+ * Security 配置 + *
+ * + * @package: com.xkcoding.rbac.security.config + * @description: Security 配置 + * @author: yangkai.shen + * @date: Created in 2018-12-07 16:46 + * @copyright: Copyright (c) 2018 + * @version: V1.0 + * @modified: yangkai.shen + */ +@Configuration +@EnableWebSecurity +public class SecurityConfig extends WebSecurityConfigurerAdapter { + @Autowired + private LogoutSuccessHandler logoutSuccessHandler; + + @Override + protected void configure(HttpSecurity http) throws Exception { + http.cors() + + // 关闭 CSRF + .and() + .csrf() + .disable() + + // 认证请求 + .authorizeRequests() + // 放行 /api/auth/** 的所有请求,参见 AuthController + .antMatchers("/api/auth/**") + .permitAll() + .anyRequest() + .authenticated() + + // 登出处理 + .and() + .logout() + // 登出请求默认为POST请求,改为GET请求 + .logoutRequestMatcher(new AntPathRequestMatcher("/logout", "GET")) + // 登出成功处理器 + .logoutSuccessHandler(logoutSuccessHandler) + .permitAll() + + .and() + // Session 管理 + .sessionManagement() + // 因为使用了JWT,所以这里不管理Session + .sessionCreationPolicy(SessionCreationPolicy.STATELESS); + } +} diff --git a/spring-boot-demo-rbac-security/src/main/java/com/xkcoding/rbac/security/config/SecurityHandlerConfig.java b/spring-boot-demo-rbac-security/src/main/java/com/xkcoding/rbac/security/config/SecurityHandlerConfig.java new file mode 100644 index 0000000..83b95a7 --- /dev/null +++ b/spring-boot-demo-rbac-security/src/main/java/com/xkcoding/rbac/security/config/SecurityHandlerConfig.java @@ -0,0 +1,34 @@ +package com.xkcoding.rbac.security.config; + +import com.xkcoding.rbac.security.common.Status; +import com.xkcoding.rbac.security.util.ResponseUtil; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.web.authentication.logout.LogoutSuccessHandler; + +/** + *+ * Security 结果处理配置 + *
+ * + * @package: com.xkcoding.rbac.security.config + * @description: Security 结果处理配置 + * @author: yangkai.shen + * @date: Created in 2018-12-07 17:31 + * @copyright: Copyright (c) 2018 + * @version: V1.0 + * @modified: yangkai.shen + */ +@Configuration +public class SecurityHandlerConfig { + + /** + * 退出成功处理器 + * + * @return 退出成功处理器 + */ + @Bean + public LogoutSuccessHandler logoutSuccessHandler() { + return (request, response, authentication) -> ResponseUtil.renderJson(response, Status.LOGOUT, null); + } +} diff --git a/spring-boot-demo-rbac-security/src/main/java/com/xkcoding/rbac/security/controller/AuthController.java b/spring-boot-demo-rbac-security/src/main/java/com/xkcoding/rbac/security/controller/AuthController.java new file mode 100644 index 0000000..9711043 --- /dev/null +++ b/spring-boot-demo-rbac-security/src/main/java/com/xkcoding/rbac/security/controller/AuthController.java @@ -0,0 +1,34 @@ +package com.xkcoding.rbac.security.controller; + +import com.xkcoding.rbac.security.common.ApiResponse; +import lombok.extern.slf4j.Slf4j; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +/** + *+ * 认证 Controller,包括用户注册,用户登录请求 + *
+ * + * @package: com.xkcoding.rbac.security.controller + * @description: 认证 Controller,包括用户注册,用户登录请求 + * @author: yangkai.shen + * @date: Created in 2018-12-07 17:23 + * @copyright: Copyright (c) 2018 + * @version: V1.0 + * @modified: yangkai.shen + */ +@Slf4j +@RestController +@RequestMapping("/api/auth") +public class AuthController { + + /** + * 登录 + */ + @PostMapping("/login") + public ApiResponse login() { + return ApiResponse.ofSuccess(); + } +}