exchange.git - Gitblit

			@@ -1,72 +1,84 @@
			package com.xcong.excoin.configurations.security;

			import lombok.extern.slf4j.Slf4j;
			import org.springframework.context.annotation.Bean;
			import org.springframework.context.annotation.Configuration;
			import org.springframework.http.HttpMethod;
			import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
			import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
			import org.springframework.security.config.annotation.web.builders.HttpSecurity;
			import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
			import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
			import org.springframework.security.core.userdetails.UserDetailsService;
			import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
			import org.springframework.security.crypto.password.PasswordEncoder;
			import org.springframework.security.web.AuthenticationEntryPoint;
			import org.springframework.security.web.access.AccessDeniedHandler;

			import javax.annotation.Resource;

			/**
			* @author wzy
			* @date 2020-05-11
			**/
			@Slf4j
			@Configuration
			@EnableWebSecurity
			@EnableGlobalMethodSecurity(prePostEnabled = true)
			public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

			@Resource
			private UserDetailsService userDetailsService;

			@Override
			protected void configure(HttpSecurity http) throws Exception {
			http.httpBasic().and().
			cors().and().csrf().disable()
			.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint())
			.and()
			.authorizeRequests()
			.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
			.antMatchers("/login").permitAll()
			.antMatchers("/swagger/").permitAll()
			.antMatchers("/webjars/**").permitAll()
			.antMatchers("/v2/**").permitAll()
			.anyRequest().authenticated()
			.and().apply(securityConfiguereAdapter());
			}

			@Override
			protected void configure(AuthenticationManagerBuilder auth) throws Exception {
			auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
			}

			@Bean
			public PasswordEncoder passwordEncoder() {
			return new BCryptPasswordEncoder();
			}

			@Bean
			public AccessDeniedHandler accessDeniedHandler() {
			return new CustomAccessDeniedHandler();
			}

			@Bean
			public AuthenticationEntryPoint authenticationEntryPoint() {
			return new CustomAuthenticationEntryPoint();
			}

			public TokenConfigurer securityConfiguereAdapter() {
			return new TokenConfigurer();
			}
			}
			package com.xcong.excoin.configurations.security;

			import lombok.extern.slf4j.Slf4j;
			import org.springframework.context.annotation.Bean;
			import org.springframework.context.annotation.Configuration;
			import org.springframework.http.HttpMethod;
			import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
			import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
			import org.springframework.security.config.annotation.web.builders.HttpSecurity;
			import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
			import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
			import org.springframework.security.core.userdetails.UserDetailsService;
			import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
			import org.springframework.security.crypto.password.PasswordEncoder;
			import org.springframework.security.web.AuthenticationEntryPoint;
			import org.springframework.security.web.access.AccessDeniedHandler;

			import javax.annotation.Resource;

			/**
			* @author wzy
			* @date 2020-05-11
			**/
			@Slf4j
			@Configuration
			@EnableWebSecurity
			@EnableGlobalMethodSecurity(prePostEnabled = true)
			public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

			@Resource
			private UserDetailsService userDetailsService;

			@Override
			protected void configure(HttpSecurity http) throws Exception {
			http.httpBasic().and().
			cors().and().csrf().disable()
			.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint())
			.and()
			.authorizeRequests()
			.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
			.antMatchers("/login").permitAll()
			.antMatchers("/register").permitAll()
			.antMatchers("/swagger/").permitAll()
			.antMatchers("/webjars/**").permitAll()
			.antMatchers("/v2/**").permitAll()
			.antMatchers("/api/symbols/**").permitAll()
			.antMatchers("/common/**").permitAll()
			.antMatchers("/api/exchange/**").permitAll()
			.antMatchers("/api/member/getMemberAccountInfo").permitAll()
			.antMatchers("/api/member/memberForgetPwd").permitAll()
			.antMatchers("/api/member/memberCoinInfoList").permitAll()
			.antMatchers("/api/member/getPcVersionInfo").permitAll()
			.antMatchers("/api/member/getAppVersionInfo").permitAll()
			.antMatchers("/api/orderCoin/searchSymbolResultList").permitAll()
			.antMatchers("/api/orderCoin/findCollect").permitAll()
			.antMatchers("/trade/**").permitAll()
			.anyRequest().authenticated()
			.and().apply(securityConfiguereAdapter());
			}

			@Override
			protected void configure(AuthenticationManagerBuilder auth) throws Exception {
			auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
			}

			@Bean
			public PasswordEncoder passwordEncoder() {
			return new BCryptPasswordEncoder();
			}

			@Bean
			public AccessDeniedHandler accessDeniedHandler() {
			return new CustomAccessDeniedHandler();
			}

			@Bean
			public AuthenticationEntryPoint authenticationEntryPoint() {
			return new CustomAuthenticationEntryPoint();
			}

			public TokenConfigurer securityConfiguereAdapter() {
			return new TokenConfigurer();
			}
			}