|
@@ -1,5 +1,7 @@
|
|
|
package com.ym.mec.auth.config;
|
|
|
|
|
|
+import com.ym.mec.common.security.BaseAccessDeniedHandler;
|
|
|
+import com.ym.mec.common.security.BaseAuthenticationEntryPoint;
|
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
|
import org.springframework.context.annotation.Configuration;
|
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
@@ -7,9 +9,6 @@ import org.springframework.security.oauth2.config.annotation.web.configuration.E
|
|
|
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
|
|
|
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
|
|
|
|
|
|
-import com.ym.mec.common.security.BaseAccessDeniedHandler;
|
|
|
-import com.ym.mec.common.security.BaseAuthenticationEntryPoint;
|
|
|
-
|
|
|
/**
|
|
|
* 资源服务器配置
|
|
|
*/
|
|
@@ -17,23 +16,25 @@ import com.ym.mec.common.security.BaseAuthenticationEntryPoint;
|
|
|
@EnableResourceServer
|
|
|
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
|
|
|
|
|
|
- @Autowired
|
|
|
- private BaseAccessDeniedHandler baseAccessDeniedHandler;
|
|
|
-
|
|
|
- @Autowired
|
|
|
- private BaseAuthenticationEntryPoint baseAuthenticationEntryPoint;
|
|
|
-
|
|
|
- @Override
|
|
|
- public void configure(HttpSecurity http) throws Exception {
|
|
|
- http.csrf().disable().exceptionHandling().accessDeniedHandler(baseAccessDeniedHandler).authenticationEntryPoint(baseAuthenticationEntryPoint).and()
|
|
|
- .authorizeRequests().antMatchers("/task/**", "/user/updatePassword", "/user/noAuth/queryUserByPhone",
|
|
|
- "/user/queryUserByPhone", "/user/add", "/user/queryUserById/*","/queryUserInfo").hasIpAddress("0.0.0.0/0")
|
|
|
- .anyRequest().authenticated().and().httpBasic();
|
|
|
- }
|
|
|
-
|
|
|
- @Override
|
|
|
- public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
|
|
|
- resources.authenticationEntryPoint(baseAuthenticationEntryPoint).accessDeniedHandler(baseAccessDeniedHandler);
|
|
|
- }
|
|
|
+ @Autowired
|
|
|
+ private BaseAccessDeniedHandler baseAccessDeniedHandler;
|
|
|
+
|
|
|
+ @Autowired
|
|
|
+ private BaseAuthenticationEntryPoint baseAuthenticationEntryPoint;
|
|
|
+
|
|
|
+ @Override
|
|
|
+ public void configure(HttpSecurity http) throws Exception {
|
|
|
+ http.csrf().disable().exceptionHandling().accessDeniedHandler(baseAccessDeniedHandler).authenticationEntryPoint(baseAuthenticationEntryPoint).and()
|
|
|
+ .authorizeRequests().antMatchers(
|
|
|
+ "/task/**", "/user/updatePassword", "/user/noAuth/queryUserByPhone",
|
|
|
+ "/user/queryUserByPhone", "/user/queryClient", "/user/add", "/user/queryUserById/*",
|
|
|
+ "/queryUserInfo").hasIpAddress("0.0.0.0/0")
|
|
|
+ .anyRequest().authenticated().and().httpBasic();
|
|
|
+ }
|
|
|
+
|
|
|
+ @Override
|
|
|
+ public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
|
|
|
+ resources.authenticationEntryPoint(baseAuthenticationEntryPoint).accessDeniedHandler(baseAccessDeniedHandler);
|
|
|
+ }
|
|
|
|
|
|
}
|