/*
* Copyright 2002-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.beecode.inz.war;
import java.util.ArrayList;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
import org.springframework.security.web.session.ConcurrentSessionFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import com.beecode.amino.metadata.runtime.MetadataRuntime;
import com.beecode.bap.user.service.BapUserService;
import com.beecode.bcp.authc.handler.RestLogoutHandler;
import com.beecode.bcp.core.context.AminoContextConstants;
import com.beecode.bcp.type.KClass;
import com.beecode.bcp.web.context.AminoContextPersistenceFilter;
import com.beecode.bcp.web.context.AminoContextRepository;
import com.beecode.bcp.web.context.AminoContextService;
import com.beecode.inz.authentication.filter.INZTenantAuthenticationFilter;
import com.beecode.inz.authentication.filter.InzConcurrentSessionFilter;
import com.beecode.inz.authentication.filter.InzWebAuthenticationFilter;
import com.beecode.inz.authentication.handler.DriverUserAuthenticationSuccessHandler;
import com.beecode.inz.authentication.handler.RESTAppAuthenticationSuccessHandler;
import com.beecode.inz.authentication.handler.RESTAuthenticationEntryPoint;
import com.beecode.inz.authentication.handler.RESTAuthenticationFailureHandler;
import com.beecode.inz.authentication.handler.RESTAuthenticationSuccessHandler;
import com.beecode.inz.authentication.handler.RESTWarehouseUserAuthenticationSuccessHandler;
import com.beecode.inz.authentication.handler.SandUserAuthenticationSuccessHandler;
import com.beecode.inz.authentication.provider.AppUserAuthenticationProvider;
import com.beecode.inz.authentication.provider.DriverUserAuthProvider;
import com.beecode.inz.authentication.provider.SandUserAuthProvider;
import com.beecode.inz.authentication.provider.UserAuthenticationProvider;
import com.beecode.inz.authentication.provider.WarehouseUserAuthenticationProvider;
import com.beecode.inz.basis.context.driver.DriverUserContextPersistenceFilter;
import com.beecode.inz.basis.context.driver.DriverUserContextRepository;
import com.beecode.inz.basis.context.sand.SandUserContextPersistenceFilter;
import com.beecode.inz.basis.context.sand.SandUserContextRepository;
import com.beecode.inz.basis.context.warehouse.WarehouseUserContextPersistenceFilter;
import com.beecode.inz.basis.context.warehouse.WarehouseUserContextRepository;
/**
* @author Joe Grandja
*/
@EnableWebSecurity
public class SecurityConfig {
@Autowired
private MetadataRuntime metadataRuntime;
@Autowired
@Qualifier("com.beecode.bap.user.internal.service.BapUserServiceImpl")
private BapUserService bapUserService;
@Autowired
private AminoContextService aminoContextService;
@Autowired
@Qualifier(AminoContextConstants.ORGENITYNAME)
private KClass orgClass ;
@Autowired
@Qualifier(AminoContextConstants.STAFFENTITYNAME)
private KClass staffClass;
@Autowired
private RESTAuthenticationEntryPoint authenticationEntryPoint;
@Autowired
private RESTAuthenticationFailureHandler authenticationFailureHandler;
@Autowired
private RESTAuthenticationSuccessHandler authenticationSuccessHandler;
// @Autowired
// private CompanyInfoAuthenticationFailureHandler companyInfoAuthenticationFailureHandler;
//
// @Autowired
// private CompanyInfoAuthenticationSuccessHandler companyInfoauthenticationSuccessHandler;
@Autowired
private RESTAppAuthenticationSuccessHandler appAuthenticationSuccessHandler;
@Autowired
private AppUserAuthenticationProvider appUserAuthenticationProvider;
@Autowired
private UserAuthenticationProvider userAuthenticationProvider;
@Autowired
private RESTWarehouseUserAuthenticationSuccessHandler warehouseUserAuthenticationSuccessHandler;
@Autowired
private WarehouseUserAuthenticationProvider warehouseUserAuthenticationProvider;
@Autowired
private WarehouseUserContextRepository warehouseUserContextRepository;
//采砂用户
@Autowired
