SpringSecurity Rbac 配置
Bitgeek 2024-02-14 SpringSecuritySpringBootRbac
# Rbac的代码配置
# spring pom 配置
<!--security-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!-- redisson -->
<dependency>
<groupId>org.redisson</groupId>
<artifactId>redisson</artifactId>
<version>3.10.6</version>
</dependency>
<!-- 微信包 -->
<dependency>
<groupId>com.github.binarywang</groupId>
<artifactId>weixin-java-cp</artifactId>
<version>4.6.0</version>
</dependency>
<dependency>
<groupId>tk.mybatis</groupId>
<artifactId>mapper-spring-boot-starter</artifactId>
<version>4.2.2</version>
</dependency>
<!-- jjwt依赖包 -->
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>4.4.0</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.12.1</version>
</dependency>
# SpringSecurity Config 相关配置
- 配置 SecurityConfig
package cn.bitgeek.config;
import cn.bitgeek.rbac.*;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
/**
* PROJECT_NAME: springboot-v3-demo
* DESCRIPTION:<p></p>
*
* @author: liqingzhu
* @since: 1.0.0
* @version: 1.0.0
*/
@Slf4j
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig {
@Value("${elasticsearch.host}")
private String host;
@Autowired
private AuthProperties authProperties;
private static final String[] URL_WHITELIST = {"/auth/login","/swagger-ui/index.html","/v3/**","/swagger-ui/**","/swagger-ui.html","/user/login", "/favicon.ico"};
@Autowired
private AccountUserDetailsService accountUserDetailsService;
@Autowired
private JwtAuthenticationFilter jwtAuthenticationFilter;
@Autowired
private JwtLogoutSuccessHandler jwtLogoutSuccessHandler;
@Autowired
private JwtAccessDeniedHandler jwtAccessDeniedHandler;
@Autowired
private LoginSuccessHandler loginSuccessHandler;
@Autowired
private LoginFailureHandler loginFailureHandler;
@Autowired
private JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
/**
* @return 身份校验机制、身份验证提供程序
*/
@Bean
public AuthenticationProvider authenticationProvider() {
// 创建一个用户认证提供者
DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
// 设置用户相关信息,可以从数据库中读取、或者缓存、或者配置文件
// 只要是继承这个接口的类 实现一个获取一个实现user信息
authProvider.setUserDetailsService(accountUserDetailsService);
// 设置加密机制,用于对用户进行身份验证
// authProvider.setPasswordEncoder(passwordEncoder());
return authProvider;
}
/**
* 基于用户名和密码或使用用户名和密码进行身份验证
*
* @param config
* @return
* @throws Exception
*/
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration config) throws Exception {
return config.getAuthenticationManager();
}
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
// String info = host;
// log.info("info===={}",info);
String [] white = authProperties.getWhite();
// int length = authProperties.getWhite().length;
// log.info("length=======>{}",length);
http
// 禁用csrf(防止跨站请求伪造攻击)
.csrf(csrf -> csrf.disable())
// 登录操作
.formLogin(form -> form.successHandler(loginSuccessHandler).failureHandler(loginFailureHandler))
// 登出操作
.logout(logout -> logout.logoutSuccessHandler(jwtLogoutSuccessHandler))
// 使用无状态session,即不使用session缓存数据
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
// 设置白名单
.authorizeHttpRequests(auth -> auth.requestMatchers(white).permitAll().anyRequest().authenticated())
// 异常处理器
.exceptionHandling(exception -> exception.authenticationEntryPoint(jwtAuthenticationEntryPoint).accessDeniedHandler(jwtAccessDeniedHandler))
// 添加jwt过滤器
.authenticationProvider(authenticationProvider()).addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
return http.build();
}
/**
* 密码编码器
*/
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}