增加security config

35feaef5 · linxu · fcea4901 · 35feaef5 · 35feaef5 · 35feaef5
Commit 35feaef5 authored Mar 19, 2020 by linxu
Showing with 65 additions and 0 deletions

auth-common-1.0.2-SNAPSHOT.jar lib/auth-common-1.0.2-SNAPSHOT.jar +0 -0

pom.xml pom.xml +8 -0

SecurityConfig.java ...n/java/com/keymobile/rest/common/conf/SecurityConfig.java +57 -0

No files found.
--- a/lib/auth-common-1.0.2-SNAPSHOT.jar
+++ b/lib/auth-common-1.0.2-SNAPSHOT.jar
--- a/pom.xml
+++ b/pom.xml
@@ -126,6 +126,14 @@
            <artifactId>activiti-modeler</artifactId>
            <version>${activiti.version}</version>
        </dependency>
+        <dependency>
+            <groupId>auth</groupId>
+            <artifactId>auth-common</artifactId>
+            <scope>system</scope>
+            <systemPath>${project.basedir}/lib/auth-common-1.0.2-SNAPSHOT.jar</systemPath>
+            <version>1.0.2</version>
+        </dependency>
+
        <!-- activiti end -->



--- a/src/main/java/com/keymobile/rest/common/conf/SecurityConfig.java
+++ b/src/main/java/com/keymobile/rest/common/conf/SecurityConfig.java
+package com.keymobile.rest.common.conf;
+
+import com.keymobile.auth.common.security.CustomizedUserDetailService;
+import org.apache.commons.codec.digest.DigestUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+import javax.sql.DataSource;
+
+@Configuration
+@ComponentScan("com.keymobile.auth.common.security")
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Autowired
+    private CustomizedUserDetailService customUserDetailService;
+
+    @Value("${security.permit}")
+    private boolean permit = true;
+
+    @Autowired
+    private DataSource dataSource;
+
+
+    @Autowired
+    public void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.userDetailsService(customUserDetailService).passwordEncoder(new SHA1PasswordEncoder());
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        if (permit)
+            http.httpBasic().and().authorizeRequests().anyRequest().permitAll();
+        else {
+            http.httpBasic().and().authorizeRequests().anyRequest().authenticated();
+        }
+
+        http.csrf().disable();
+    }
+
+    class SHA1PasswordEncoder implements PasswordEncoder {
+        @Override
+        public String encode(CharSequence charSequence) {
+            return DigestUtils.sha1Hex(charSequence.toString());
+        }
+
+        @Override
+        public boolean matches(CharSequence charSequence, String s) {
+            return DigestUtils.sha1Hex(charSequence.toString()).equals(s);
+        }
+    }
+}