93 lines
3.2 KiB
Java
93 lines
3.2 KiB
Java
package com.zhangmeng.quartz.config;
|
||
|
||
import org.springframework.beans.factory.annotation.Autowired;
|
||
import org.springframework.context.annotation.Bean;
|
||
import org.springframework.context.annotation.Configuration;
|
||
import org.springframework.core.io.ClassPathResource;
|
||
import org.springframework.core.io.Resource;
|
||
import org.springframework.http.HttpMethod;
|
||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
|
||
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
|
||
import org.springframework.security.oauth2.provider.token.TokenStore;
|
||
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
|
||
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
|
||
|
||
import java.io.BufferedReader;
|
||
import java.io.IOException;
|
||
import java.io.InputStreamReader;
|
||
import java.util.stream.Collectors;
|
||
|
||
/**
|
||
* @author 转身的背影在心底里沉沦
|
||
* @date 2021年9月14日16:45:29
|
||
* @version 1.0
|
||
*/
|
||
@Configuration
|
||
@EnableResourceServer
|
||
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)// 激活方法上的PreAuthorize注解
|
||
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
|
||
|
||
// 公钥
|
||
private static final String PUBLIC_KEY = "public.key";
|
||
|
||
@Autowired
|
||
private SecurityProperty securityProperty;
|
||
|
||
/***
|
||
* 定义JwtTokenStore
|
||
* @param jwtAccessTokenConverter
|
||
* @return
|
||
*/
|
||
@Bean
|
||
public TokenStore tokenStore(JwtAccessTokenConverter jwtAccessTokenConverter) {
|
||
return new JwtTokenStore(jwtAccessTokenConverter);
|
||
}
|
||
|
||
/***
|
||
* 定义JJwtAccessTokenConverter
|
||
* @return
|
||
*/
|
||
@Bean
|
||
public JwtAccessTokenConverter jwtAccessTokenConverter() {
|
||
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
|
||
converter.setVerifierKey(getPubKey()); //秘钥的一部分
|
||
return converter;
|
||
}
|
||
/**
|
||
* 获取非对称加密公钥 Key
|
||
* @return 公钥 Key
|
||
*/
|
||
private String getPubKey() {
|
||
Resource resource = new ClassPathResource(PUBLIC_KEY);
|
||
try {
|
||
InputStreamReader inputStreamReader = new InputStreamReader(resource.getInputStream());
|
||
BufferedReader br = new BufferedReader(inputStreamReader);
|
||
return br.lines().collect(Collectors.joining("\n"));
|
||
} catch (IOException ioe) {
|
||
return null;
|
||
}
|
||
}
|
||
|
||
/***
|
||
* SpringSecurity
|
||
* Http安全配置,对每个到达系统的http请求链接进行校验
|
||
* @param http
|
||
* @throws Exception
|
||
*/
|
||
@Override
|
||
public void configure(HttpSecurity http) throws Exception {
|
||
|
||
http.headers().frameOptions().disable();
|
||
|
||
// 所有请求必须认证通过
|
||
http.authorizeRequests()
|
||
// 跨域预检请求
|
||
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
|
||
.antMatchers(securityProperty.getOpenApi()).permitAll()
|
||
.anyRequest().
|
||
authenticated(); // 其他地址需要认证授权
|
||
}
|
||
}
|