From 88b335cf1352479a5ffdb6305ce42b32e0122622 Mon Sep 17 00:00:00 2001
From: luliqiang <kidgrow>
Date: Tue, 11 Aug 2020 09:45:14 +0800
Subject: [PATCH] Merge branch 'dev' of http://192.168.2.240:7070/r/kidgrow-microservices-platform into dev

---
 kidgrow-uaa/kidgrow-uaa-server/src/main/java/com/kidgrow/oauth2/config/SecurityConfig.java |   27 +++++++++++++++++++++++++++
 1 files changed, 27 insertions(+), 0 deletions(-)

diff --git a/kidgrow-uaa/kidgrow-uaa-server/src/main/java/com/kidgrow/oauth2/config/SecurityConfig.java b/kidgrow-uaa/kidgrow-uaa-server/src/main/java/com/kidgrow/oauth2/config/SecurityConfig.java
index 105d3ff..03c15b8 100644
--- a/kidgrow-uaa/kidgrow-uaa-server/src/main/java/com/kidgrow/oauth2/config/SecurityConfig.java
+++ b/kidgrow-uaa/kidgrow-uaa-server/src/main/java/com/kidgrow/oauth2/config/SecurityConfig.java
@@ -1,6 +1,7 @@
 package com.kidgrow.oauth2.config;
 
 import com.kidgrow.common.constant.SecurityConstants;
+//import com.kidgrow.oauth2.handler.InMemoryAuthenticationProvider;
 import com.kidgrow.oauth2.mobile.MobileAuthenticationSecurityConfig;
 import com.kidgrow.oauth2.openid.OpenIdAuthenticationSecurityConfig;
 import com.kidgrow.common.config.DefaultPasswordConfig;
@@ -9,19 +10,26 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
 import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.ProviderManager;
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler;
 import org.springframework.security.web.authentication.logout.LogoutHandler;
+import org.springframework.security.web.header.HeaderWriterFilter;
+import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter;
 
 import javax.annotation.Resource;
+import java.util.Arrays;
 
 
 /**
@@ -63,6 +71,9 @@
 	@Autowired
 	private MobileAuthenticationSecurityConfig mobileAuthenticationSecurityConfig;
 
+//	@Autowired
+//	InMemoryAuthenticationProvider inMemoryAuthenticationProvider;
+
 	/**
 	 * 这一步的配置是必不可少的，否则SpringBoot会自动配置一个AuthenticationManager,覆盖掉内存中的用户
 	 * @return 认证管理对象
@@ -72,6 +83,22 @@
 	public AuthenticationManager authenticationManagerBean() throws Exception {
 		return super.authenticationManagerBean();
 	}
+//	@Bean
+//    @Override
+//	public AuthenticationManager authenticationManagerBean() throws Exception {
+//		// 认证管理器中只提供我需要的两个第一个是自定义认证，第二个是数据库认证，需要经过两层认证才能通过，默认的
+//
+//		// 构造函数不提供自定义认证Provider，那么默认提供DaoAuthenticationProvider
+//
+//		ProviderManager authenticationManager = new ProviderManager(Arrays.asList(inMemoryAuthenticationProvider, daoAuthenticationProvider()));
+//
+//		// 不擦除认证密码，擦除会导致TokenBasedRememberMeServices因为找不到Credentials再调用UserDetailsService而抛出UsernameNotFoundException
+//
+//		authenticationManager.setEraseCredentialsAfterAuthentication(false);
+//
+//		return authenticationManager;
+//	}
+
 
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {

--
Gitblit v1.8.0