@@ -14,11 +14,6 @@ | |||||
</properties> | </properties> | ||||
<dependencies> | <dependencies> | ||||
<!--Spring boot 安全框架--> | |||||
<dependency> | |||||
<groupId>org.springframework.boot</groupId> | |||||
<artifactId>spring-boot-starter-security</artifactId> | |||||
</dependency> | |||||
<dependency> | <dependency> | ||||
<groupId>com.google.guava</groupId> | <groupId>com.google.guava</groupId> | ||||
<artifactId>guava</artifactId> | <artifactId>guava</artifactId> | ||||
@@ -163,7 +158,7 @@ | |||||
<dependency> | <dependency> | ||||
<groupId>org.springframework.boot</groupId> | <groupId>org.springframework.boot</groupId> | ||||
<artifactId>spring-boot-starter-test</artifactId> | <artifactId>spring-boot-starter-test</artifactId> | ||||
<scope>test</scope> | |||||
<!-- <scope>test</scope>--> | |||||
</dependency> | </dependency> | ||||
<dependency> | <dependency> | ||||
<groupId>org.mapstruct</groupId> | <groupId>org.mapstruct</groupId> | ||||
@@ -192,6 +187,10 @@ | |||||
<groupId>org.slf4j</groupId> | <groupId>org.slf4j</groupId> | ||||
<artifactId>slf4j-log4j12</artifactId> | <artifactId>slf4j-log4j12</artifactId> | ||||
</exclusion> | </exclusion> | ||||
<!-- <exclusion>--> | |||||
<!-- <groupId>org.springframework.boot</groupId>--> | |||||
<!-- <artifactId>spring-boot-starter-security</artifactId>--> | |||||
<!-- </exclusion>--> | |||||
</exclusions> | </exclusions> | ||||
</dependency> | </dependency> | ||||
<dependency> | <dependency> | ||||
@@ -207,6 +206,7 @@ | |||||
<dependency> | <dependency> | ||||
<groupId>com.ningdatech</groupId> | <groupId>com.ningdatech</groupId> | ||||
<artifactId>nd-flowable-starter</artifactId> | <artifactId>nd-flowable-starter</artifactId> | ||||
<scope>true</scope> | |||||
</dependency> | </dependency> | ||||
<dependency> | <dependency> | ||||
@@ -4,6 +4,7 @@ import org.mybatis.spring.annotation.MapperScan; | |||||
import org.springframework.boot.SpringApplication; | import org.springframework.boot.SpringApplication; | ||||
import org.springframework.boot.autoconfigure.SpringBootApplication; | import org.springframework.boot.autoconfigure.SpringBootApplication; | ||||
import org.springframework.context.annotation.EnableAspectJAutoProxy; | import org.springframework.context.annotation.EnableAspectJAutoProxy; | ||||
import org.springframework.scheduling.annotation.EnableAsync; | |||||
import org.springframework.scheduling.annotation.EnableScheduling; | import org.springframework.scheduling.annotation.EnableScheduling; | ||||
import org.springframework.transaction.annotation.EnableTransactionManagement; | import org.springframework.transaction.annotation.EnableTransactionManagement; | ||||
@@ -11,6 +12,7 @@ import org.springframework.transaction.annotation.EnableTransactionManagement; | |||||
* @author liuxinxin | * @author liuxinxin | ||||
*/ | */ | ||||
@SpringBootApplication | @SpringBootApplication | ||||
@EnableAsync | |||||
@MapperScan(App.MAPPER_PACKAGES) | @MapperScan(App.MAPPER_PACKAGES) | ||||
@EnableScheduling | @EnableScheduling | ||||
@EnableTransactionManagement | @EnableTransactionManagement | ||||
@@ -0,0 +1,18 @@ | |||||
package com.ningdatech.pmapi.common.constant; | |||||
/** | |||||
* @description: 常量 | |||||
* @author: LiuXinXin | |||||
* @date: 2022/5/5 17:31 | |||||
*/ | |||||
public class CommonConstant { | |||||
public static final String COOKIE_KEY = "ND_JSESSION"; | |||||
public static final Integer EXPORT_PAGE_NUMBER= 1; | |||||
public static final Integer EXPORT_PAGE_SIZE= 100000; | |||||
public static final String CALL_STATUS = "status"; | |||||
public static final String CALL_STATUS_OK_VALUE = "ok"; | |||||
} |
@@ -38,7 +38,8 @@ public class GlobalResponseHandler implements ResponseBodyAdvice<Object> { | |||||
