package cc.mrbird.febs.gateway.enhance.auth;
|
|
import lombok.RequiredArgsConstructor;
|
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Configuration;
|
import org.springframework.http.HttpMethod;
|
import org.springframework.http.HttpStatus;
|
import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
|
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
|
import org.springframework.security.config.web.server.ServerHttpSecurity;
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
import org.springframework.security.web.server.SecurityWebFilterChain;
|
import reactor.core.publisher.Mono;
|
|
/**
|
* @author MrBird
|
*/
|
@Configuration
|
@EnableWebFluxSecurity
|
@EnableReactiveMethodSecurity
|
@RequiredArgsConstructor
|
public class SecurityConfigure {
|
|
private final AuthenticationManager authenticationManager;
|
private final SecurityContextRepository securityContextRepository;
|
|
@Bean
|
public PasswordEncoder passwordEncoder() {
|
return new BCryptPasswordEncoder();
|
}
|
|
@Bean
|
public SecurityWebFilterChain securitygWebFilterChain(ServerHttpSecurity http) {
|
return http
|
.exceptionHandling()
|
.authenticationEntryPoint((s, e) -> Mono.fromRunnable(() -> s.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED)))
|
.accessDeniedHandler((s, e) -> Mono.fromRunnable(() -> s.getResponse().setStatusCode(HttpStatus.FORBIDDEN)))
|
.and()
|
.headers().frameOptions().disable()
|
.and()
|
.csrf().disable()
|
.formLogin().disable()
|
.httpBasic().disable()
|
.authenticationManager(authenticationManager)
|
.securityContextRepository(securityContextRepository)
|
.authorizeExchange()
|
.pathMatchers(HttpMethod.OPTIONS).permitAll()
|
.pathMatchers("/route/auth/**").authenticated()
|
.anyExchange().permitAll()
|
.and().build();
|
}
|
}
|
