forked from kidgrow-microservices-platform
kidgrow-uaa/kidgrow-uaa-server/src/main/java/com/kidgrow/oauth2/config/SecurityConfig.java
@@ -1,6 +1,7 @@ package com.kidgrow.oauth2.config; import com.kidgrow.common.constant.SecurityConstants; //import com.kidgrow.oauth2.handler.InMemoryAuthenticationProvider; import com.kidgrow.oauth2.mobile.MobileAuthenticationSecurityConfig; import com.kidgrow.oauth2.openid.OpenIdAuthenticationSecurityConfig; import com.kidgrow.common.config.DefaultPasswordConfig; @@ -9,19 +10,26 @@ import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Import; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.ProviderManager; import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.security.web.access.intercept.FilterSecurityInterceptor; import org.springframework.security.web.authentication.AuthenticationFailureHandler; import org.springframework.security.web.authentication.AuthenticationSuccessHandler; import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler; import org.springframework.security.web.authentication.logout.LogoutHandler; import org.springframework.security.web.header.HeaderWriterFilter; import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter; import javax.annotation.Resource; import java.util.Arrays; /** @@ -63,6 +71,9 @@ @Autowired private MobileAuthenticationSecurityConfig mobileAuthenticationSecurityConfig; // @Autowired // InMemoryAuthenticationProvider inMemoryAuthenticationProvider; /** * 这一步的配置是必不可少的,否则SpringBoot会自动配置一个AuthenticationManager,覆盖掉内存中的用户 * @return 认证管理对象 @@ -72,6 +83,22 @@ public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } // @Bean // @Override // public AuthenticationManager authenticationManagerBean() throws Exception { // // 认证管理器中只提供我需要的两个第一个是自定义认证,第二个是数据库认证,需要经过两层认证才能通过,默认的 // // // 构造函数不提供自定义认证Provider,那么默认提供DaoAuthenticationProvider // // ProviderManager authenticationManager = new ProviderManager(Arrays.asList(inMemoryAuthenticationProvider, daoAuthenticationProvider())); // // // 不擦除认证密码,擦除会导致TokenBasedRememberMeServices因为找不到Credentials再调用UserDetailsService而抛出UsernameNotFoundException // // authenticationManager.setEraseCredentialsAfterAuthentication(false); // // return authenticationManager; // } @Override protected void configure(HttpSecurity http) throws Exception {
