Commit e80f7ba501dd0973e12095054c4fd2be20f732cc
1 parent
f15ae2f1
refactor(usr): tighten security to authenticated REQ-USR-004
Showing
2 changed files
with
37 additions
and
4 deletions
backend/src/main/java/com/xly/erp/common/security/JwtAuthenticationEntryPoint.java
0 → 100644
| 1 | +package com.xly.erp.common.security; | |
| 2 | + | |
| 3 | +import com.fasterxml.jackson.databind.ObjectMapper; | |
| 4 | +import com.xly.erp.common.response.Result; | |
| 5 | +import jakarta.servlet.http.HttpServletRequest; | |
| 6 | +import jakarta.servlet.http.HttpServletResponse; | |
| 7 | +import org.springframework.security.core.AuthenticationException; | |
| 8 | +import org.springframework.security.web.AuthenticationEntryPoint; | |
| 9 | +import org.springframework.stereotype.Component; | |
| 10 | + | |
| 11 | +import java.io.IOException; | |
| 12 | +import java.nio.charset.StandardCharsets; | |
| 13 | + | |
| 14 | +@Component | |
| 15 | +public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint { | |
| 16 | + | |
| 17 | + private final ObjectMapper objectMapper; | |
| 18 | + | |
| 19 | + public JwtAuthenticationEntryPoint(ObjectMapper objectMapper) { | |
| 20 | + this.objectMapper = objectMapper; | |
| 21 | + } | |
| 22 | + | |
| 23 | + @Override | |
| 24 | + public void commence(HttpServletRequest request, HttpServletResponse response, | |
| 25 | + AuthenticationException authException) throws IOException { | |
| 26 | + response.setStatus(HttpServletResponse.SC_OK); | |
| 27 | + response.setContentType("application/json;charset=UTF-8"); | |
| 28 | + response.setCharacterEncoding(StandardCharsets.UTF_8.name()); | |
| 29 | + response.getWriter().write(objectMapper.writeValueAsString(Result.fail(20001, "未认证"))); | |
| 30 | + } | |
| 31 | +} | ... | ... |
backend/src/main/java/com/xly/erp/common/security/SecurityConfig.java
| ... | ... | @@ -3,6 +3,7 @@ package com.xly.erp.common.security; |
| 3 | 3 | import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication; |
| 4 | 4 | import org.springframework.context.annotation.Bean; |
| 5 | 5 | import org.springframework.context.annotation.Configuration; |
| 6 | +import org.springframework.http.HttpMethod; | |
| 6 | 7 | import org.springframework.security.config.annotation.web.builders.HttpSecurity; |
| 7 | 8 | import org.springframework.security.config.http.SessionCreationPolicy; |
| 8 | 9 | import org.springframework.security.web.SecurityFilterChain; |
| ... | ... | @@ -13,9 +14,11 @@ import org.springframework.security.web.authentication.UsernamePasswordAuthentic |
| 13 | 14 | public class SecurityConfig { |
| 14 | 15 | |
| 15 | 16 | private final JwtAuthenticationFilter jwtFilter; |
| 17 | + private final JwtAuthenticationEntryPoint authEntryPoint; | |
| 16 | 18 | |
| 17 | - public SecurityConfig(JwtAuthenticationFilter jwtFilter) { | |
| 19 | + public SecurityConfig(JwtAuthenticationFilter jwtFilter, JwtAuthenticationEntryPoint authEntryPoint) { | |
| 18 | 20 | this.jwtFilter = jwtFilter; |
| 21 | + this.authEntryPoint = authEntryPoint; | |
| 19 | 22 | } |
| 20 | 23 | |
| 21 | 24 | @Bean |
| ... | ... | @@ -23,11 +26,10 @@ public class SecurityConfig { |
| 23 | 26 | http.csrf(csrf -> csrf.disable()) |
| 24 | 27 | .sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) |
| 25 | 28 | .authorizeHttpRequests(auth -> auth |
| 26 | - // REQ-MOD-001 stub: see USR-004 follow-up — 角色硬校验在 USR-004 完成后回填为 hasAuthority('SUPER_ADMIN') | |
| 27 | - .requestMatchers("/api/mod/**").permitAll() | |
| 28 | - .requestMatchers("/api/usr/**").permitAll() | |
| 29 | + .requestMatchers(HttpMethod.POST, "/api/usr/auth/login").permitAll() | |
| 29 | 30 | .anyRequest().authenticated() |
| 30 | 31 | ) |
| 32 | + .exceptionHandling(eh -> eh.authenticationEntryPoint(authEntryPoint)) | |
| 31 | 33 | .addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class); |
| 32 | 34 | return http.build(); |
| 33 | 35 | } | ... | ... |