package com.songpeng.common.config.security; import com.songpeng.system.service.impl.SysUserServiceImpl; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; /** * Controller * * @author songpeng * @date 2019/5/23 */ @Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } /** * 注册UserDetailsService 的bean * * @return */ @Bean UserDetailsService customUserService() { return new SysUserServiceImpl(); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { // 用户认证 // 使用加密验证 auth.userDetailsService(customUserService()).passwordEncoder(passwordEncoder()); } @Override public void configure(WebSecurity web) { web.ignoring().antMatchers("/css/**", "/fonts/**", "/img/**", "/js/**", "/lib/**", "/favicon.ico", "/blog", "/", "/sign_in"); } @Override protected void configure(HttpSecurity http) throws Exception { // TODO 1. csrf 暂时关闭 http.headers() .and().authorizeRequests() .antMatchers("/registry").permitAll() .anyRequest().authenticated() .and().formLogin().loginPage("/sign_in") .loginProcessingUrl("/login").defaultSuccessUrl("/personal_center", true) .failureUrl("/sign_in?error").permitAll() .and().sessionManagement().invalidSessionUrl("/sign_in") .and().rememberMe().tokenValiditySeconds(1209600) .and().logout().logoutSuccessUrl("/sign_in").permitAll() .and().csrf().disable(); } }