2020-03-07 14:40:15 +08:00
|
|
|
|
package com.pj.satoken;
|
|
|
|
|
|
|
2021-04-23 19:46:37 +08:00
|
|
|
|
import org.springframework.context.annotation.Bean;
|
2020-03-07 14:40:15 +08:00
|
|
|
|
import org.springframework.context.annotation.Configuration;
|
|
|
|
|
|
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
|
2020-06-15 22:03:41 +08:00
|
|
|
|
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
|
2020-03-07 14:40:15 +08:00
|
|
|
|
|
2021-04-23 19:46:37 +08:00
|
|
|
|
import com.pj.util.AjaxJson;
|
|
|
|
|
|
|
|
|
|
|
|
import cn.dev33.satoken.context.SaHolder;
|
|
|
|
|
|
import cn.dev33.satoken.filter.SaServletFilter;
|
2021-01-11 20:08:17 +08:00
|
|
|
|
import cn.dev33.satoken.interceptor.SaAnnotationInterceptor;
|
2021-04-23 19:46:37 +08:00
|
|
|
|
import cn.dev33.satoken.router.SaRouterUtil;
|
2020-03-07 14:40:15 +08:00
|
|
|
|
|
2021-04-11 22:05:36 +08:00
|
|
|
|
|
2020-03-07 14:40:15 +08:00
|
|
|
|
/**
|
2021-04-11 22:05:36 +08:00
|
|
|
|
* [Sa-Token 权限认证] 配置类
|
2021-03-14 00:04:11 +08:00
|
|
|
|
* @author kong
|
|
|
|
|
|
*
|
2020-03-07 14:40:15 +08:00
|
|
|
|
*/
|
|
|
|
|
|
@Configuration
|
2021-04-12 03:22:01 +08:00
|
|
|
|
public class SaTokenConfigure implements WebMvcConfigurer {
|
2020-03-07 14:40:15 +08:00
|
|
|
|
|
2021-04-12 03:22:01 +08:00
|
|
|
|
/**
|
|
|
|
|
|
* 注册sa-token的拦截器,打开注解式鉴权功能
|
|
|
|
|
|
*/
|
2020-03-07 14:40:15 +08:00
|
|
|
|
@Override
|
|
|
|
|
|
public void addInterceptors(InterceptorRegistry registry) {
|
2021-01-11 20:08:17 +08:00
|
|
|
|
// 注册注解拦截器
|
2021-04-15 00:45:03 +08:00
|
|
|
|
registry.addInterceptor(new SaAnnotationInterceptor()).addPathPatterns("/**").excludePathPatterns("");
|
2020-03-07 14:40:15 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-04-23 19:46:37 +08:00
|
|
|
|
/**
|
|
|
|
|
|
* 注册 [sa-token全局过滤器]
|
|
|
|
|
|
*/
|
|
|
|
|
|
@Bean
|
|
|
|
|
|
public SaServletFilter getSaReactorFilter() {
|
|
|
|
|
|
return new SaServletFilter()
|
|
|
|
|
|
|
|
|
|
|
|
// 指定 [拦截路由] 与 [放行路由]
|
|
|
|
|
|
.addInclude("/**").addExclude("/favicon.ico")
|
|
|
|
|
|
|
|
|
|
|
|
// 认证函数: 每次请求执行
|
|
|
|
|
|
.setAuth(r -> {
|
|
|
|
|
|
System.out.println("---------- sa全局认证");
|
|
|
|
|
|
|
|
|
|
|
|
SaRouterUtil.match("/test/test", () -> new Object());
|
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
// 异常处理函数:每次认证函数发生异常时执行此函数
|
|
|
|
|
|
.setError(e -> {
|
|
|
|
|
|
System.out.println("---------- sa全局异常 ");
|
|
|
|
|
|
return AjaxJson.getError(e.getMessage());
|
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
// 前置函数:在每次认证函数之前执行
|
|
|
|
|
|
.setBeforeAuth(r -> {
|
|
|
|
|
|
// ---------- 设置一些安全响应头 ----------
|
|
|
|
|
|
SaHolder.getResponse()
|
|
|
|
|
|
// 服务器名称
|
|
|
|
|
|
.setServer("sa-server")
|
|
|
|
|
|
// 是否可以在iframe显示视图: DENY=不可以 | SAMEORIGIN=同域下可以 | ALLOW-FROM uri=指定域名下可以
|
|
|
|
|
|
.setHeader("X-Frame-Options", "SAMEORIGIN")
|
|
|
|
|
|
// 是否启用浏览器默认XSS防护: 0=禁用 | 1=启用 | 1; mode=block 启用, 并在检查到XSS攻击时,停止渲染页面
|
|
|
|
|
|
.setHeader("X-Frame-Options", "1; mode=block")
|
|
|
|
|
|
// 禁用浏览器内容嗅探
|
|
|
|
|
|
.setHeader("X-Content-Type-Options", "nosniff")
|
|
|
|
|
|
;
|
|
|
|
|
|
})
|
|
|
|
|
|
;
|
|
|
|
|
|
}
|
2021-04-15 00:45:03 +08:00
|
|
|
|
|
2020-03-07 14:40:15 +08:00
|
|
|
|
}
|
