2021-11-12 04:02:25 +00:00
|
|
|
|
package com.zhangmeng.quartz.config;
|
|
|
|
|
|
|
|
|
|
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
|
|
|
|
import org.springframework.context.annotation.Bean;
|
|
|
|
|
|
import org.springframework.context.annotation.Configuration;
|
|
|
|
|
|
import org.springframework.core.io.ClassPathResource;
|
|
|
|
|
|
import org.springframework.core.io.Resource;
|
|
|
|
|
|
import org.springframework.http.HttpMethod;
|
|
|
|
|
|
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
|
|
|
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
|
|
|
|
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
|
|
|
|
|
|
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
|
|
|
|
|
|
import org.springframework.security.oauth2.provider.token.TokenStore;
|
|
|
|
|
|
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
|
|
|
|
|
|
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
|
|
|
|
|
|
|
|
|
|
|
|
import java.io.BufferedReader;
|
|
|
|
|
|
import java.io.IOException;
|
|
|
|
|
|
import java.io.InputStreamReader;
|
|
|
|
|
|
import java.util.stream.Collectors;
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
|
* @author 转身的背影在心底里沉沦
|
|
|
|
|
|
* @date 2021年9月14日16:45:29
|
|
|
|
|
|
* @version 1.0
|
|
|
|
|
|
*/
|
|
|
|
|
|
@Configuration
|
|
|
|
|
|
@EnableResourceServer
|
|
|
|
|
|
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)// 激活方法上的PreAuthorize注解
|
|
|
|
|
|
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
|
|
|
|
|
|
|
|
|
|
|
|
// 公钥
|
|
|
|
|
|
private static final String PUBLIC_KEY = "public.key";
|
|
|
|
|
|
|
|
|
|
|
|
@Autowired
|
|
|
|
|
|
private SecurityProperty securityProperty;
|
|
|
|
|
|
|
|
|
|
|
|
/***
|
|
|
|
|
|
* 定义JwtTokenStore
|
|
|
|
|
|
* @param jwtAccessTokenConverter
|
|
|
|
|
|
* @return
|
|
|
|
|
|
*/
|
|
|
|
|
|
@Bean
|
|
|
|
|
|
public TokenStore tokenStore(JwtAccessTokenConverter jwtAccessTokenConverter) {
|
|
|
|
|
|
return new JwtTokenStore(jwtAccessTokenConverter);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/***
|
|
|
|
|
|
* 定义JJwtAccessTokenConverter
|
|
|
|
|
|
* @return
|
|
|
|
|
|
*/
|
|
|
|
|
|
@Bean
|
|
|
|
|
|
public JwtAccessTokenConverter jwtAccessTokenConverter() {
|
|
|
|
|
|
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
|
|
|
|
|
|
converter.setVerifierKey(getPubKey()); //秘钥的一部分
|
|
|
|
|
|
return converter;
|
|
|
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
|
|
|
* 获取非对称加密公钥 Key
|
|
|
|
|
|
* @return 公钥 Key
|
|
|
|
|
|
*/
|
|
|
|
|
|
private String getPubKey() {
|
|
|
|
|
|
Resource resource = new ClassPathResource(PUBLIC_KEY);
|
|
|
|
|
|
try {
|
|
|
|
|
|
InputStreamReader inputStreamReader = new InputStreamReader(resource.getInputStream());
|
|
|
|
|
|
BufferedReader br = new BufferedReader(inputStreamReader);
|
|
|
|
|
|
return br.lines().collect(Collectors.joining("\n"));
|
|
|
|
|
|
} catch (IOException ioe) {
|
|
|
|
|
|
return null;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/***
|
|
|
|
|
|
* SpringSecurity
|
|
|
|
|
|
* Http安全配置,对每个到达系统的http请求链接进行校验
|
|
|
|
|
|
* @param http
|
|
|
|
|
|
* @throws Exception
|
|
|
|
|
|
*/
|
|
|
|
|
|
@Override
|
|
|
|
|
|
public void configure(HttpSecurity http) throws Exception {
|
|
|
|
|
|
|
|
|
|
|
|
http.headers().frameOptions().disable();
|
|
|
|
|
|
|
|
|
|
|
|
// 所有请求必须认证通过
|
|
|
|
|
|
http.authorizeRequests()
|
|
|
|
|
|
// 跨域预检请求
|
|
|
|
|
|
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
|
2021-11-17 02:14:40 +00:00
|
|
|
|
.antMatchers(securityProperty.getOpenApi()).permitAll()
|
2021-11-12 04:02:25 +00:00
|
|
|
|
.anyRequest().
|
|
|
|
|
|
authenticated(); // 其他地址需要认证授权
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
