291 lines
18 KiB
Java
291 lines
18 KiB
Java
package com.zhgd.xmgl.security;
|
||
|
||
import org.springframework.beans.factory.annotation.Autowired;
|
||
import org.springframework.beans.factory.annotation.Qualifier;
|
||
import org.springframework.beans.factory.annotation.Value;
|
||
import org.springframework.context.annotation.Bean;
|
||
import org.springframework.context.annotation.Configuration;
|
||
import org.springframework.http.HttpMethod;
|
||
import org.springframework.security.authentication.AuthenticationManager;
|
||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||
import org.springframework.security.config.annotation.web.builders.WebSecurity;
|
||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||
import org.springframework.security.config.http.SessionCreationPolicy;
|
||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||
import org.springframework.security.web.access.AccessDeniedHandler;
|
||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||
|
||
/**
|
||
* @program: devManage
|
||
* @description:
|
||
* @author: Mr.Peng
|
||
* @create: 2019-09-24 11:35
|
||
**/
|
||
@Configuration
|
||
@EnableWebSecurity
|
||
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
||
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
||
|
||
private final JwtAuthenticationEntryPoint unauthorizedHandler;
|
||
|
||
private final AccessDeniedHandler accessDeniedHandler;
|
||
|
||
private final UserDetailsService CustomUserDetailsService;
|
||
|
||
private final JwtTokenFilter authenticationTokenFilter;
|
||
|
||
@Value("${security.enable}")
|
||
private boolean securityEnable;
|
||
|
||
@Autowired
|
||
public WebSecurityConfig(JwtAuthenticationEntryPoint unauthorizedHandler,
|
||
@Qualifier("RestAuthenticationAccessDeniedHandler") AccessDeniedHandler accessDeniedHandler,
|
||
@Qualifier("CustomUserDetailsService") UserDetailsService CustomUserDetailsService,
|
||
JwtTokenFilter authenticationTokenFilter) {
|
||
this.unauthorizedHandler = unauthorizedHandler;
|
||
this.accessDeniedHandler = accessDeniedHandler;
|
||
this.CustomUserDetailsService = CustomUserDetailsService;
|
||
this.authenticationTokenFilter = authenticationTokenFilter;
|
||
}
|
||
|
||
@Autowired
|
||
public void configureAuthentication(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
|
||
authenticationManagerBuilder
|
||
// 设置UserDetailsService
|
||
.userDetailsService(this.CustomUserDetailsService)
|
||
// 使用BCrypt进行密码的hash
|
||
.passwordEncoder(passwordEncoder());
|
||
}
|
||
|
||
@Override
|
||
protected void configure(HttpSecurity http) throws Exception {
|
||
http.headers().frameOptions().disable();
|
||
if (securityEnable) {
|
||
http.authorizeRequests()
|
||
//请求路径允许访问
|
||
.antMatchers("/xmgl/base/**").permitAll()
|
||
.antMatchers("/zw/base/**").permitAll()
|
||
.antMatchers("/zw/Index/**").permitAll()
|
||
.antMatchers("/xmgl/lifterAlarm/queryLifterTowerPageList").permitAll()
|
||
.antMatchers("/xmgl/aiAnalyseHardWareAlarmRecord/selectPageList").permitAll()
|
||
.antMatchers("/xmgl/videoItem/selectProjectVideoList").permitAll()
|
||
.antMatchers("/xmgl/tower/list").permitAll()
|
||
.antMatchers("/xmgl/workerSafeEducation/list").permitAll()
|
||
// .antMatchers("/").permitAll()
|
||
//.antMatchers("/xmgl/base/login").permitAll()
|
||
//.antMatchers("/xmgl/base/projectLogin").permitAll()
|
||
//.antMatchers("/xmgl/base/companyLogin").permitAll()
|
||
//.antMatchers("/api/**").permitAll()
|
||
.antMatchers("/xmgl/callback/**").permitAll()
|
||
.antMatchers("/xmgl/standardCurrentData/addCurrentData").permitAll()
|
||
.antMatchers("/xmgl/ammeterData/**").permitAll()
|
||
.antMatchers("/xmgl/planApi/**").permitAll()
|
