHiddenDangerLibrary").permitAll() .antMatchers("/xmgl/tower/updateTowerInfo").permitAll() .antMatchers("/xmgl/lifterCurrentData/add").permitAll() .antMatchers("/xmgl/visitorManageRecord/add").permitAll() .antMatchers("/xmgl/lifterWorkCycle/add").permitAll() .antMatchers("/xmgl/waterCurrentData/add").permitAll() .antMatchers("/xmgl/lifterAlarm/add").permitAll() .antMatchers("/xmgl/lifterCurrentData/saveLifterData").permitAll() .antMatchers("/xmgl/safeeducation/save/record").permitAll() .antMatchers("/xmgl/towerAlarm/add").permitAll() .antMatchers("/xmgl/workerImage/addWorkerImageData").permitAll() .antMatchers("/xmgl/electricalData/add").permitAll() .antMatchers("/xmgl/workerAttendance/downloadExcelAttendance").permitAll() .antMatchers("/xmgl/towerNut/saveNutData").permitAll() .antMatchers("/xmgl/ufaceDev/devHeartBeat").permitAll() .antMatchers("/xmgl/concreteMonitorCurrentData/add").permitAll() .antMatchers("/xmgl/dischargingPlatformCurrentData/add").permitAll() .antMatchers("/xmgl/workerMonthAttendanceStatistics/getAfreshMonthAttendanceStatistics").permitAll() .antMatchers("/xmgl/carWashCurrentData/add").permitAll() .antMatchers("/xmgl/carWashCurrentData/addCarAlarm").permitAll() .antMatchers("/xmgl/towerWorkCycle/add").permitAll() .antMatchers("/xmgl/highFormworkMeasureCurrentData/add").permitAll() .antMatchers("/xmgl/carVideoAirtightData/saveCarVideoAnalyAirtightResult").permitAll() .antMatchers("/xmgl/carVideoWashData/saveCarVideoAnalyWashResult").permitAll() .antMatchers("/xmgl/safeEducationQuestionAnswer/add").permitAll() .antMatchers("/xmgl/elevatorFaultRecord/add").permitAll() .antMatchers("/xmgl/highFormworkDeviceCurrentData/add").permitAll() .antMatchers("/xmgl/appVersion/getAppVersion").permitAll() .antMatchers("/xmgl/waterData/**").permitAll() .antMatchers("/xmgl/standardCurrentData/add").permitAll() .antMatchers("/xmgl/standardCurrentData/exportExcelStandardCurrentData").permitAll() .antMatchers("/xmgl/standardDevRealTimeData/add").permitAll() .antMatchers("/xmgl/standardCurrentData/saveStandardCurrentData").permitAll() .antMatchers("/xmgl/elevatorRealTimeData/add").permitAll() .antMatchers("/xmgl/systemLogoConfig/selectSystemLogoConfig").permitAll() .antMatchers("/xmgl/positionRealData/addPositionRealData").permitAll() .antMatchers("/xmgl/carPassRecord/saveCarPassRecord").permitAll() .antMatchers("/xmgl/dustNoiseData/add").permitAll() .antMatchers("/xmgl/company/selectComapnyByNameList").permitAll() .antMatchers("/xmgl/company/selectComapnyLayerList").permitAll() .antMatchers("/xmgl/videoItem/getVideoUrl").permitAll() .antMatchers("/xmgl/project/getVideoSerialNumber").permitAll() .antMatchers("/xmgl/ufaceCallback/**").permitAll() .antMatchers("/xmgl/workerCallback/**").permitAll() .antMatchers("/xmgl/lockCallback/**").permitAll() .antMatchers("/xmgl/api/**").permitAll() .antMatchers("/xmgl/visitorManageRecord/addVisitorRecord").permitAll() .antMatchers("/xmgl/itbgp/api/**").permitAll() .antMatchers("/xmgl/deepExcavationSensorType/selectDeepExcavationSensorTypeList").permitAll() .antMatchers("/xmgl/deepExcavationCurrentData/selectPage").permitAll() .antMatchers("/xmgl/workerApi/**").permitAll() .antMatchers("/xmgl/download/**").permitAll() .antMatchers("/xmgl/towerCurrentData/**").permitAll() .antMatchers("/xmgl/lifterCurrentData/**").permitAll() .antMatchers("/xmgl/hiddenDangerInspectRecord/**").permitAll() .antMatchers("/xmgl/inspectionRecord/**").permitAll() .antMatchers("/xmgl/towerAlarm/**").permitAll() .antMatchers("/xmgl/lifterAlarm/selectPageInfo").permitAll() .antMatchers("/xmgl/docking/**").permitAll() .antMatchers("/xmgl/dev/devException").permitAll() .antMatchers("/users/signup").permitAll().antMatchers("/upload/**").permitAll() .antMatchers("/firm/**").permitAll() .antMatchers("/filetransfer/**").permitAll() .antMatchers("/image/**").permitAll() .antMatchers("/flowable/**").permitAll() .antMatchers("/h2-console/**/**").permitAll() .antMatchers("/xmgl/workerInfo/selectPersonList").permitAll() .antMatchers("/xmgl/lifterViolation/add").permitAll() .antMatchers("/xmgl/lifterViolation/selectPage").permitAll() .antMatchers("/xmgl/projectJqmDev/list").permitAll() .antMatchers("/xmgl/deepExcavationSensor/selectPage").permitAll() .antMatchers("/xmgl/lifter/getRelatedInfo").permitAll() .antMatchers("/xmgl/tower/getRelatedInfo").permitAll() .antMatchers("/xmgl/workerInfo/selectPersonListZW").permitAll() .antMatchers("/xmgl/checkingPointInfo/selectPage").permitAll() .antMatchers("/xmgl/checkingPointInfo/selectAllList").permitAll() .antMatchers("/xmgl/checkingPointInfo/add").permitAll() .antMatchers("/xmgl/dev/**").permitAll() .antMatchers("/xmgl/deepExcavationCurrentData/exportData").permitAll() .antMatchers("/xmgl/deepExcavationCurrentData/zwExportData").permitAll() .antMatchers("/xmgl/deepExcavationMeasurePoint/selectDeepExcavationAllMeasurePointList").permitAll() .antMatchers("/xmgl/deepExcavationMonitorType/list").permitAll() .antMatchers("/xmgl/deepExcavationSensor/getSensorListByMeasurePointNumber").permitAll() .antMatchers("/xmgl/deepExcavationCurrentData/selectDeepExcavationCurrentDataList").permitAll() .antMatchers("/xmgl/deepExcavationEngineering/selectDeepExcavationList").permitAll() .antMatchers("/xmgl/deepExcavationPlaneFigure/selectList").permitAll() .antMatchers("/xmgl/deepExcavationPlaneFigureCoordinate/list").permitAll() .antMatchers("/xmgl/videoItem/viListAndTenAlarm").permitAll() .antMatchers("/xmgl/fpdcd/lrk/add").permitAll() .antMatchers("/xmgl/rundeGroup/getSumAndOnlineNumber").permitAll() .antMatchers("/license/**").permitAll() .antMatchers("/api/main/alarm").permitAll() .antMatchers("/zhgd/**").permitAll() .antMatchers("/xmgl/lifter/list").permitAll() .antMatchers("/xmgl/progressTask/downloadTemplate").permitAll() //进度管理系统-分布分项工程管理-下载模板 .antMatchers(HttpMethod.OPTIONS, "/**").anonymous() .anyRequest().authenticated() // 剩下所有的验证都需要验证 .and() // 禁用 Spring Security 自带的跨域处理 .csrf().disable() // 授权异常 .exceptionHandling() .authenticationEntryPoint(unauthorizedHandler) //.authenticationEntryPoint() .accessDeniedHandler(accessDeniedHandler) .and() // 定制我们自己的 session 策略:调整为让 Spring Security 不创建和使用 session .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); //以下这句就可以控制单个用户只能创建一个session,也就只能在服务器登录一次 //http.sessionManagement().maximumSessions(1).expiredUrl("/login"); // Apply JWT //http.apply(new JwtTokenFilterConfigurer(jwtTokenProvider)); // 添加JWT filter http.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class); } else { http.csrf().disable() .authorizeRequests() .anyRequest().permitAll() .and().logout().permitAll(); } } public void getStartDate() { // 二分查找 } @Override public void configure(WebSecurity web) throws Exception { // Allow swagger to be accessed without authentication web.ignoring() //忽略任何以什么开头的请求 .antMatchers("/v2/api-docs") .antMatchers("/swagger-resources/**") .antMatchers("/swagger-ui.html") .antMatchers("/configuration/**") .antMatchers("/webjars/**") .antMatchers("/public") .antMatchers("/doc.html") .antMatchers("/static/document/README.md") .antMatchers("/index.html") .antMatchers("/equipmentCenter.html") .antMatchers("/equipmentCenter.html/**") .antMatchers("/js/**") .antMatchers("/img/**") .antMatchers("/fonts/**") .antMatchers("/css/**") .antMatchers("/document/**") .antMatchers("/doc/**") .antMatchers("/video/**") .antMatchers("/animate/**") .antMatchers("/static/**") .antMatchers("/flowable/**") .antMatchers("/favicon.ico") .antMatchers("/favicon.png") // Un-secure H2 Database (for testing purposes, H2 console shouldn't be unprotected in production) .and() .ignoring() .antMatchers("/h2-console/**/**"); } @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(12); } @Bean @Override public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } }