@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
private final JsonToUrlEncodedAuthenticationFilter jsonFilter;
private final LogFilter logFilter;
private final HLandraySsoFilter hLandraySsoFilter;
@Autowired
public ResourceServerConfig(JsonToUrlEncodedAuthenticationFilter jsonFilter, LogFilter logFilter, HLandraySsoFilter hLandraySsoFilter) {
this.jsonFilter = jsonFilter;
this.logFilter = logFilter;
this.hLandraySsoFilter = hLandraySsoFilter;
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.requestMatchers().antMatchers("/api/**", "/token/**", "/sso/**",
"/hSsoCallback**", "/hOldSsoCallback**", "/hOldSsoRedirect**")
.and() //允許上面這些接口訪問
.authorizeRequests().antMatchers("/api/aes/**").permitAll().and() //"/api/aes/**"的接口請求不需要auth校驗
.authorizeRequests()
.antMatchers("/api/**").authenticated(); //"/api/**"需要auth校驗
//-2147483648
http.addFilterBefore(logFilter, ChannelProcessingFilter.class);
//未配置@Order ,默認為ChannelProcessingFilter.class的Order減1
http.addFilterBefore(new ClientInfoFilter(), ChannelProcessingFilter.class);
//0x80000000(16進制)=2147483648(十進制)
http.addFilterBefore(jsonFilter, ChannelProcessingFilter.class);
http.addFilterBefore(new SimpleCorsFilter(), ChannelProcessingFilter.class);
http.addFilterBefore(hLandraySsoFilter, ChannelProcessingFilter.class); } }
