trick9191
/
wlyy2.0
派生自 Amoy2/wlyy2.0


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134
							package com.yihu.wlyy.config;

import com.yihu.wlyy.filter.AccessDecisionManagerImpl;
import com.yihu.wlyy.filter.AccessDeniedHandlerImpl;
import org.springframework.context.annotation.Bean;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler;

/**
 * @author lincl
 * @version 1.0
 * @created 2016/7/21
 */
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    public void configure(WebSecurity web) throws Exception {
        // 设置不拦截规则
        web.ignoring().antMatchers(
                "/static/**",
                "/error/**",
                "/out",
                "/**.jsp",
                "/common/**",
                "/login/**",
                "/yueren/**",
                "/svr-iot/**",
                "/customer/**",
                "/third/**",
                "/admin/hos/doctor/importFromExcel",
                "/admin/hos/doctor/importData",
                "/admin/team/importData",
                "/admin/hos/importData",
                "/admin/hos/doctor/toExcel",
                "/admin/device/toExcel",
                "/admin/device/importData",
                "/admin/patientDevice/toExcel",
                "/admin/healthIndex/**",
                "/admin/healthIndex/getExcelByFilter",
                "/admin/static/prescription/toExcel",
                "/admin/static/wechat/listToExcel",
                "/admin/static/wechat/hosipitaTotalToExcel",
                "/admin/static/healthedu/pushlistToExcel",
                "/admin/static/wechat/townTotalToExcel",
                "/admin/static/pay/signpayToExcel",
                "/admin/static/pay/prescriptionToExcel",
                "/admin/basedata/importData",
                "/admin/wlyyUserRole/importData",
                "/admin/questionnaire/importData",
                "/WEB—INF/views/**",
                "/admin/specialDisease/**",
                "/admin/surveyTemplateResult/**",
                "/admin/surveyAdvice/**",
                "/admin/surveyTemplateAdvice/**",
                "/admin/paylog/**",
                "/admin/static/consult/**",
                "/admin/specialist/hospitalServiceItem/importData"
        );
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // 设置拦截规则
        http
                .authorizeRequests()
                .accessDecisionManager(accessDecisionManager())
                .expressionHandler(webSecurityExpressionHandler())
                .antMatchers("/yueren/**").permitAll()
                .antMatchers("/svr-iot/device/**").permitAll()//物联网平台没有做登录（这里添加免登录验证）
//                .antMatchers("/admin/main").permitAll()
//                .antMatchers("/login/**").permitAll()
//                .antMatchers("/admin/**").authenticated()
                .antMatchers("/admin/**").hasRole("USER")
                .and()
                .exceptionHandling().accessDeniedHandler(accessDeniedHandler())
                .and()
//                .headers().frameOptions().disable();//取消jfame的安全验证
//                .and()
                .headers().disable();

        // 自定义登录页面
//        http.csrf().disable().formLogin().loginPage("/login").permitAll();

        // 自定义注销
//        http.logout().logoutUrl("/logout").logoutSuccessUrl("/login")
//                .invalidateHttpSession(true);

        // session管理
//        http.sessionManagement().sessionFixation().changeSessionId()
//                .maximumSessions(1).expiredUrl("/");

        // RemeberMe  和UserDetailsService合作 用来保存用户信息， 一段时间内可以不用在输入用户名和密码登录，暂不使用该功能
//        http.rememberMe().key("webmvc#FD637E6D9C0F1A5A67082AF56CE32485");

    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {

    }

    /*
     * 最终访问控制器
     */
    @Bean(name = "accessDecisionManager")
    public AccessDecisionManager accessDecisionManager() {

        return new AccessDecisionManagerImpl();
    }

    /*
     * 错误信息拦截器
     */
    @Bean(name = "accessDeniedHandler")
    public AccessDeniedHandlerImpl accessDeniedHandler() {
        AccessDeniedHandlerImpl accessDeniedHandler = new AccessDeniedHandlerImpl();
//        accessDeniedHandler.setErrorPage("/error/403.jsp");
        return accessDeniedHandler;
    }

    /*
     * 表达式控制器
     */
    @Bean(name = "expressionHandler")
    public DefaultWebSecurityExpressionHandler webSecurityExpressionHandler() {
        DefaultWebSecurityExpressionHandler webSecurityExpressionHandler = new DefaultWebSecurityExpressionHandler();
        return webSecurityExpressionHandler;
    }
}