if (o instanceof String) { | if (o instanceof String) { | ||||
return JSONUtil.toJsonStr(apiResponse); | return JSONUtil.toJsonStr(apiResponse); | ||||
} | } | ||||
return ApiResponse.ofSuccess(o); | |||||
// return ApiResponse.ofSuccess(o); | |||||
return o; | |||||
} | } | ||||
private Boolean filter(MethodParameter methodParameter) { | private Boolean filter(MethodParameter methodParameter) { | ||||
@@ -1,4 +1,4 @@ | |||||
package com.ningdatech.pmapi.user.security.auth.config; | |||||
package com.ningdatech.pmapi.user.security.auth; | |||||
import cn.hutool.core.collection.CollectionUtil; | import cn.hutool.core.collection.CollectionUtil; | ||||
import com.ningdatech.basic.factory.PropertySourceFactory; | import com.ningdatech.basic.factory.PropertySourceFactory; |
@@ -1,4 +1,4 @@ | |||||
package com.ningdatech.pmapi.user.security.auth.config; | |||||
package com.ningdatech.pmapi.user.security.auth; | |||||
import org.springframework.context.annotation.Bean; | import org.springframework.context.annotation.Bean; | ||||
import org.springframework.context.annotation.Configuration; | import org.springframework.context.annotation.Configuration; |
@@ -3,7 +3,7 @@ package com.ningdatech.pmapi.user.security.auth; | |||||
import com.ningdatech.basic.util.NdJsonUtil; | import com.ningdatech.basic.util.NdJsonUtil; | ||||
import com.ningdatech.basic.util.StrPool; | import com.ningdatech.basic.util.StrPool; | ||||
import com.ningdatech.pmapi.common.constant.BizConst; | import com.ningdatech.pmapi.common.constant.BizConst; | ||||
import com.ningdatech.pmapi.user.security.auth.config.AuthProperties; | |||||
import com.ningdatech.pmapi.common.constant.CommonConstant; | |||||
import com.ningdatech.pmapi.user.security.auth.handler.DefaultExpiredSessionStrategy; | import com.ningdatech.pmapi.user.security.auth.handler.DefaultExpiredSessionStrategy; | ||||
import com.ningdatech.pmapi.user.security.auth.password.UsernamePasswordAuthSecurityConfig; | import com.ningdatech.pmapi.user.security.auth.password.UsernamePasswordAuthSecurityConfig; | ||||
import org.springframework.beans.factory.annotation.Qualifier; | import org.springframework.beans.factory.annotation.Qualifier; | ||||
@@ -46,30 +46,30 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { | |||||
protected void configure(HttpSecurity http) throws Exception { | protected void configure(HttpSecurity http) throws Exception { | ||||
assemblerPreAuthUrls(http); | assemblerPreAuthUrls(http); | ||||
http.formLogin() | http.formLogin() | ||||
.and() | |||||
.exceptionHandling() | |||||
.authenticationEntryPoint(authenticationEntryPoint()) | |||||
.loginPage(authProperties.getAuthRequireUrl()) | |||||
.and().apply(usernamePasswordAuthSecurityConfig) | .and().apply(usernamePasswordAuthSecurityConfig) | ||||
.and() | .and() | ||||
.authorizeRequests() | |||||
.antMatchers(authProperties.getIgnoreAuthUrlsArray()).permitAll() | |||||
.anyRequest() | |||||
.authenticated() | |||||
.and() | |||||
.authorizeRequests().antMatchers(authProperties.getIgnoreAuthUrlsArray()).permitAll().anyRequest() | |||||
.authenticated().and() | |||||
// 防止固定会话攻击,Spring security的默认配置就是如此: | // 防止固定会话攻击,Spring security的默认配置就是如此: | ||||
// 登陆成功之后会创建一个新的会话,然后将旧的session信息复制到新的session中(客户端的sessionId变了) | // 登陆成功之后会创建一个新的会话,然后将旧的session信息复制到新的session中(客户端的sessionId变了) | ||||
.sessionManagement().invalidSessionUrl(authProperties.getInvalidSessionUrl()).sessionFixation() | .sessionManagement().invalidSessionUrl(authProperties.getInvalidSessionUrl()).sessionFixation() | ||||
.migrateSession() | .migrateSession() | ||||
// .invalidSessionStrategy(defaultInvalidSessionStrategy) | // .invalidSessionStrategy(defaultInvalidSessionStrategy) | ||||