||
.antMatchers("/xmgl/project/saveZwProject").permitAll()
|
||
.antMatchers("/xmgl/workerWagesPayment/salaryPdf").permitAll()
|
||
.antMatchers("/xmgl/workerWagesPayment/attendancePdf").permitAll()
|
||
.antMatchers("/xmgl/workerWagesPayment/excelProjectWages").permitAll()
|
||
.antMatchers("/api/v1/events").permitAll()
|
||
.antMatchers("/xmgl/projectApi/**").permitAll()
|
||
.antMatchers("/xmgl/projectOperationsAnalysis/**").permitAll()
|
||
.antMatchers("/xmgl/computerAuth/**").permitAll()
|
||
.antMatchers("/xmgl/push/**").permitAll()
|
||
.antMatchers("/xmgl/wirelessEducationQuestionSubject/getDeviceRandomEducationQuestion").permitAll()
|
||
.antMatchers("/xmgl/wirelessEducationQuestionAnswer/add").permitAll()
|
||
.antMatchers("/xmgl/safeEducationQuestionAnswer/getAnswerWorkerInfo").permitAll()
|
||
.antMatchers("/xmgl/safeEducationQuestion/selectSafeEducationQuestionInfo").permitAll()
|
||
.antMatchers("/xmgl/safeEducationQuestion/exportExcelWorkerEducation").permitAll()
|
||
.antMatchers("/xmgl/gantryCraneApi/**").permitAll()
|
||
.antMatchers("/xmgl/towerViolation/add").permitAll()
|
||
.antMatchers("/xmgl/ufaceDev/retryYFAttendance").permitAll()
|
||
.antMatchers("/xmgl/ufaceDev/retryNewJxJAttendance").permitAll()
|
||
.antMatchers("/xmgl/projectCloseManageAnalysis/exporExcelAnalysisWorkerInfoList").permitAll()
|
||
.antMatchers("/xmgl/projectCloseManageAnalysis/exporExcelProjectCloseManageAnalysis").permitAll()
|
||
.antMatchers("/xmgl/projectCloseManageAnalysis/exporExcelEnterpriseCodeWorkerInfoList").permitAll()
|
||
.antMatchers("/xmgl/projectCloseManageAnalysis/exporExcelAnalysisAllWorkerInfoList").permitAll()
|
||
.antMatchers("/xmgl/projectEnterpriseWorkerStatistics/exporExcelProjectEnterpriseWorkerStatistics").permitAll()
|
||
.antMatchers("/xmgl/projectEnterpriseWorkerStatistics/exporExcelDayEnterpriseWorkerStatisticsDetail").permitAll()
|
||
.antMatchers("/xmgl/inspectTableLibrary/downloadExcelInspectTable").permitAll()
|
||
.antMatchers("/xmgl/inspectTableLibrary/uploadExcelInspectTable").permitAll()
|
||
.antMatchers("/xmgl/towerCurrentData/add").permitAll()
|
||
.antMatchers("/xmgl/towerCurrentData/saveTowerData").permitAll()
|
||
.antMatchers("/xmgl/inspectHiddenDangerLibrary/uploadExcelHiddenDangerLibrary").permitAll()
|
||
.antMatchers("/xmgl/inspectHiddenDangerLibrary/downloadExcelHiddenDangerLibrary").permitAll()
|
||
.antMatchers("/xmgl/tower/updateTowerInfo").permitAll()
|
||
.antMatchers("/xmgl/lifterCurrentData/add").permitAll()
|
||
.antMatchers("/xmgl/visitorManageRecord/add").permitAll()
|
||
.antMatchers("/xmgl/lifterWorkCycle/add").permitAll()
|
||
.antMatchers("/xmgl/waterCurrentData/add").permitAll()
|
||
.antMatchers("/xmgl/lifterAlarm/add").permitAll()
|
||
.antMatchers("/xmgl/lifterCurrentData/saveLifterData").permitAll()
|
||
.antMatchers("/xmgl/safeeducation/save/record").permitAll()
|
||
.antMatchers("/xmgl/towerAlarm/add").permitAll()
|
||
.antMatchers("/xmgl/workerImage/addWorkerImageData").permitAll()
|
||
.antMatchers("/xmgl/electricalData/add").permitAll()
|
||
.antMatchers("/xmgl/workerAttendance/downloadExcelAttendance").permitAll()
|
||
.antMatchers("/xmgl/towerNut/saveNutData").permitAll()
|
||
.antMatchers("/xmgl/ufaceDev/devHeartBeat").permitAll()
|
||
.antMatchers("/xmgl/concreteMonitorCurrentData/add").permitAll()
|
||
.antMatchers("/xmgl/dischargingPlatformCurrentData/add").permitAll()
|
||
.antMatchers("/xmgl/workerMonthAttendanceStatistics/getAfreshMonthAttendanceStatistics").permitAll()
|
||
.antMatchers("/xmgl/carWashCurrentData/add").permitAll()
|
||
.antMatchers("/xmgl/carWashCurrentData/addCarAlarm").permitAll()
|
||
.antMatchers("/xmgl/towerWorkCycle/add").permitAll()
