java source code of OauthWebServerSecurityConfig

codeway_service-master
- codeway-web-platform
  - src
    - main
      - resources
        application.yml
        logback-spring.xml
        banner.txt
      - java
        gateway
        PlatFormApplication.java
        config
        GateWayConfig.java
        filter
        TokenFilter.java
  - pom.xml
  - README.md
- codeway-server-eureka
  - src
    - main
      - resources
        application.yml
        logback-spring.xml
        banner.txt
      - java
        com
        codeway
        eureka
        EurekaApplication.java
  - pom.xml
  - Dockerfile
- codeway-server-config
  - src
    - main
      - resources
        application.yml
        bootstrap.yml
        logback-spring.xml
        banner.txt
      - java
        com
        codeway
        ConfigApplication.java
        config
        JsonRedisSerializable.java
        WebSecurityConfig.java
  - pom.xml
  - README.md
  - Dockerfile
- codeway-service-article
  - src
    - main
      - resources
        application.yml
        publickey.txt
        bootstrap.yml
        logback-spring.xml
        banner.txt
      - java
        com
        codeway
        article
        dao
        blog
        ApiTagsDao.java
        ApiArticleDao.java
        backstage
        TagsDao.java
        ArticleDao.java
        CommentDao.java
        CategoryDao.java
        ArticleApplication.java
        config
        Swagger2Config.java
        ResourceServerConfig.java
        service
        blog
        ApiTagsService.java
        ApiArticleService.java
        backstage
        ArticleService.java
        CategoryService.java
        TagsService.java
        CommentService.java
        handler
        CustomAccessDeniedHandler.java
        CustomAuthenticationEntryPoint.java
        controller
        blog
        ApiTagsController.java
        ApiCategoryController.java
        ApiArticleController.java
        BaseController.java
        backstage
        ArticleController.java
        TagsController.java
        CommentController.java
        CategoryController.java
    - test
      - java
        com
        codeway
        article
        service
        backstage
        TagsControllerTests.java
        ArticleServiceTest.java
        CategoryServiceTest.java
  - pom.xml
  - log
    - codeif-service-article
  - README.md
  - Dockerfile
- codeway-common
  - src
    - main
      - java
        com
        codeway
        DataDictionary.java
        amqp
        RabbitUtil.java
        utils
        security
        JWTAuthentication.java
        DesensitizedUtil.java
        third
        Smsbao.java
        SmsUtil.java
        README.md
        IdGenerate.java
        LogBack.java
        QuerydslUtil.java
        CodeCommonUtils.java
        JavaUtil.java
        JsonData.java
        BeanUtil.java
        DateUtil.java
        JsonUtil.java
        HttpServletUtil.java
        CaptchaCode.java
        CookieUtil.java
        HttpHelper.java
        OssClientUtil.java
        ParamUtil.java
        properties
        QQProperties.java
        SocialProperties.java
        CaptchaProperties.java
        SmsCodeProperties.java
        ValidateCodeProperties.java
        OAuth2Properties.java
        OAuth2ClientProperties.java
        SecurityProperties.java
        enums
        ValidateCodeType.java
        UserEnum.java
        StatusEnum.java
        AuthorityEnum.java
        constant
        UserConst.java
        ArticleConst.java
        RedisConstant.java
        FeignConst.java
        CommonConst.java
        pojo
        BasePojo.java
        ValidateCode.java
        ErrotResult.java
        user
        Resource.java
        AuthToken.java
        Role.java
        User.java
        base
        LoginLog.java
        Dict.java
        Music.java
        OptLog.java
        Result.java
        QueryVO.java
        JsonException.java
        article
        Tags.java
        Article.java
        Category.java
        Comment.java
        tweets
        Tweets.java
        TweetsComment.java
        config
        CustomPage.java
        JpaConfig.java
        IdGeneratorConfig.java
        CustomPageRequest.java
        JacksonConfig.java
        TransactionConfig.java
        AMQPConverterConfig.java
        CustomQueryResults.java
        exception
        SystemExceptionHandler.java
        custom
        UserException.java
        ParamException.java
        ResourceNotFoundException.java
        ValidFieldError.java
        RemoteRpcException.java
        BusinessExceptionHandle.java
        annotation
        OptLog.java
        model
        dto
        ArticleDto.java
  - pom.xml
  - README.md
- codeway-service-search
  - src
    - main
      - resources
        application.yml
        bootstrap.yml
        logback-spring.xml
        banner.txt
      - java
        com
        codeway
        search
        dao
        ArticleSearchDao.java
        pojo
        Article.java
        service
        ArticleSearchService.java
        ElasticSearchApplication.java
        controller
        ArticleSearchController.java
  - pom.xml
  - README.md
- LICENSE
- codeway-service-tweets
  - src
    - main
      - resources
        application.yml
        bootstrap.yml
        logback-spring.xml
        banner.txt
      - java
        com
        codeway
        tweets
        dao
        TweetsDao.java
        TweetsCommentDao.java
        TweetsApplication.java
        config
        JsonRedisSerializable.java
        service
        TweetsCommentService.java
        TweetsService.java
        interceptor
        UserLoginHandlerInterceptor.java
        WebMvcConfig.java
        filter.java
        controller
        blog
        TweetsCommentController.java
        TweetsController.java
        backstage
        StTweetsController.java
        StTweetsCommentController.java
  - pom.xml
  - README.md
- codeway-web-gateway
  - src
    - main
      - resources
        application.yml
        publickey.txt
        bootstrap.yml
        logback-spring.xml
        banner.txt
      - java
        com
        codeway
        gateway
        config
        CorsConfig.java
        FeignOkHttpConfig.java
        CustomHttpMessageConverters.java
        GateWayConfig.java
        ErrorHandlerConfiguration.java
        GateWayApplication.java
        service
        AuthService.java
        handle
        CustomAccessDeniedHandler.java
        CustomAuthenticationEntryPoint.java
        PasswordAuthenticationProvider.java