.maximumSessions(10).maxSessionsPreventsLogin(true).expiredSessionStrategy(defaultExpiredSessionStrategy) | |||||
.and().and().logout().logoutUrl(authProperties.getLogoutUrl()).logoutSuccessHandler(logoutSuccessHandler) | |||||
.deleteCookies(BizConst.COOKIE_KEY) | |||||
.maximumSessions(10) | |||||
.maxSessionsPreventsLogin(true) | |||||
.expiredSessionStrategy(defaultExpiredSessionStrategy) | |||||
.and().and() | |||||
.logout().logoutUrl(authProperties.getLogoutUrl()).logoutSuccessHandler(logoutSuccessHandler) | |||||
.deleteCookies(CommonConstant.COOKIE_KEY) | |||||
// .and() | |||||
// .cors().configurationSource(corsConfigurationSource()) | |||||
.and() | .and() | ||||
// .csrf().disable(); | |||||
// 开启csrf验证,需要前端同步传入token | // 开启csrf验证,需要前端同步传入token | ||||
.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()) | .csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()) | ||||
.ignoringAntMatchers(authProperties.getIgnoreCsrfUrlsArray()); | .ignoringAntMatchers(authProperties.getIgnoreCsrfUrlsArray()); | ||||
// http.anonymous().authenticationFilter(availableUserAuthenticationFilter); | |||||
} | } | ||||
private AuthenticationEntryPoint authenticationEntryPoint() { | private AuthenticationEntryPoint authenticationEntryPoint() { | ||||
@@ -94,4 +94,5 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { | |||||
} | } | ||||
} | } | ||||
} | } |
@@ -1,4 +1,4 @@ | |||||
//package com.ningdatech.pmapi.user.security.auth.config; | |||||
package com.ningdatech.pmapi.user.security.auth.config;//package com.ningdatech.pmapi.user.security.auth.config; | |||||
// | // | ||||
//import com.ningdatech.basic.util.StrPool; | //import com.ningdatech.basic.util.StrPool; | ||||
//import org.springframework.beans.factory.annotation.Value; | //import org.springframework.beans.factory.annotation.Value; | ||||
@@ -1,6 +1,6 @@ | |||||
package com.ningdatech.pmapi.user.security.auth.password; | package com.ningdatech.pmapi.user.security.auth.password; | ||||
import com.ningdatech.pmapi.user.security.auth.config.AuthProperties; | |||||
import com.ningdatech.pmapi.user.security.auth.AuthProperties; | |||||
import org.springframework.beans.factory.annotation.Autowired; | import org.springframework.beans.factory.annotation.Autowired; | ||||
import org.springframework.beans.factory.annotation.Qualifier; | import org.springframework.beans.factory.annotation.Qualifier; | ||||
import org.springframework.security.authentication.AuthenticationManager; | import org.springframework.security.authentication.AuthenticationManager; | ||||
@@ -19,6 +19,8 @@ security: | |||||
- /ok.html | - /ok.html | ||||
- /open/api/** | - /open/api/** | ||||
- /oa/** | - /oa/** | ||||
- /wflow/** | |||||
- /sys/** | |||||
ignore-csrf-urls: | ignore-csrf-urls: | ||||
- /api/v1/user/auth/** | - /api/v1/user/auth/** | ||||
- /v2/api-docs | - /v2/api-docs | ||||
@@ -33,6 +35,8 @@ security: | |||||
- /optLog/** | - /optLog/** | ||||
- /dict/** | - /dict/** | ||||
- /oa/** | - /oa/** | ||||
- /wflow/** | |||||
- /sys/** | |||||
role-map: | role-map: | ||||
"engineer": | "engineer": | ||||
"project_manager": | "project_manager": | ||||
@@ -106,11 +106,6 @@ | |||||
<artifactId>flowable-spring-boot-starter-actuator</artifactId> | <artifactId>flowable-spring-boot-starter-actuator</artifactId> | ||||
<version>6.7.2</version> | <version>6.7.2</version> | ||||
</dependency> | </dependency> | ||||
<dependency> | |||||
<groupId>cn.dev33</groupId> | |||||
<artifactId>sa-token-spring-boot-starter</artifactId> | |||||
<version>1.30.0</version> | |||||
</dependency> | |||||
<!--KingBase--> | <!--KingBase--> | ||||
<dependency> | <dependency> | ||||
<groupId>com.kingbase8</groupId> | <groupId>com.kingbase8</groupId> | ||||