|
||
.antMatchers("/xmgl/highFormworkMeasureCurrentData/add").permitAll()
|
||
.antMatchers("/xmgl/carVideoAirtightData/saveCarVideoAnalyAirtightResult").permitAll()
|
||
.antMatchers("/xmgl/carVideoWashData/saveCarVideoAnalyWashResult").permitAll()
|
||
.antMatchers("/xmgl/safeEducationQuestionAnswer/add").permitAll()
|
||
.antMatchers("/xmgl/elevatorFaultRecord/add").permitAll()
|
||
.antMatchers("/xmgl/highFormworkDeviceCurrentData/add").permitAll()
|
||
.antMatchers("/xmgl/appVersion/getAppVersion").permitAll()
|
||
.antMatchers("/xmgl/waterData/**").permitAll()
|
||
.antMatchers("/xmgl/standardCurrentData/add").permitAll()
|
||
.antMatchers("/xmgl/standardCurrentData/exportExcelStandardCurrentData").permitAll()
|
||
.antMatchers("/xmgl/standardDevRealTimeData/add").permitAll()
|
||
.antMatchers("/xmgl/standardCurrentData/saveStandardCurrentData").permitAll()
|
||
.antMatchers("/xmgl/elevatorRealTimeData/add").permitAll()
|
||
.antMatchers("/xmgl/systemLogoConfig/selectSystemLogoConfig").permitAll()
|
||
.antMatchers("/xmgl/positionRealData/addPositionRealData").permitAll()
|
||
.antMatchers("/xmgl/carPassRecord/saveCarPassRecord").permitAll()
|
||
.antMatchers("/xmgl/dustNoiseData/add").permitAll()
|
||
.antMatchers("/xmgl/company/selectComapnyByNameList").permitAll()
|
||
.antMatchers("/xmgl/company/selectComapnyLayerList").permitAll()
|
||
.antMatchers("/xmgl/videoItem/getVideoUrl").permitAll()
|
||
.antMatchers("/xmgl/project/getVideoSerialNumber").permitAll()
|
||
.antMatchers("/xmgl/ufaceCallback/**").permitAll()
|
||
.antMatchers("/xmgl/workerCallback/**").permitAll()
|
||
.antMatchers("/xmgl/lockCallback/**").permitAll()
|
||
.antMatchers("/xmgl/api/**").permitAll()
|
||
.antMatchers("/xmgl/visitorManageRecord/addVisitorRecord").permitAll()
|
||
.antMatchers("/xmgl/itbgp/api/**").permitAll()
|
||
.antMatchers("/xmgl/deepExcavationSensorType/selectDeepExcavationSensorTypeList").permitAll()
|
||
.antMatchers("/xmgl/deepExcavationCurrentData/selectPage").permitAll()
|
||
.antMatchers("/xmgl/workerApi/**").permitAll()
|
||
.antMatchers("/xmgl/download/**").permitAll()
|
||
.antMatchers("/xmgl/towerCurrentData/**").permitAll()
|
||
.antMatchers("/xmgl/lifterCurrentData/**").permitAll()
|
||
.antMatchers("/xmgl/hiddenDangerInspectRecord/**").permitAll()
|
||
.antMatchers("/xmgl/inspectionRecord/**").permitAll()
|
||
.antMatchers("/xmgl/towerAlarm/**").permitAll()
|
||
.antMatchers("/xmgl/lifterAlarm/selectPageInfo").permitAll()
|
||
.antMatchers("/xmgl/docking/**").permitAll()
|
||
.antMatchers("/xmgl/dev/devException").permitAll()
|
||
.antMatchers("/users/signup").permitAll().antMatchers("/upload/**").permitAll()
|
||
.antMatchers("/firm/**").permitAll()
|
||
.antMatchers("/filetransfer/**").permitAll()
|
||
.antMatchers("/image/**").permitAll()
|
||
.antMatchers("/flowable/**").permitAll()
|
||
.antMatchers("/h2-console/**/**").permitAll()
|
||
.antMatchers("/xmgl/workerInfo/selectPersonList").permitAll()
|
||
.antMatchers("/xmgl/lifterViolation/add").permitAll()
|
||
.antMatchers("/xmgl/lifterViolation/selectPage").permitAll()
|
||
.antMatchers("/xmgl/projectJqmDev/list").permitAll()
|
||
.antMatchers("/xmgl/deepExcavationSensor/selectPage").permitAll()
|
||
.antMatchers("/xmgl/lifter/getRelatedInfo").permitAll()
|
||
.antMatchers("/xmgl/tower/getRelatedInfo").permitAll()
|
||
.antMatchers("/xmgl/workerInfo/selectPersonListZW").permitAll()
|
||
.antMatchers("/xmgl/checkingPointInfo/selectPage").permitAll()
|
||
.antMatchers("/xmgl/checkingPointInfo/selectAllList").permitAll()
|
||
.antMatchers("/xmgl/checkingPointInfo/add").permitAll()
|
||
.antMatchers("/xmgl/dev/**").permitAll()
|
