pengjunjie/JeecgBoot
1
0
Fork 1
mirror of https://github.com/jeecgboot/JeecgBoot.git synced 2026-02-06 18:45:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

spring3

Browse Source
This commit is contained in:
kezhijie
2023-11-06 12:41:57 +08:00
parent 04c55fa3ba
commit 47a68f31e1
219 changed files with 1746 additions and 1607 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
jeecg-server-cloud/jeecg-visual/jeecg-cloud-monitor/pom.xml
View File

@ -19,13 +19,19 @@
<dependency>
<groupId>de.codecentric</groupId>
<artifactId>spring-boot-admin-starter-server</artifactId>
<version>2.3.1</version>
<version>3.0.4</version>
</dependency>
<dependency>
<groupId>com.alibaba.cloud</groupId>
<artifactId>spring-cloud-starter-alibaba-nacos-discovery</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-properties-migrator</artifactId>
<scope>runtime</scope>
</dependency>
<!--安全模块-->
<dependency>
<groupId>org.springframework.boot</groupId>

55
jeecg-server-cloud/jeecg-visual/jeecg-cloud-monitor/src/main/java/org/jeecg/monitor/config/SecuritySecureConfig.java
View File

@ -2,8 +2,9 @@ package org.jeecg.monitor.config;
import de.codecentric.boot.admin.server.config.AdminServerProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
@ -11,7 +12,7 @@ import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
* @author scott
*/
@Configuration
public class SecuritySecureConfig extends WebSecurityConfigurerAdapter {
public class SecuritySecureConfig {
private final String adminContextPath;
@ -20,32 +21,40 @@ public class SecuritySecureConfig extends WebSecurityConfigurerAdapter {
}
@Override
protected void configure(HttpSecurity http) throws Exception {
public SecurityFilterChain configure(HttpSecurity http) throws Exception {
// 登录成功处理类
SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
successHandler.setTargetUrlParameter("redirectTo");
successHandler.setDefaultTargetUrl(adminContextPath + "/");
http.authorizeRequests()
//静态文件允许访问
.antMatchers(adminContextPath + "/assets/**").permitAll()
//登录页面允许访问
.antMatchers(adminContextPath + "/login", "/css/**", "/js/**", "/image/*").permitAll()
//其他所有请求需要登录
.anyRequest().authenticated()
.and()
//登录页面配置用于替换security默认页面
.formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler).and()
//登出页面配置用于替换security默认页面
.logout().logoutUrl(adminContextPath + "/logout").and()
.httpBasic().and()
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.ignoringAntMatchers(
"/instances",
"/actuator/**"
);
http.authorizeRequests(authorize -> {
try {
authorize
//静态文件允许访问
.requestMatchers(adminContextPath + "/assets/**").permitAll()
//登录页面允许访问
.requestMatchers(adminContextPath + "/login", "/css/**", "/js/**", "/image/*").permitAll()
//其他所有请求需要登录
.anyRequest().authenticated()
.and()
//登录页面配置用于替换security默认页面
.formLogin(formLogin -> formLogin.loginPage(adminContextPath + "/login").successHandler(successHandler))
//登出页面配置用于替换security默认页面
.logout(logout -> logout.logoutUrl(adminContextPath + "/logout"))
.httpBasic(Customizer.withDefaults())
.csrf(csrf -> csrf.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.ignoringRequestMatchers(
"/instances",
"/actuator/**")
);
} catch (Exception e) {
e.printStackTrace();
}
}
);
return http.build();
}