        CustomLogoutSuccessHandler.java
        CustomAuthenticationFailureHandler.java
        CustomAuthenticationManager.java
        CustomAuthenticationSuccessHandler.java
        WebSecurityConfig.java
        filter
        AuthFilter.java
        TokenFilter.java
        execption
        GlobalExceptionHandler.java
  - pom.xml
  - README.md
  - Dockerfile
- codeway-authentication-server
  - src
    - main
      - resources
        application.yml
        JWT.keystore
        bootstrap.yml
        logback-spring.xml
        banner.txt
      - java
        com
        codeway
        auth
        provider
        SmsCodeAuthenticationProvider.java
        CaptchaAuthenticationProvider.java
        Oauth2AuthenticationApplication.java
        validate
        impl
        ValidateCode.java
        captcha
        Captcha.java
        CaptchaValidateCodeProcessor.java
        CaptchaValidateCodeGenerator.java
        ValidateCodeGenerator.java
        sms
        DefaultSmsCodeSender.java
        SmsValidateCodeProcessor.java
        SmsValidateCodeGenerator.java
        SmsCodeSender.java
        AliSmsCodeSender.java
        ValidateCodeProcessorHolder.java
        ValidateCodeProcessor.java
        ValidateCodeRepository.java
        RedisValidateCodeRepository.java
        AbstractValidateCodeProcessor.java
        ValidateCodeFilter.java
        config
        ValidateCodeSecurityConfig.java
        RewriteAccessDenyFilter.java
        Swagger2Config.java
        CustomUserAuthenticationConverter.java
        social
        GitHubConfiguration.java
        GitHubProperties.java
        CustomSocialAutoConfigurerAdapter.java
        CaptchaAuthenticationConfig.java
        SmsCodeAuthenticationSecurityConfig.java
        HttpServletRequestAuthWrapper.java
        BodyReaderHttpServletRequestWrapper.java
        ValidateCodeBeanConfig.java
        OauthAuthorizationServerConfig.java
        OauthWebServerSecurityConfig.java
        service
        CustomUserDetailsService.java
        AuthorizationService.java
        AuthenticationService.java
        UserJwt.java
        exception
        AuthExceptionHandler.java
        ValidateCodeException.java
        token
        CaptchaAuthenticationToken.java
        SmsCodeAuthenticationToken.java
        handler
        CustomTokenEnhancer.java
        CustomWebResponseExceptionTranslator.java
        CustomAuthenticationFailureHandler.java
        CustomAuthenticationSuccessHandler.java
        filter
        SmsCodeAuthenticationFilter.java
        CaptchaAuthenticationFilter.java
        controller
        AuthenticationController.java
        AuthorizationController.java
  - pom.xml
  - readme.md
  - Dockerfile
- codeway-common-db
  - src
    - main
      - java
        com
        codeway
        db
        redis
        config
        RedisConfig.java
        service
        RedisService.java
        RedisServiceImpl.java
        config
        DruidConfig.java
  - pom.xml
- README.md
- codeway-service-user
  - src
    - main
      - resources
        application.yml
        publickey.txt
        bootstrap.yml
        logback-spring.xml
        banner.txt
      - java
        com
        codeway
        user
        amqp
        UserServiceMq.java
        dao
        UserDao.java
        ResourceDao.java
        RoleDao.java
        UserApplication.java
        config
        Swagger2Config.java
        ResourceServerConfig.java
        JsonRedisSerializable.java
        service
        UserService.java
        ResourceService.java
        RoleService.java
        handler
        CustomAccessDeniedHandler.java
        CustomAuthenticationEntryPoint.java
        filter
        JwtFilter.java
        listener
        SmsListener.java
        controller
        blog
        AdminController.java
        UserController.java
        ResourceController.java
        SocialController.java
        ProfileController.java
        RoleController.java
    - test
      - java
        com
        codeway
        user
        JacksonTest.java
        SmsTest.java
        DateUtilTest.java
        RedisServiceTest.java
        service
        RoleServiceTest.java
        UserServiceTest.java
        ResourceServiceTest.java
        controller
        UserControllerTest.java
  - pom.xml
  - README.md
  - Dockerfile
- codeway-common-parent
  - oauth.sql
  - pom.xml
  - zoocode.sql
  - image
- .gitignore
- Jenkinsfile
- codeway-service-base
  - src
    - main
      - resources
        application.yml
        publickey.txt
        bootstrap.yml
        logback-spring.xml
        banner.txt
      - java
        com
        codeway
        base
        dao
        DictDao.java
        LoginLogDao.java
        MusicDao.java
        OptLogDao.java
        config
        Swagger2Config.java
        ResourceServerConfig.java
        service
        blog
        ApiMusicService.java
        ApiBaseService.java
        backstage
        OptLogService.java
        LoginLogService.java
        DictService.java
        MusicService.java
        BaseApplication.java
        handler
        CustomAccessDeniedHandler.java
        CustomAuthenticationEntryPoint.java
        controller
        blog
        ApiBaseController.java
        ApiMusicController.java
        backstage
        DictController.java
        LoginLogController.java
        OptLogController.java
    - test
      - java
        com
        codeway
        base
        TestJwt.java
        service
        backstage
        DictServiceTest.java
        OptLogServiceTest.java
        LoginLogServiceTest.java
  - pom.xml
  - Dockerfile
- codeway-server-monitor
  - src
    - main
      - resources
        application.yml
        bootstrap.yml
        banner.txt
      - java
        com
        codeway
        monitor
        MonitorApplication.java
  - pom.xml
- codeway-service-api
  - src
    - main
      - java
        com
        codeway
        FeignConfiguration.java
        api
        user
        UserServiceRpc.java
        ResourceServiceRpc.java
        base
        LoginLogServiceRpc.java
        OptLogServiceRpc.java
        auth
        AuthServiceRpc.java
        fallback
        user
        UserServiceRpcFallbackFactory.java
        ResourceServiceRpcFallbackFactory.java
        base
        OptLogServiceRpcFallbackFactory.java
        LoginLogServiceRpcFallbackFactory.java
        auth
        AuthServiceRpcFallbackFactory.java
        FeignClientConfig.java
        aspect
        OptLogAspect.java
  - pom.xml

