package com.izouma.nineth.security; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.context.annotation.Bean; import org.springframework.http.HttpMethod; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) @EnableConfigurationProperties({JwtConfig.class}) public class WebSecurityConfig extends WebSecurityConfigurerAdapter { private final JwtAuthenticationEntryPoint unauthorizedHandler; private final UserDetailsService userDetailsService; private final JwtAuthorizationTokenFilter authenticationTokenFilter; private final String tokenHeader; public WebSecurityConfig(JwtAuthenticationEntryPoint unauthorizedHandler, @Qualifier("jwtUserDetailsService") UserDetailsService userDetailsService, JwtAuthorizationTokenFilter authenticationTokenFilter, @Value("${jwt.header}") String tokenHeader) { this.unauthorizedHandler = unauthorizedHandler; this.userDetailsService = userDetailsService; this.authenticationTokenFilter = authenticationTokenFilter; this.tokenHeader = tokenHeader; } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userDetailsService) .passwordEncoder(passwordEncoderBean()); } @Bean public PasswordEncoder passwordEncoderBean() { return new BCryptPasswordEncoder(4); } @Bean @Override public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } @Override protected void configure(HttpSecurity httpSecurity) throws Exception { // We don't need CSRF for this example httpSecurity.csrf().disable() .cors().and() // dont authenticate this particular request .authorizeRequests() //swagger-ui放行路径 .antMatchers("/v2/api-docs", "/swagger-ui.html", "/swagger-resources/**", "/webjars/**").permitAll() .antMatchers("/user/register").permitAll() .antMatchers("/upload/**").permitAll() .antMatchers("/files/**").permitAll() .antMatchers("/static/**").permitAll() .antMatchers("/auth/**").permitAll() .antMatchers("/captcha/**").permitAll() .antMatchers("/admin/**").permitAll() .antMatchers("/systemVariable/all").permitAll() .antMatchers("/**/excel").permitAll() .antMatchers("/wx/**").permitAll() .antMatchers("/sms/sendVerify").permitAll() .antMatchers("/sms/sendSecureVerify").permitAll() .antMatchers("/sms/verify").permitAll() .antMatchers("/error").permitAll() .antMatchers("/401").permitAll() .antMatchers("/404").permitAll() .antMatchers("/500").permitAll() .antMatchers("/MP_verify*").permitAll() .antMatchers("/payOrder/**").permitAll() .antMatchers("/notify/**").permitAll() .antMatchers("/banner/all").permitAll() .antMatchers("/setting/all").permitAll() .antMatchers("/setting/byFlag").permitAll() .antMatchers("/collection/all").permitAll() .antMatchers("/collection/get/**").permitAll() .antMatchers("/asset/get/**").permitAll() .antMatchers("/asset/tokenHistory").permitAll() .antMatchers("/user/all").permitAll() .antMatchers("/user/get/*").permitAll() .antMatchers("/news/all").permitAll() .antMatchers("/news/get/*").permitAll() .antMatchers("/user/forgotPassword").permitAll() .antMatchers("/sysConfig/get/*").permitAll() .antMatchers("/sysConfig/getDecimal/*").permitAll() .antMatchers("/user/code2openId").permitAll() .antMatchers("/blindBoxItem/all").permitAll() .antMatchers("/collection/recommend").permitAll() .antMatchers("/order/**/status", "/giftOrder/*/status", "/mintOrder/*/status", "/rechargeOrder/*/status", "/auctionOrder/*/status").permitAll() .antMatchers("/mintOrder/**/status").permitAll() .antMatchers("/activity/all").permitAll() .antMatchers("/activity/get/*").permitAll() .antMatchers("/mintActivity/all").permitAll() .antMatchers("/mintActivity/get/**").permitAll() .antMatchers("/purchaseLevel/all").permitAll() .antMatchers("/purchaseLevel/get/**").permitAll() .antMatchers("/news/all").permitAll() .antMatchers("/news/get/**").permitAll() .antMatchers("/druid/**").permitAll() .antMatchers("/identityAuth/autoAuth").permitAll() .antMatchers("/statistic/weekTop").permitAll() .antMatchers("/showroom/all").permitAll() .antMatchers("/showroom/get/