private SandUserAuthenticationSuccessHandler sandUserAuthenticationSuccessHandler;
@Autowired
private SandUserAuthProvider sandUserAuthProvider;
@Autowired
private SandUserContextRepository sandUserContextRepository;
//司机用户
@Autowired
private DriverUserAuthenticationSuccessHandler driverUserAuthenticationSuccessHandler;
@Autowired
private DriverUserAuthProvider driverUserAuthProvider;
@Autowired
private DriverUserContextRepository driverUserContextRepository;
@Autowired
private RestLogoutHandler CLogoutHandler;
// @Autowired
// SecretAuthenticationProvider secretAuthenticationProvider;
// @Autowired
// private RegisterSessionAuthenticationStrategy registerSessionAuthenticationStrategy;
@Autowired
private SessionAuthenticationStrategy concurrentSessionControlAuthenticationStrategy;
@Autowired
private SessionRegistry sessionRegistry;
@Autowired
private InzLogoutHandler logoutHandler;
@Autowired
private AminoContextRepository repository;
@Configuration
@Order(1)
public class InzAppSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
List<SessionAuthenticationStrategy> delegateStrategies = new ArrayList<SessionAuthenticationStrategy>();
//delegateStrategies.add(registerSessionAuthenticationStrategy);
delegateStrategies.add(concurrentSessionControlAuthenticationStrategy);
http.sessionManagement().maximumSessions(1);
http.csrf().disable();
http.cors().disable();
http.antMatcher("/app/login").authorizeRequests().anyRequest().authenticated();
http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
InzWebAuthenticationFilter filter = new InzWebAuthenticationFilter();
filter.setAuthenticationSuccessHandler(appAuthenticationSuccessHandler);
filter.setAuthenticationFailureHandler(authenticationFailureHandler);
filter.setAuthenticationManager(authenticationManager());
filter.setSessionAuthenticationStrategy(new CompositeSessionAuthenticationStrategy(delegateStrategies));
RequestMatcher requestMatcher = new AntPathRequestMatcher("/app/login", "POST");
filter.setRequiresAuthenticationRequestMatcher(requestMatcher);
InzConcurrentSessionFilter inzConcurrentSessionFilter = new InzConcurrentSessionFilter(sessionRegistry) ;
http.addFilterAt(inzConcurrentSessionFilter, ConcurrentSessionFilter.class);
AminoContextPersistenceFilter aminoContextPersistenceFilter = new AminoContextPersistenceFilter(metadataRuntime,repository);
aminoContextPersistenceFilter.setAminoContextService(aminoContextService);
http.addFilterAt(filter,UsernamePasswordAuthenticationFilter.class);
http.addFilterAfter(aminoContextPersistenceFilter, SecurityContextPersistenceFilter.class);
http.addFilterAfter(new INZTenantAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(appUserAuthenticationProvider);
}
@Override
protected AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManager();
}
}
@Configuration
@Order(2)
public class WarehouseUserSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
List<SessionAuthenticationStrategy> delegateStrategies = new ArrayList<SessionAuthenticationStrategy>();
delegateStrategies.add(concurrentSessionControlAuthenticationStrategy);
http.sessionManagement().maximumSessions(1);
http.csrf().disable();
http.cors().disable();
http.antMatcher("/warehouse/user/login").authorizeRequests().anyRequest().authenticated();
http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
InzWebAuthenticationFilter filter = new InzWebAuthenticationFilter();
filter.setAuthenticationSuccessHandler(warehouseUserAuthenticationSuccessHandler);
filter.setAuthenticationFailureHandler(authenticationFailureHandler);
filter.setAuthenticationManager(authenticationManager());
filter.setSessionAuthenticationStrategy(new CompositeSessionAuthenticationStrategy(delegateStrategies));
RequestMatcher requestMatcher = new AntPathRequestMatcher("/warehouse/user/login", "POST");
filter.setRequiresAuthenticationRequestMatcher(requestMatcher);
http.addFilterAt(filter, UsernamePasswordAuthenticationFilter.class);
InzConcurrentSessionFilter inzConcurrentSessionFilter = new InzConcurrentSessionFilter(sessionRegistry) ;
http.addFilterAt(inzConcurrentSessionFilter, ConcurrentSessionFilter.class);
WarehouseUserContextPersistenceFilter contextPersistenceFilter = new WarehouseUserContextPersistenceFilter(metadataRuntime, warehouseUserContextRepository);
http.addFilterAfter(contextPersistenceFilter, SecurityContextPersistenceFilter.class);
http.addFilterAfter(new INZTenantAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(warehouseUserAuthenticationProvider);
}
@Override
protected AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManager();
}
}
@Configuration
@Order(3)
public class WarehouseApiConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
List<SessionAuthenticationStrategy> delegateStrategies = new ArrayList<SessionAuthenticationStrategy>();
delegateStrategies.add(concurrentSessionControlAuthenticationStrategy);
http.sessionManagement().maximumSessions(1);
http.csrf().disable();
http.cors().disable();
http.antMatcher("/warehouse/api/**").authorizeRequests()
// .antMatchers("/warehouse/user").permitAll()
.anyRequest().authenticated();
http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
InzConcurrentSessionFilter inzConcurrentSessionFilter = new InzConcurrentSessionFilter(sessionRegistry) ;
http.addFilterAt(inzConcurrentSessionFilter, ConcurrentSessionFilter.class);
WarehouseUserContextPersistenceFilter contextPersistenceFilter = new WarehouseUserContextPersistenceFilter(metadataRuntime, warehouseUserContextRepository);
http.addFilterAfter(contextPersistenceFilter, SecurityContextPersistenceFilter.class);
http.addFilterAfter(new INZTenantAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
http.logout().logoutUrl("/warehouse/api/logout")
.addLogoutHandler(logoutHandler).invalidateHttpSession(true)
.permitAll();
}
@Override
protected AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManager();
}
}
@Configuration
@Order(4)
public class SandUserSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
List<SessionAuthenticationStrategy> delegateStrategies = new ArrayList<SessionAuthenticationStrategy>();
delegateStrategies.add(concurrentSessionControlAuthenticationStrategy);
http.sessionManagement().maximumSessions(1);
http.csrf().disable();
http.cors().disable();
http.antMatcher("/sand/user/login").authorizeRequests().anyRequest().authenticated();
http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
InzWebAuthenticationFilter filter = new InzWebAuthenticationFilter();
filter.setAuthenticationSuccessHandler(sandUserAuthenticationSuccessHandler);
filter.setAuthenticationFailureHandler(authenticationFailureHandler);
filter.setAuthenticationManager(authenticationManager());
filter.setSessionAuthenticationStrategy(new CompositeSessionAuthenticationStrategy(delegateStrategies));
RequestMatcher requestMatcher = new AntPathRequestMatcher("/sand/user/login", "POST");
filter.setRequiresAuthenticationRequestMatcher(requestMatcher);
http.addFilterAt(filter, UsernamePasswordAuthenticationFilter.class);
InzConcurrentSessionFilter inzConcurrentSessionFilter = new InzConcurrentSessionFilter(sessionRegistry) ;
http.addFilterAt(inzConcurrentSessionFilter, ConcurrentSessionFilter.class);
SandUserContextPersistenceFilter contextPersistenceFilter = new SandUserContextPersistenceFilter(metadataRuntime, sandUserContextRepository);
http.addFilterAfter(contextPersistenceFilter, SecurityContextPersistenceFilter.class);
http.addFilterAfter(new INZTenantAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(sandUserAuthProvider);
}
@Override
protected AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManager();
}
}
@Configuration
@Order(5)
public class SandApiConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
