cmhi
/
CommonFramework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

OCT 1. SpringSecurity支持配置文件白名单列表

This commit is contained in:
黄昕 2024-01-26 16:17:34 +08:00
parent b507206bb8
commit 73efef547a
8 changed files with 56 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
config/application-local.yml
View File

@ -57,8 +57,8 @@ pagehelper :
support-methods-arguments: true support-methods-arguments: true
pageSizeZero : true pageSizeZero : true
params.count : countSql params.count : countSql
#config log #config log
logging : logging :
config: file:config/logback.xml config: file:config/logback.xml
log4j : log4j :
@ -70,9 +70,9 @@ log4j :
springdoc : springdoc :
swagger-ui: swagger-ui:
path: /swagger-ui.html path: /swagger-ui.html
# JWT configure # JWT configure
jwt : jwt :
http-head : Authorization http-head : Authorization
secret-key : MTIzNDU2Nzg= secret-key : MTIzNDU2Nzg=
expire-time: 604800 expire-time: 604800

8
config/application-user.yml
View File

@ -11,6 +11,8 @@ protocol:
security: security:
ui: ui:
write-list: white-list:
- /swagger-ui/** - method: GET
- /v3/api-docs/** url : /swagger-ui/**
- method: GET
url : /v3/api-docs/**

5
config/logback.xml
View File

@ -96,6 +96,11 @@
<appender-ref ref="CONSOLE"/> <appender-ref ref="CONSOLE"/>
</logger> </logger>
<logger name="com.ulisesbocchio.jasyptspringboot" level="error" additivity="false">
<appender-ref ref="DATA"/>
<appender-ref ref="CONSOLE"/>
</logger>
<root level="${LOG_LEVEL}"> <root level="${LOG_LEVEL}">
<appender-ref ref="SYSTEM-LOG-FILE"/> <appender-ref ref="SYSTEM-LOG-FILE"/>
<appender-ref ref="CONSOLE"/> <appender-ref ref="CONSOLE"/>

1
pom.xml
View File

@ -156,7 +156,6 @@
<artifactId>json-path</artifactId> <artifactId>json-path</artifactId>
<version>2.8.0</version> <version>2.8.0</version>
</dependency> </dependency>
</dependencies> </dependencies>
<build> <build>

10
src/main/java/com/cmhi/cf/authentication/configure/SecuritySecurity.java
View File

@ -11,7 +11,6 @@ import jakarta.annotation.Resource;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.ProviderManager; import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
@ -51,6 +50,9 @@ public class SecuritySecurity {
@Resource @Resource
private CustomAuthorizationManager customAuthorizationManager; private CustomAuthorizationManager customAuthorizationManager;
@Resource
private UserSecurityConfigure userSecurityConfigure;
@Bean @Bean
PasswordEncoder passwordEncoder() { PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder(); return new BCryptPasswordEncoder();
@ -61,7 +63,11 @@ public class SecuritySecurity {
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests(resp -> { http.authorizeHttpRequests(resp -> {
resp.requestMatchers(HttpMethod.GET, "/swagger-ui/**", "/v3/api-docs/**", "/swagger-ui.html").permitAll(); // 配置文件中配置的白名单
userSecurityConfigure.getWhiteList().forEach(k -> {
resp.requestMatchers(k.getMethod(), k.getUrl()).permitAll();
});
resp.requestMatchers("/api/**").access(customAuthorizationManager); resp.requestMatchers("/api/**").access(customAuthorizationManager);
//resp.anyRequest().access(customAuthorizationManager); //resp.anyRequest().access(customAuthorizationManager);
}) })

5
src/main/java/com/cmhi/cf/authentication/configure/UserSecurityConfigure.java
View File

@ -1,5 +1,6 @@
package com.cmhi.cf.authentication.configure; package com.cmhi.cf.authentication.configure;
import com.cmhi.cf.authentication.pojo.po.UrlFilterItem;
import jakarta.annotation.PostConstruct; import jakarta.annotation.PostConstruct;
import lombok.Data; import lombok.Data;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
@ -13,10 +14,10 @@ import java.util.List;
@Data @Data
@Slf4j @Slf4j
public class UserSecurityConfigure { public class UserSecurityConfigure {
private List<String> writeList; private List<UrlFilterItem> whiteList;
@PostConstruct @PostConstruct
private void initGlobalValue() { private void initGlobalValue() {
log.info("Current: writeList = [{}]", writeList); log.info("Current: writeList = [{}]", whiteList);
} }
} }

16
src/main/java/com/cmhi/cf/authentication/pojo/po/UrlFilterItem.java Normal file
View File

@ -0,0 +1,16 @@
package com.cmhi.cf.authentication.pojo.po;
import lombok.Data;
import org.springframework.http.HttpMethod;
import java.io.Serial;
import java.io.Serializable;
@Data
public class UrlFilterItem implements Serializable {
@Serial
private static final long serialVersionUID = 1L;
private HttpMethod method;
private String url;
}

14
src/main/java/com/cmhi/cf/common/StringToHttpMethodConverter.java Normal file
View File

@ -0,0 +1,14 @@
package com.cmhi.cf.common;
import org.springframework.core.convert.converter.Converter;
import org.springframework.http.HttpMethod;
import org.springframework.stereotype.Component;
@Component
public class StringToHttpMethodConverter implements Converter<String, HttpMethod> {
@Override
public HttpMethod convert(String source) {
// 这里假设了source是一个有效的HttpMethod字符串 "GET" "POST"
return HttpMethod.valueOf(source.toUpperCase());
}
}