**").permitAll() .antMatchers("/testClass/**").permitAll() .antMatchers("/appVersion/**").permitAll() .antMatchers("/sandpay/**").permitAll() .antMatchers("/hmpay/**").permitAll() .antMatchers("/payease/**").permitAll() .antMatchers("/order/calcSettle").permitAll() .antMatchers("/auctionOrder/all").permitAll() .antMatchers("/auctionOrder/get/**").permitAll() .antMatchers("/auctionActivity/all").permitAll() .antMatchers("/auctionActivity/get/**").permitAll() .antMatchers("/auctionRecord/all").permitAll() .antMatchers("/ossNotify").permitAll() .antMatchers("/priceList/list").permitAll() .antMatchers("/priceList/priceListVo").permitAll() .antMatchers("/user/collectionInvitorList").permitAll() .antMatchers("/auth/oasisLogin").permitAll() .antMatchers("/auth/oasisLoginPhone").permitAll() .antMatchers("/payOrder/v2/**/sandQuick").permitAll() .antMatchers("/pay/v2/**/sandQuick").permitAll() .antMatchers("/user/faceAuthNotify/*").permitAll() .antMatchers("/blindBoxItem/rare/*").permitAll() .antMatchers("/user/synchronizationData").permitAll() .antMatchers("/rarityLabel/label/*").permitAll() .antMatchers("/collection/count").permitAll() .antMatchers("/asset/*/metaPlayerRole").permitAll() .antMatchers("/metaPlayerInfo/**").permitAll() .antMatchers("/metaSpatialInfo/**").permitAll() .antMatchers("/onOff/**").permitAll() .antMatchers("/metaBonusScene/**").permitAll() .antMatchers("/alipay/notify").permitAll() .antMatchers("/metaPlayerWear/**").permitAll() .antMatchers("/userHold/app/top").permitAll() .antMatchers("/userHold/app/top/refresh").permitAll() .antMatchers("/company/get/*").permitAll() .antMatchers("/websocket/**").permitAll() .antMatchers("/user/websocket/*").permitAll() .antMatchers("/purchaseLevel/websocket/*").permitAll() .antMatchers("/metaAdvertRecord/metaQuery").permitAll() .antMatchers("/metaTask/**").permitAll() .antMatchers("/asset/destroy").permitAll() .antMatchers("/user/topTen").permitAll() .antMatchers("/metaUserTaskProgress/**").permitAll() .antMatchers("/metaUserGold/**").permitAll() .antMatchers("/metaTask/findAll").permitAll() .antMatchers("/metaTaskToUser/**").permitAll() .antMatchers("/metaTaskActivity/queryPublishActivity").permitAll() .antMatchers("/metaAdvertRecord/**").permitAll() .antMatchers("/metaDestroyActivity/*/metaQuery").permitAll() .antMatchers("/metaResourceVersion/**").permitAll() .antMatchers("/asset/topTen").permitAll() .antMatchers("/metaUser/internalTest").permitAll() .antMatchers("/metaShowRoomAsset/**").permitAll() .antMatchers("/metaCacheable/clearMMO").permitAll() .antMatchers("/u951658VPf.txt").permitAll() .antMatchers("/u9s1658vPf.txt").permitAll() .antMatchers("/MP_verify_0Nvt9aSVZw3kbSSi.txt").permitAll() .antMatchers("/tradeAuction/all").permitAll() .antMatchers("/tradeAuction/get/**").permitAll() .antMatchers("/tradeAuctionOrder/all").permitAll() .antMatchers("/metaVisitor/save").permitAll() .antMatchers("/gpt3/**").permitAll() .antMatchers("/metaSwitch/*/findSwitch").permitAll() .antMatchers("/metaResources/getUrl").permitAll() .antMatchers("/news/newsInfo").permitAll() .antMatchers("/metaResources/like").permitAll() // all other requests need to be authenticated .anyRequest().authenticated().and() // make sure we use stateless session; session won't be used to // store user's state. .exceptionHandling().authenticationEntryPoint(unauthorizedHandler) .and().sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS); // Add a filter to validate the tokens with every request httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class); } @Override public void configure(WebSecurity web) throws Exception { // AuthenticationTokenFilter will ignore the below paths web.ignoring() .antMatchers("/auth/**") .antMatchers("/.well-known/**") // allow anonymous resource requests .and() .ignoring() .antMatchers( HttpMethod.GET, "/", "/*.html", "/**/favicon.ico", "/**/*.html", "/**/*.css", "/**/*.js" ); } }