package cc.mrbird.febs.gateway.enhance.auth; import lombok.RequiredArgsConstructor; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpMethod; import org.springframework.http.HttpStatus; import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity; import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity; import org.springframework.security.config.web.server.ServerHttpSecurity; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.server.SecurityWebFilterChain; import reactor.core.publisher.Mono; /** * @author MrBird */ @Configuration @EnableWebFluxSecurity @EnableReactiveMethodSecurity @RequiredArgsConstructor public class SecurityConfigure { private final AuthenticationManager authenticationManager; private final SecurityContextRepository securityContextRepository; @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } @Bean public SecurityWebFilterChain securitygWebFilterChain(ServerHttpSecurity http) { return http .exceptionHandling() .authenticationEntryPoint((s, e) -> Mono.fromRunnable(() -> s.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED))) .accessDeniedHandler((s, e) -> Mono.fromRunnable(() -> s.getResponse().setStatusCode(HttpStatus.FORBIDDEN))) .and() .headers().frameOptions().disable() .and() .csrf().disable() .formLogin().disable() .httpBasic().disable() .authenticationManager(authenticationManager) .securityContextRepository(securityContextRepository) .authorizeExchange() .pathMatchers(HttpMethod.OPTIONS).permitAll() .pathMatchers("/route/auth/**").authenticated() .anyExchange().permitAll() .and().build(); } }