From ef61199f6f30ffdadae5c67a913917ba0b4bfad0 Mon Sep 17 00:00:00 2001 From: smallchill Date: Mon, 15 Apr 2019 12:10:02 +0800 Subject: [PATCH] =?UTF-8?q?:zap:=20security=20=E6=94=BE=E8=A1=8C=E9=85=8D?= =?UTF-8?q?=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../engine/config/SecurityConfiguration.java | 81 +++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 blade-service/blade-flow/src/main/java/org/springblade/flowable/engine/config/SecurityConfiguration.java diff --git a/blade-service/blade-flow/src/main/java/org/springblade/flowable/engine/config/SecurityConfiguration.java b/blade-service/blade-flow/src/main/java/org/springblade/flowable/engine/config/SecurityConfiguration.java new file mode 100644 index 00000000..fde0ad00 --- /dev/null +++ b/blade-service/blade-flow/src/main/java/org/springblade/flowable/engine/config/SecurityConfiguration.java @@ -0,0 +1,81 @@ +package org.springblade.flowable.engine.config; + +import lombok.extern.slf4j.Slf4j; +import org.flowable.ui.common.properties.FlowableRestAppProperties; +import org.flowable.ui.common.security.ActuatorRequestMatcher; +import org.flowable.ui.common.security.DefaultPrivileges; +import org.flowable.ui.modeler.properties.FlowableModelerAppProperties; +import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest; +import org.springframework.boot.actuate.health.HealthEndpoint; +import org.springframework.boot.actuate.info.InfoEndpoint; +import org.springframework.boot.autoconfigure.condition.ConditionalOnClass; +import org.springframework.context.annotation.Configuration; +import org.springframework.core.annotation.Order; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.http.SessionCreationPolicy; + +/** + * SecurityConfiguration + * + * @author Chill + */ +@Slf4j +@Configuration +@EnableWebSecurity +public class SecurityConfiguration { + + @Configuration + @Order(1) + public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter { + + protected final FlowableRestAppProperties restAppProperties; + protected final FlowableModelerAppProperties modelerAppProperties; + + public ApiWebSecurityConfigurationAdapter(FlowableRestAppProperties restAppProperties, + FlowableModelerAppProperties modelerAppProperties) { + this.restAppProperties = restAppProperties; + this.modelerAppProperties = modelerAppProperties; + } + + @Override + protected void configure(HttpSecurity http) throws Exception { + + http + .sessionManagement() + .sessionCreationPolicy(SessionCreationPolicy.STATELESS) + .and() + .csrf() + .disable(); + + http.antMatcher("/**").authorizeRequests().antMatchers("/**").permitAll(); + + + } + } + + @ConditionalOnClass(EndpointRequest.class) + @Configuration + @Order(5) + public static class ActuatorWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter { + + @Override + protected void configure(HttpSecurity http) throws Exception { + + http + .sessionManagement() + .sessionCreationPolicy(SessionCreationPolicy.STATELESS) + .and() + .csrf() + .disable(); + + http + .requestMatcher(new ActuatorRequestMatcher()) + .authorizeRequests() + .requestMatchers(EndpointRequest.to(InfoEndpoint.class, HealthEndpoint.class)).authenticated() + .requestMatchers(EndpointRequest.toAnyEndpoint()).hasAnyAuthority(DefaultPrivileges.ACCESS_ADMIN) + .and().httpBasic(); + } + } +}