||
.antMatchers("/xmgl/deepExcavationCurrentData/exportData").permitAll()
|
||
.antMatchers("/xmgl/deepExcavationCurrentData/zwExportData").permitAll()
|
||
.antMatchers("/xmgl/deepExcavationMeasurePoint/selectDeepExcavationAllMeasurePointList").permitAll()
|
||
.antMatchers("/xmgl/deepExcavationMonitorType/list").permitAll()
|
||
.antMatchers("/xmgl/deepExcavationSensor/getSensorListByMeasurePointNumber").permitAll()
|
||
.antMatchers("/xmgl/deepExcavationCurrentData/selectDeepExcavationCurrentDataList").permitAll()
|
||
.antMatchers("/xmgl/deepExcavationEngineering/selectDeepExcavationList").permitAll()
|
||
.antMatchers("/xmgl/deepExcavationPlaneFigure/selectList").permitAll()
|
||
.antMatchers("/xmgl/deepExcavationPlaneFigureCoordinate/list").permitAll()
|
||
.antMatchers("/xmgl/videoItem/viListAndTenAlarm").permitAll()
|
||
.antMatchers("/xmgl/fpdcd/lrk/add").permitAll()
|
||
.antMatchers("/xmgl/rundeGroup/getSumAndOnlineNumber").permitAll()
|
||
.antMatchers("/license/**").permitAll()
|
||
.antMatchers("/api/main/alarm").permitAll()
|
||
.antMatchers("/zhgd/**").permitAll()
|
||
.antMatchers("/xmgl/lifter/list").permitAll()
|
||
.antMatchers("/xmgl/progressTask/downloadTemplate").permitAll() //进度管理系统-分布分项工程管理-下载模板
|
||
.antMatchers(HttpMethod.OPTIONS, "/**").anonymous()
|
||
.anyRequest().authenticated() // 剩下所有的验证都需要验证
|
||
.and()
|
||
// 禁用 Spring Security 自带的跨域处理
|
||
.csrf().disable()
|
||
// 授权异常
|
||
.exceptionHandling()
|
||
.authenticationEntryPoint(unauthorizedHandler)
|
||
//.authenticationEntryPoint()
|
||
.accessDeniedHandler(accessDeniedHandler)
|
||
.and()
|
||
// 定制我们自己的 session 策略:调整为让 Spring Security 不创建和使用 session
|
||
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
|
||
//以下这句就可以控制单个用户只能创建一个session,也就只能在服务器登录一次
|
||
//http.sessionManagement().maximumSessions(1).expiredUrl("/login");
|
||
|
||
// Apply JWT
|
||
//http.apply(new JwtTokenFilterConfigurer(jwtTokenProvider));
|
||
// 添加JWT filter
|
||
http.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
|
||
|
||
} else {
|
||
http.csrf().disable()
|
||
.authorizeRequests()
|
||
.anyRequest().permitAll()
|
||
.and().logout().permitAll();
|
||
}
|
||
}
|
||
|
||
public void getStartDate() {
|
||
// 二分查找
|
||
|
||
}
|
||
|
||
@Override
|
||
public void configure(WebSecurity web) throws Exception {
|
||
// Allow swagger to be accessed without authentication
|
||
web.ignoring()
|
||
//忽略任何以什么开头的请求
|
||
.antMatchers("/v2/api-docs")
|
||
.antMatchers("/swagger-resources/**")
|
||
.antMatchers("/swagger-ui.html")
|
||
.antMatchers("/configuration/**")
|
||
.antMatchers("/webjars/**")
|
||
.antMatchers("/public")
|
||
.antMatchers("/doc.html")
|
||
.antMatchers("/static/document/README.md")
|
||
.antMatchers("/index.html")
|
||
.antMatchers("/equipmentCenter.html")
|
||
.antMatchers("/equipmentCenter.html/**")
|
||
.antMatchers("/js/**")
|
||
.antMatchers("/img/**")
|
||
.antMatchers("/fonts/**")
|
||
.antMatchers("/css/**")
|
||
.antMatchers("/document/**")
|
||
.antMatchers("/doc/**")
|
||
.antMatchers("/video/**")
|
||
.antMatchers("/animate/**")
|
||
.antMatchers("/static/**")
|
||
.antMatchers("/flowable/**")
|
||
.antMatchers("/favicon.ico")
|
||
.antMatchers("/favicon.png")
|
||
// Un-secure H2 Database (for testing purposes, H2 console shouldn't be unprotected in production)
|
||
.and()
|
||
.ignoring()
|
||
.antMatchers("/h2-console/**/**");
|
||
}
|
||
|
||
@Bean
|
||
public PasswordEncoder passwordEncoder() {
|
||
return new BCryptPasswordEncoder(12);
|
||
}
|
||
|
||
@Bean
|
||
@Override
|
||
public AuthenticationManager authenticationManagerBean() throws Exception {
|
||
return super.authenticationManagerBean();
|
||
}
|
||
}
|