package com.codeway.auth.config;

import com.alibaba.druid.pool.DruidDataSource;
import com.codeway.auth.filter.CaptchaAuthenticationFilter;
import com.codeway.auth.filter.SmsCodeAuthenticationFilter;
import com.codeway.auth.handler.CustomAuthenticationFailureHandler;
import com.codeway.auth.handler.CustomAuthenticationSuccessHandler;
import com.codeway.auth.provider.CaptchaAuthenticationProvider;
import com.codeway.auth.provider.SmsCodeAuthenticationProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;

/**
 * WebServerSecurity配置
 **/
@Configuration
@EnableWebSecurity
@Order(-1)
public class OauthWebServerSecurityConfig extends WebSecurityConfigurerAdapter {


	@Autowired
	private DruidDataSource dataSource;

	// 短信验证码
	//@Autowired
	//private SmsCodeAuthenticationSecurityConfig smsCodeAuthenticationSecurityConfig;

	@Autowired
	private SmsCodeAuthenticationProvider SmsCodeAuthenticationProvider;
	@Autowired
	private CaptchaAuthenticationProvider captchaAuthenticationProvider;

	// 全局过滤器校验码
	@Autowired
	private ValidateCodeSecurityConfig validateCodeSecurityConfig;

	@Autowired
	private CustomAuthenticationSuccessHandler customAuthenticationSuccessHandler;

	@Autowired
	private CustomAuthenticationFailureHandler customAuthenticationFailureHandler;

	@Override
	public void configure(WebSecurity web){
		web.ignoring().antMatchers("/oauth/**","/connect/**","/v2/api-docs", "/swagger-resources/configuration/ui",
				"/swagger-resources","/swagger-resources/configuration/security",
				"/swagger-ui.html","/css/**", "/js/**","/images/**", "/webjars/**", "**/favicon.ico", "/index");

	}

	@Bean
	@Override
	public AuthenticationManager authenticationManagerBean() throws Exception {
		AuthenticationManager manager = super.authenticationManagerBean();
		return manager;
	}

