package com.njcn.auth.config; import com.njcn.auth.security.provider.Sm4AuthenticationProvider; import com.njcn.auth.security.provider.SmsAuthenticationProvider; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.ProviderManager; import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.factory.PasswordEncoderFactories; import org.springframework.security.crypto.password.PasswordEncoder; /** * @author hongawen */ @Slf4j @Configuration @EnableWebSecurity @RequiredArgsConstructor public class WebSecurityConfig extends WebSecurityConfigurerAdapter { private final UserDetailsService sysUserDetailsService; private final Sm4AuthenticationProvider sm4AuthenticationProvider; private final SmsAuthenticationProvider smsAuthenticationProvider; @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/oauth/getPublicKey","/oauth/logout","/auth/getImgCode","/judgeToken/guangZhou","/judgeToken/heBei","/oauth/autoLogin").permitAll() // @link https://gitee.com/xiaoym/knife4j/issues/I1Q5X6 (接口文档knife4j需要放行的规则) .antMatchers("/webjars/**","/doc.html","/swagger-resources/**","/v2/api-docs").permitAll() .anyRequest().authenticated() .and() .csrf().disable(); } /** * 认证管理对象 * * @throws Exception . * @return . */ @Override @Bean public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } @Override public void configure(AuthenticationManagerBuilder auth) { auth.authenticationProvider(daoAuthenticationProvider()); } /** * 重写父类自定义AuthenticationManager 将provider注入进去 * 当然我们也可以考虑不重写 在父类的manager里面注入provider */ @Bean @Override protected AuthenticationManager authenticationManager(){ return new ProviderManager(sm4AuthenticationProvider,smsAuthenticationProvider); } /** * 用户名密码认证授权提供者 */ @Bean public DaoAuthenticationProvider daoAuthenticationProvider() { DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); provider.setUserDetailsService(sysUserDetailsService); provider.setPasswordEncoder(passwordEncoder()); // 是否隐藏用户不存在异常,默认:true-隐藏;false-抛出异常; provider.setHideUserNotFoundExceptions(false); return provider; } /** * 密码编码器 *

* 委托方式,根据密码的前缀选择对应的encoder,例如:{bcypt}前缀->标识BCYPT算法加密;{noop}->标识不使用任何加密即明文的方式 * 密码判读 DaoAuthenticationProvider#additionalAuthenticationChecks */ @Bean public PasswordEncoder passwordEncoder() { return PasswordEncoderFactories.createDelegatingPasswordEncoder(); } }