OCT 1. SpringSecurity支持配置文件白名单列表

2024-01-26 16:17:34 +08:00 · 2024-01-26 16:17:34 +08:00 · 73efef547a
parent b507206bb8
commit 73efef547a
8 changed files with 56 additions and 13 deletions
--- a/config/application-local.yml
+++ b/config/application-local.yml
@ -57,8 +57,8 @@ pagehelper  :
  support-methods-arguments: true
  pageSizeZero             : true
  params.count             : countSql
-  
-  #config log
+
+#config log
 logging     :
  config: file:config/logback.xml
 log4j       :
@ -70,9 +70,9 @@ log4j       :
 springdoc   :
  swagger-ui:
    path: /swagger-ui.html
-  
-  # JWT configure
+
+# JWT configure
 jwt         :
  http-head  : Authorization
  secret-key : MTIzNDU2Nzg=
-  expire-time: 604800
+  expire-time: 604800
--- a/config/application-user.yml
+++ b/config/application-user.yml
@ -11,6 +11,8 @@ protocol:

 security:
  ui:
-    write-list:
-      - /swagger-ui/**
-      - /v3/api-docs/**
+    white-list:
+      - method: GET
+        url   : /swagger-ui/**
+      - method: GET
+        url   : /v3/api-docs/**
--- a/config/logback.xml
+++ b/config/logback.xml
@ -96,6 +96,11 @@
        <appender-ref ref="CONSOLE"/>
    </logger>

+    <logger name="com.ulisesbocchio.jasyptspringboot" level="error" additivity="false">
+        <appender-ref ref="DATA"/>
+        <appender-ref ref="CONSOLE"/>
+    </logger>
+
    <root level="${LOG_LEVEL}">
        <appender-ref ref="SYSTEM-LOG-FILE"/>
        <appender-ref ref="CONSOLE"/>
--- a/pom.xml
+++ b/pom.xml
@ -156,7 +156,6 @@
            <artifactId>json-path</artifactId>
            <version>2.8.0</version>
        </dependency>
-
    </dependencies>

    <build>
--- a/src/main/java/com/cmhi/cf/authentication/configure/SecuritySecurity.java
+++ b/src/main/java/com/cmhi/cf/authentication/configure/SecuritySecurity.java
@ -11,7 +11,6 @@ import jakarta.annotation.Resource;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.ProviderManager;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
@ -51,6 +50,9 @@ public class SecuritySecurity {
    @Resource
    private CustomAuthorizationManager customAuthorizationManager;

+    @Resource
+    private UserSecurityConfigure userSecurityConfigure;
+
    @Bean
    PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
@ -61,7 +63,11 @@ public class SecuritySecurity {
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {

        http.authorizeHttpRequests(resp -> {
-                resp.requestMatchers(HttpMethod.GET, "/swagger-ui/**", "/v3/api-docs/**", "/swagger-ui.html").permitAll();
+                // 配置文件中配置的白名单
+                userSecurityConfigure.getWhiteList().forEach(k -> {
+                    resp.requestMatchers(k.getMethod(), k.getUrl()).permitAll();
+                });
+
                resp.requestMatchers("/api/**").access(customAuthorizationManager);
                //resp.anyRequest().access(customAuthorizationManager);
            })
--- a/src/main/java/com/cmhi/cf/authentication/configure/UserSecurityConfigure.java
+++ b/src/main/java/com/cmhi/cf/authentication/configure/UserSecurityConfigure.java
@ -1,5 +1,6 @@
 package com.cmhi.cf.authentication.configure;

+import com.cmhi.cf.authentication.pojo.po.UrlFilterItem;
 import jakarta.annotation.PostConstruct;
 import lombok.Data;
 import lombok.extern.slf4j.Slf4j;
@ -13,10 +14,10 @@ import java.util.List;
@Data
@Slf4j
 public class UserSecurityConfigure {
-    private List<String> writeList;
+    private List<UrlFilterItem> whiteList;

    @PostConstruct
    private void initGlobalValue() {
-        log.info("Current: writeList = [{}]", writeList);
+        log.info("Current: writeList = [{}]", whiteList);
    }
 }
--- a/src/main/java/com/cmhi/cf/authentication/pojo/po/UrlFilterItem.java
+++ b/src/main/java/com/cmhi/cf/authentication/pojo/po/UrlFilterItem.java
@ -0,0 +1,16 @@
+package com.cmhi.cf.authentication.pojo.po;
+
+import lombok.Data;
+import org.springframework.http.HttpMethod;
+
+import java.io.Serial;
+import java.io.Serializable;
+
+@Data
+public class UrlFilterItem implements Serializable {
+    @Serial
+    private static final long serialVersionUID = 1L;
+
+    private HttpMethod method;
+    private String     url;
+}
--- a/src/main/java/com/cmhi/cf/common/StringToHttpMethodConverter.java
+++ b/src/main/java/com/cmhi/cf/common/StringToHttpMethodConverter.java
@ -0,0 +1,14 @@
+package com.cmhi.cf.common;
+
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.http.HttpMethod;
+import org.springframework.stereotype.Component;
+
+@Component
+public class StringToHttpMethodConverter implements Converter<String, HttpMethod> {
+    @Override
+    public HttpMethod convert(String source) {
+        // 这里假设了source是一个有效的HttpMethod字符串，如 "GET" 或 "POST"。
+        return HttpMethod.valueOf(source.toUpperCase());
+    }
+}