java
/
mrqc-sys


			
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182
							package com.diagbot.config;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.jwt.crypto.sign.RsaVerifier;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import org.springframework.util.FileCopyUtils;

import java.io.IOException;

/**
 * @Description: 权限资源配置类
 * @author: gaodm
 * @time: 2018/8/2 14:21
 */
@Configuration
@EnableResourceServer
@ComponentScan({"com.diagbot.config"})
public class ResourceServerConfigurer extends ResourceServerConfigurerAdapter {
    Logger log = LoggerFactory.getLogger(ResourceServerConfigurer.class);

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.cors()
                .and()
                .csrf().disable()
                .authorizeRequests()
                .regexMatchers(".*swagger.*", ".*v2.*", ".*webjars.*", "/druid.*", "/actuator.*", "/hystrix.*").permitAll()
                .antMatchers("/sys/user/getJwt").permitAll()
                .antMatchers("/sys/user/refreshJwt").permitAll()
                .antMatchers("/sys/user/checkToken").permitAll()
                .antMatchers("/sys/dictionaryInfo/getDictionary").permitAll()
                .antMatchers("/oauth/token").permitAll()
                .antMatchers("/oauth/check_token").permitAll()
                .antMatchers("/cache/clear").permitAll()
                .antMatchers("/qc/behospitalInfo/execule").permitAll()
                .antMatchers("/qc/behospitalInfo/analyze_rpc").permitAll()
                .antMatchers("/qc/behospitalInfo/analyze_api").permitAll()
                .antMatchers("/qc/module/getById").permitAll()
                .antMatchers("/**").authenticated();
//                .antMatchers("/**").permitAll();
    }


    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        log.info("Configuring ResourceServerSecurityConfigurer");
        resources.resourceId("user-service").tokenStore(new JwtTokenStore(jwtTokenEnhancerClient()));
    }

    @Autowired
    private CustomAccessTokenConverter customAccessTokenConverter;

    @Bean("jwtTokenEnhancerClient")
    protected JwtAccessTokenConverter jwtTokenEnhancerClient() {
        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        Resource resource = new ClassPathResource("public.cert");
        String publicKey;
        try {
            publicKey = new String(FileCopyUtils.copyToByteArray(resource.getInputStream()));
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
        converter.setVerifierKey(publicKey);
        //不设置这个会出现 Cannot convert access token to JSON
        converter.setVerifier(new RsaVerifier(publicKey));
        converter.setAccessTokenConverter(customAccessTokenConverter);
        log.info("Created jwtTokenEnhancerClient success");
        return converter;
    }
}