List<SessionAuthenticationStrategy> delegateStrategies = new ArrayList<SessionAuthenticationStrategy>();
delegateStrategies.add(concurrentSessionControlAuthenticationStrategy);
http.sessionManagement().maximumSessions(1);
http.csrf().disable();
http.cors().disable();
http.antMatcher("/sand/user/**").authorizeRequests()
// .antMatchers("/sand/user").permitAll()
.anyRequest().authenticated();
http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
InzConcurrentSessionFilter inzConcurrentSessionFilter = new InzConcurrentSessionFilter(sessionRegistry) ;
http.addFilterAt(inzConcurrentSessionFilter, ConcurrentSessionFilter.class);
SandUserContextPersistenceFilter contextPersistenceFilter = new SandUserContextPersistenceFilter(metadataRuntime, sandUserContextRepository);
http.addFilterAfter(contextPersistenceFilter, SecurityContextPersistenceFilter.class);
http.addFilterAfter(new INZTenantAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
http.logout().logoutUrl("/sand/user/logout")
.addLogoutHandler(logoutHandler).invalidateHttpSession(true)
.permitAll();
}
@Override
protected AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManager();
}
}
@Configuration
@Order(6)
public class DriverUserSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
List<SessionAuthenticationStrategy> delegateStrategies = new ArrayList<SessionAuthenticationStrategy>();
delegateStrategies.add(concurrentSessionControlAuthenticationStrategy);
http.sessionManagement().maximumSessions(1);
http.csrf().disable();
http.cors().disable();
http.antMatcher("/driver/user/login").authorizeRequests().anyRequest().authenticated();
http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
InzWebAuthenticationFilter filter = new InzWebAuthenticationFilter();
filter.setAuthenticationSuccessHandler(driverUserAuthenticationSuccessHandler);
filter.setAuthenticationFailureHandler(authenticationFailureHandler);
filter.setAuthenticationManager(authenticationManager());
filter.setSessionAuthenticationStrategy(new CompositeSessionAuthenticationStrategy(delegateStrategies));
RequestMatcher requestMatcher = new AntPathRequestMatcher("/driver/user/login", "POST");
filter.setRequiresAuthenticationRequestMatcher(requestMatcher);
http.addFilterAt(filter, UsernamePasswordAuthenticationFilter.class);
InzConcurrentSessionFilter inzConcurrentSessionFilter = new InzConcurrentSessionFilter(sessionRegistry) ;
http.addFilterAt(inzConcurrentSessionFilter, ConcurrentSessionFilter.class);
DriverUserContextPersistenceFilter contextPersistenceFilter = new DriverUserContextPersistenceFilter(metadataRuntime, driverUserContextRepository);
http.addFilterAfter(contextPersistenceFilter, SecurityContextPersistenceFilter.class);
http.addFilterAfter(new INZTenantAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(driverUserAuthProvider);
}
@Override
protected AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManager();
}
}
@Configuration
@Order(7)
public class DriverApiConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
List<SessionAuthenticationStrategy> delegateStrategies = new ArrayList<SessionAuthenticationStrategy>();
delegateStrategies.add(concurrentSessionControlAuthenticationStrategy);
http.sessionManagement().maximumSessions(1);
http.csrf().disable();
http.cors().disable();
http.antMatcher("/driver/user/**").authorizeRequests()
// .antMatchers("/sand/user").permitAll()
.anyRequest().authenticated();
http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
InzConcurrentSessionFilter inzConcurrentSessionFilter = new InzConcurrentSessionFilter(sessionRegistry) ;
http.addFilterAt(inzConcurrentSessionFilter, ConcurrentSessionFilter.class);
DriverUserContextPersistenceFilter contextPersistenceFilter = new DriverUserContextPersistenceFilter(metadataRuntime, driverUserContextRepository);
http.addFilterAfter(contextPersistenceFilter, SecurityContextPersistenceFilter.class);
