⒈在SpringSecurity项目中创建AuthorizeConfigProvider接口用于配置认证信息
1 package cn.coreqi.ssoserver.authorize; 2 3 import org.springframework.security.config.annotation.web.builders.HttpSecurity; 4 import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer; 5 6 public interface AuthorizeConfigProvider { 7 void config(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config); 8 }
⒉我们实现此接口
1 package cn.coreqi.ssoserver.authorize.impl; 2 3 import cn.coreqi.ssoserver.authorize.AuthorizeConfigProvider; 4 import org.springframework.http.HttpMethod; 5 import org.springframework.security.config.annotation.web.builders.HttpSecurity; 6 import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer; 7 import org.springframework.stereotype.Component; 8 9 @Component 10 public class CoreqiAuthorizeConfigProvider implements AuthorizeConfigProvider { 11 @Override 12 public void config(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config) { 13 config.antMatchers("/oauth/*","/login/*").permitAll() 14 .antMatchers(HttpMethod.GET,"/auth/*").hasRole("admin") 15 .anyRequest().authenticated(); //任何请求都需要身份认证 16 } 17 }
⒊在SpringSecurity项目中创建AuthorizeConfigManager接口用于调用系统中所有的配置信息
1 package cn.coreqi.ssoserver.authorize; 2 3 import org.springframework.security.config.annotation.web.builders.HttpSecurity; 4 import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer; 5 6 public interface AuthorizeConfigManager { 7 void config(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config); 8 }
⒋我们实现此接口
1 package cn.coreqi.ssoserver.authorize.impl; 2 3 import cn.coreqi.ssoserver.authorize.AuthorizeConfigManager; 4 import cn.coreqi.ssoserver.authorize.AuthorizeConfigProvider; 5 import org.springframework.beans.factory.annotation.Autowired; 6 import org.springframework.security.config.annotation.web.builders.HttpSecurity; 7 import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer; 8 import org.springframework.stereotype.Component; 9 10 import java.util.Set; 11 12 @Component 13 public class CoreqiAuthorizeConfigManager implements AuthorizeConfigManager { 14 /** 15 * 将系统中所有的AuthorizeConfigProvider收集起来 16 */ 17 @Autowired 18 private Set<AuthorizeConfigProvider> authorizeConfigProviders; 19 @Override 20 public void config(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config) { 21 for (AuthorizeConfigProvider authorizeConfigProvider : authorizeConfigProviders ){ 22 authorizeConfigProvider.config(config); 23 } 24 config.anyRequest().authenticated(); 25 } 26 }
⒌在SpringSecurity配置中进行如下配置
1 @EnableWebSecurity 2 public class SsoWebSecurityConfig extends WebSecurityConfigurerAdapter { 3 4 @Autowired 5 private AuthorizeConfigManager authorizeConfigManager; 6 @Override 7 protected void configure(HttpSecurity http) throws Exception { 8 http.formLogin() 9 .and() 10 .csrf().disable(); //禁用CSRF 11 12 authorizeConfigManager.config(http.authorizeRequests()); 13 } 14 }