标签:require 开启 any 问控制 key resources div created pass
1 /** 2 * Created by Athos on 2016-10-16. 3 */ 4 @Configuration 5 @EnableWebSecurity 6 @EnableGlobalMethodSecurity(prePostEnabled = true) 7 public class WebSecurityConfig extends WebSecurityConfigurerAdapter { 8 9 @Resource 10 private UserDetailsService userDetailsService; 11 12 @Resource 13 private MySecurityMetadataSource mySecurityMetadataSource; 14 15 @Override 16 protected void configure(HttpSecurity http) throws Exception { 17 18 http.addFilterAfter(MyUsernamePasswordAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class); 19 // 开启默认登录页面 20 http.authorizeRequests().anyRequest().authenticated().withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() { 21 public <O extends FilterSecurityInterceptor> O postProcess( 22 O fsi) { 23 fsi.setSecurityMetadataSource(mySecurityMetadataSource); 24 fsi.setAccessDecisionManager(accessDecisionManager()); 25 fsi.setAuthenticationManager(authenticationManagerBean()); 26 return fsi; 27 } 28 }).and().exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login.html")).and().logout() 29 .logoutSuccessUrl("/index.html").permitAll(); 30 // 自定义accessDecisionManager访问控制器,并开启表达式语言 31 http.exceptionHandling().accessDeniedHandler(accessDeniedHandler()) 32 .and().authorizeRequests().anyRequest().authenticated().expressionHandler(webSecurityExpressionHandler()); 33 34 // 自定义登录页面 35 http.csrf().disable(); 36 37 // 自定义注销 38 // http.logout().logoutUrl("/logout").logoutSuccessUrl("/login") 39 // .invalidateHttpSession(true); 40 41 // session管理 42 http.sessionManagement().maximumSessions(1); 43 44 // RemeberMe 45 // http.rememberMe().key("webmvc#FD637E6D9C0F1A5A67082AF56CE32485"); 46 47 } 48 49 @Override 50 protected void configure(AuthenticationManagerBuilder auth) 51 throws Exception { 52 // 自定义UserDetailsService 53 auth.userDetailsService(userDetailsService); 54 } 55 56 @Bean 57 UsernamePasswordAuthenticationFilter MyUsernamePasswordAuthenticationFilter(){ 58 UsernamePasswordAuthenticationFilter myUsernamePasswordAuthenticationFilter = new UsernamePasswordAuthenticationFilter(); 59 myUsernamePasswordAuthenticationFilter.setPostOnly(true); 60 myUsernamePasswordAuthenticationFilter.setAuthenticationManager(authenticationManagerBean()); 61 myUsernamePasswordAuthenticationFilter.setUsernameParameter("name_key"); 62 myUsernamePasswordAuthenticationFilter.setPasswordParameter("pwd_key"); 63 myUsernamePasswordAuthenticationFilter.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher("/login", "POST")); 64 myUsernamePasswordAuthenticationFilter.setAuthenticationFailureHandler(simpleUrlAuthenticationFailureHandler()); 65 return myUsernamePasswordAuthenticationFilter; 66 } 67 68 @Bean 69 AccessDeniedHandler accessDeniedHandler(){ 70 AccessDeniedHandlerImpl accessDeniedHandler = new AccessDeniedHandlerImpl(); 71 accessDeniedHandler.setErrorPage("/securityException/accessDenied"); 72 return accessDeniedHandler; 73 } 74 75 @Bean 76 public LoggerListener loggerListener() { 77 System.out.println("org.springframework.security.authentication.event.LoggerListener"); 78 return new LoggerListener(); 79 } 80 81 @Bean 82 public org.springframework.security.access.event.LoggerListener eventLoggerListener() { 83 System.out.println("org.springframework.security.access.event.LoggerListener"); 84 return new org.springframework.security.access.event.LoggerListener(); 85 } 86 87 /* 88 * 89 * 这里可以增加自定义的投票器 90 */ 91 @Bean(name = "accessDecisionManager") 92 public AccessDecisionManager accessDecisionManager() { 93 List<AccessDecisionVoter<? extends Object>> decisionVoters = new ArrayList(); 94 decisionVoters.add(new RoleVoter()); 95 decisionVoters.add(new AuthenticatedVoter()); 96 decisionVoters.add(webExpressionVoter());// 启用表达式投票器 97 MyAccessDecisionManager accessDecisionManager = new MyAccessDecisionManager(decisionVoters); 98 return accessDecisionManager; 99 } 100 101 @Bean(name = "authenticationManager") 102 @Override 103 public AuthenticationManager authenticationManagerBean(){ 104 AuthenticationManager authenticationManager = null; 105 try { 106 authenticationManager = super.authenticationManagerBean(); 107 } catch (Exception e) { 108 e.printStackTrace(); 109 } 110 return authenticationManager; 111 } 112 113 114 @Bean(name = "failureHandler") 115 public SimpleUrlAuthenticationFailureHandler simpleUrlAuthenticationFailureHandler(){ 116 return new SimpleUrlAuthenticationFailureHandler("/getLoginError"); 117 } 118 119 @Bean(name = "aclResourcesService") 120 @ConditionalOnMissingBean 121 public AclResourcesService aclResourcesService(){ 122 return new AclResourcesServiceImpl(); 123 } 124 125 /* 126 * 表达式控制器 127 */ 128 @Bean(name = "expressionHandler") 129 public DefaultWebSecurityExpressionHandler webSecurityExpressionHandler() { 130 DefaultWebSecurityExpressionHandler webSecurityExpressionHandler = new DefaultWebSecurityExpressionHandler(); 131 return webSecurityExpressionHandler; 132 } 133 134 /* 135 * 表达式投票器 136 */ 137 @Bean(name = "expressionVoter") 138 public WebExpressionVoter webExpressionVoter() { 139 WebExpressionVoter webExpressionVoter = new WebExpressionVoter(); 140 webExpressionVoter.setExpressionHandler(webSecurityExpressionHandler()); 141 return webExpressionVoter; 142 } 143 144 }
标签:require 开启 any 问控制 key resources div created pass
原文地址:http://www.cnblogs.com/sweetchildomine/p/5998659.html