	@Override
	public void configure(HttpSecurity http) throws Exception {

		http.httpBasic().and()
				//.addFilterAt(captchaAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
				.formLogin()
				.successHandler(customAuthenticationSuccessHandler)
				.failureHandler(customAuthenticationFailureHandler)
				//.failureHandler(customAuthenticationFailureHandler)
				.and()
				.authorizeRequests()
				.antMatchers(HttpMethod.OPTIONS).permitAll()
				.antMatchers("/v2/api-docs",
						"/configuration/ui",
						"/swagger-resources",
						"/configuration/security",
						"/webjars/**",
						"/swagger-resources/configuration/ui",
						"/swagger-ui.html",
						"/swagger-resources/configuration/security").permitAll()
//			.anyRequest().authenticated()
				.and()
				.csrf().disable();

		http.addFilterAfter(smsCodeAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
			.addFilterAt(captchaAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
			;	//添加过滤器，处理系统自定义异常
//			.addFilterAfter(new RewriteAccessDenyFilter(), ExceptionTranslationFilter.class);
		http.apply(validateCodeSecurityConfig);

		// 自定义配置
		/*http.apply(validateCodeSecurityConfig) // 全局配置，过滤器链第一个过滤器
				.and()
				.apply(smsCodeAuthenticationSecurityConfig);*/
	}

	/**
	 * 短信验证码登录配置
	 **/
	@Bean
	public SmsCodeAuthenticationFilter smsCodeAuthenticationFilter() throws Exception {
		SmsCodeAuthenticationFilter smsCodeAuthenticationFilter = new SmsCodeAuthenticationFilter();
		smsCodeAuthenticationFilter.setAuthenticationManager(authenticationManagerBean());
		smsCodeAuthenticationFilter.setAuthenticationSuccessHandler(customAuthenticationSuccessHandler);
		smsCodeAuthenticationFilter.setAuthenticationFailureHandler(customAuthenticationFailureHandler);
		return smsCodeAuthenticationFilter;
	}

	/**
	 * 图片验证码自定义配置
	 **/
	@Bean
	public CaptchaAuthenticationFilter captchaAuthenticationFilter() throws Exception {
		CaptchaAuthenticationFilter captchaAuthenticationFilter = new CaptchaAuthenticationFilter();
		captchaAuthenticationFilter.setAuthenticationManager(authenticationManagerBean());
		captchaAuthenticationFilter.setAuthenticationSuccessHandler(customAuthenticationSuccessHandler);
		captchaAuthenticationFilter.setAuthenticationFailureHandler(customAuthenticationFailureHandler);
		return captchaAuthenticationFilter;
	}

	/**
	 * 构建AuthorizationServerConfig.configure(AuthorizationServerEndpointsConfigurer endpoints)
	 * 所需的authenticationManager
	 * 目前支持验证码和手机验证码登录
	 */
	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		auth.authenticationProvider(SmsCodeAuthenticationProvider)
			.authenticationProvider(captchaAuthenticationProvider);
	}

	/*@Bean
	public CaptchaAuthenticationFilter captchaAuthenticationFilter() throws Exception {
		CaptchaAuthenticationFilter myFilter = new CaptchaAuthenticationFilter();
		//使过滤器关联当前的authenticationManager
		myFilter.setAuthenticationManager(authenticationManager());
		myFilter.setAuthenticationFailureHandler(customAuthenticationFailureHandler);
		myFilter.setAuthenticationSuccessHandler(customAuthenticationSuccessHandler);
		return myFilter;
	}
	@Bean
	public SmsCodeAuthenticationFilter smsCodeAuthenticationFilter() throws Exception {
		SmsCodeAuthenticationFilter myFilter = new SmsCodeAuthenticationFilter();
		//使过滤器关联当前的authenticationManager
		myFilter.setAuthenticationManager(authenticationManager());
		myFilter.setAuthenticationFailureHandler(customAuthenticationFailureHandler);
		myFilter.setAuthenticationSuccessHandler(customAuthenticationSuccessHandler);
		return myFilter;
	}*/

	/*@Autowired
	CaptchaAuthenticationProvider captchaAuthenticationProvider;
	@Autowired
	SmsCodeAuthenticationProvider smsCodeAuthenticationProvider;

	@Bean
	protected AuthenticationManager authenticationManager() throws Exception {
		List list = new ArrayList();
		list.add(captchaAuthenticationProvider);
		list.add(smsCodeAuthenticationProvider);
		return new ProviderManager(list);
	}*/

	/**
	 * 记住我功能的token存取器配置
	 */
	@Bean
	public PersistentTokenRepository persistentTokenRepository() {
		JdbcTokenRepositoryImpl tokenRepository = new JdbcTokenRepositoryImpl();
		tokenRepository.setDataSource(dataSource);
		return tokenRepository;
	}


	}