参考: https://geocolumbus.github.io/HTTPS-ELB-AWS-Spring-Boot/
1. 在服务器端配置 证书 域名 映射
2. 导入依赖:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
3.配置
@Configuration public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private LdapConfig ldapConfig; @Autowired private CorsConfig corsConfig; @Bean @Override public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } @Value("${security.https.path}") private String httpsPath; // 项目路径 ,正式环境 配置 "/" 即可 @Override protected void configure(HttpSecurity http) throws Exception { http .requiresChannel().antMatchers(httpsPath).requiresSecure() .and() .authorizeRequests() //.antMatchers("/ui/**").fullyAuthenticated() //.antMatchers("/file/**").fullyAuthenticated() .antMatchers("/**").permitAll() .and().cors() .and().csrf().disable(); } }
(备份)
@Configuration public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private LdapConfig ldapConfig; @Autowired private CorsConfig corsConfig; @Bean @Override public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } @Value("${security.https.path}") private String httpsPath; @Bean public UserDetailsContextMapper userDetailsContextMapper() { return new LdapUserDetailsMapper() { @Override public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authorities) { UserDetails details = super.mapUserFromContext(ctx, username, authorities); return new UserDetail((LdapUserDetails) details); } }; } @Override protected void configure(HttpSecurity http) throws Exception { http .requiresChannel().antMatchers(httpsPath).requiresSecure() .and() .authorizeRequests() .antMatchers("/ui/**").fullyAuthenticated() .antMatchers("/file/**").fullyAuthenticated() .antMatchers("/**").permitAll() .and().cors() .and().csrf().disable(); } @Override public void configure(AuthenticationManagerBuilder auth) throws Exception { auth .ldapAuthentication() .userDetailsContextMapper(userDetailsContextMapper()) .userDnPatterns("uid={0},ou=people") .groupSearchBase("ou=groups") .contextSource() .url(ldapConfig.getUrl()+ldapConfig.getBase_dc()) .managerDn(ldapConfig.getUsername()) .managerPassword(ldapConfig.getPassword()); } @Bean CorsConfigurationSource corsConfigurationSource() { CorsConfiguration configuration = new CorsConfiguration(); configuration.setAllowedOrigins(corsConfig.getAllowedOrigins()); configuration.setAllowedMethods(corsConfig.getAllowedMethods()); configuration.setAllowedHeaders(corsConfig.getAllowedHeaders()); configuration.setAllowCredentials(corsConfig.getAllowedCredentials()); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", configuration); return source; } }
4.在application. yml 或者 application.properties 中配置:
server: port: 7000 servlet: session: timeout: 1800 tomcat: max-threads: 10 remote-ip-header: x-forwarded-for protocol-header: x-forwarded-proto