| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152 |
- package org.jeecg.monitor.config;
- import de.codecentric.boot.admin.server.config.AdminServerProperties;
- import org.springframework.context.annotation.Configuration;
- import org.springframework.security.config.annotation.web.builders.HttpSecurity;
- import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
- import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
- import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
- /**
- * @author scott
- */
- @Configuration
- public class SecuritySecureConfig extends WebSecurityConfigurerAdapter {
- private final String adminContextPath;
- public SecuritySecureConfig(AdminServerProperties adminServerProperties) {
- this.adminContextPath = adminServerProperties.getContextPath();
- }
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- // 登录成功处理类
- SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
- successHandler.setTargetUrlParameter("redirectTo");
- successHandler.setDefaultTargetUrl(adminContextPath + "/");
- http.authorizeRequests()
- //静态文件允许访问
- .antMatchers(adminContextPath + "/assets/**").permitAll()
- //登录页面允许访问
- .antMatchers(adminContextPath + "/login", "/css/**", "/js/**", "/image/*").permitAll()
- //其他所有请求需要登录
- .anyRequest().authenticated()
- .and()
- //登录页面配置,用于替换security默认页面
- .formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler).and()
- //登出页面配置,用于替换security默认页面
- .logout().logoutUrl(adminContextPath + "/logout").and()
- .httpBasic().and()
- .csrf()
- .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
- .ignoringAntMatchers(
- "/instances",
- "/actuator/**"
- );
- }
- }
|