http.addFilterAfter(new INZTenantAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
http.logout().logoutUrl("/driver/user/logout")
.addLogoutHandler(logoutHandler).invalidateHttpSession(true)
.permitAll();
}
@Override
protected AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManager();
}
}
@Configuration
@Order(8)
public class WebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.cors().disable();
http.sessionManagement().maximumSessions(1);
http.authorizeRequests()
.antMatchers("/api/login").permitAll()
.antMatchers("/actuator/info").permitAll()
.antMatchers("/import/download/**").permitAll()
.antMatchers("/basis/enterprise/**").permitAll()
.antMatchers("/biz/download/**").permitAll()
.antMatchers("/basis/attachments/**").permitAll()
.antMatchers("/verification/sendCode/**").permitAll()
.antMatchers("/verification/verifyCode/**").permitAll()
.antMatchers(HttpMethod.POST, "/qrcode").permitAll()
.antMatchers(HttpMethod.GET, "/qrcode/authced/**").permitAll()
.antMatchers("/bcp/workflow/**").permitAll()
.antMatchers("/authc/user/modifyPassword").permitAll()
.antMatchers("/authc/user/getTelephone").permitAll()
.antMatchers("/code/send/**").permitAll()
.antMatchers("/code/verify/**").permitAll()
.antMatchers("/user/regist/**").permitAll()
.antMatchers("/basis/viewConfig/com.beecode.inz.i18n/content").permitAll()
.antMatchers("/ops/**").permitAll()
.antMatchers("/query/functionQuery").permitAll()
.antMatchers("/load/**").permitAll()
.antMatchers("/user/regist").permitAll()
.antMatchers("/enroll/**").permitAll()
.antMatchers("/deposit/**").permitAll()
.antMatchers("/offerRecord/**").permitAll()
.antMatchers("/complaint/**").permitAll()
// .antMatchers("/consult/**").permitAll()
.antMatchers("/code/verify").permitAll()
.antMatchers("/code/send/**").permitAll()
.antMatchers("/api/ssoauth/connect").permitAll()
.antMatchers("/api/rtdcccm/**").permitAll()
.antMatchers("/dict/listAll").permitAll()
.antMatchers("/dict/criteria").permitAll()
.antMatchers("/map/**").permitAll()
.antMatchers("/loadAuctionByAsset/**").permitAll()
.antMatchers("/crm/load/announcement/byAssetPackage/**").permitAll()
.antMatchers("/crm/assetInfo/byAssetPackage/**").permitAll()
.antMatchers("/authc/user/modifySelfPassword").permitAll()
.antMatchers("/crm/load/publicity/byAssetPackage/**").permitAll()
.antMatchers("/workflow/api/**").permitAll()
.antMatchers("/dnaserver/**").permitAll()
.antMatchers("/dinasBiz/organization/queryOrganizationByUserName").permitAll()
.anyRequest().authenticated();//listAll,modifySelfPassword,loadAuctionByAsset临时开放
http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
InzWebAuthenticationFilter filter = new InzWebAuthenticationFilter();
filter.setAuthenticationSuccessHandler(authenticationSuccessHandler);
filter.setAuthenticationFailureHandler(authenticationFailureHandler);
filter.setAuthenticationManager(authenticationManager());
InzConcurrentSessionFilter inzConcurrentSessionFilter = new InzConcurrentSessionFilter(sessionRegistry) ;
http.addFilterAt(inzConcurrentSessionFilter, ConcurrentSessionFilter.class);
AminoContextPersistenceFilter aminoContextPersistenceFilter = new AminoContextPersistenceFilter(metadataRuntime);
aminoContextPersistenceFilter.setAminoContextService(aminoContextService);
http.addFilterAt(filter,UsernamePasswordAuthenticationFilter.class);
http.addFilterAfter(aminoContextPersistenceFilter, SecurityContextPersistenceFilter.class);
http.addFilterAfter(new INZTenantAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
http.logout().logoutUrl("/logout")
.addLogoutHandler(logoutHandler).invalidateHttpSession(true)
.permitAll();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//TODO 先替换成手机号也能登录的版本
auth.authenticationProvider(userAuthenticationProvider);
}
@Override
protected AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManager();
}
}
}