diff --git a/example/example-app/example-app-cmd-domain/pom.xml b/example/example-app/example-app-cmd-domain/pom.xml
index 694235b6..5e6252ae 100644
--- a/example/example-app/example-app-cmd-domain/pom.xml
+++ b/example/example-app/example-app-cmd-domain/pom.xml
@@ -6,7 +6,7 @@
com.codingapi.springboot
example-app
- 3.4.3
+ 3.4.4
../pom.xml
diff --git a/example/example-app/example-app-cmd-meta/pom.xml b/example/example-app/example-app-cmd-meta/pom.xml
index f72a35c1..0da17be4 100644
--- a/example/example-app/example-app-cmd-meta/pom.xml
+++ b/example/example-app/example-app-cmd-meta/pom.xml
@@ -6,7 +6,7 @@
com.codingapi.springboot
example-app
- 3.4.3
+ 3.4.4
../pom.xml
diff --git a/example/example-app/example-app-query/pom.xml b/example/example-app/example-app-query/pom.xml
index 244a0a3a..a9e68348 100644
--- a/example/example-app/example-app-query/pom.xml
+++ b/example/example-app/example-app-query/pom.xml
@@ -6,7 +6,7 @@
com.codingapi.springboot
example-app
- 3.4.3
+ 3.4.4
../pom.xml
diff --git a/example/example-app/pom.xml b/example/example-app/pom.xml
index 498e1c33..dedf666e 100644
--- a/example/example-app/pom.xml
+++ b/example/example-app/pom.xml
@@ -6,7 +6,7 @@
com.codingapi.springboot
springboot-example
- 3.4.3
+ 3.4.4
../pom.xml
pom
diff --git a/example/example-domain/example-domain-leave/pom.xml b/example/example-domain/example-domain-leave/pom.xml
index 1b191e07..38ec775a 100644
--- a/example/example-domain/example-domain-leave/pom.xml
+++ b/example/example-domain/example-domain-leave/pom.xml
@@ -6,7 +6,7 @@
com.codingapi.springboot
example-domain
- 3.4.3
+ 3.4.4
../pom.xml
diff --git a/example/example-domain/example-domain-user/pom.xml b/example/example-domain/example-domain-user/pom.xml
index 641abf9d..10e4e34e 100644
--- a/example/example-domain/example-domain-user/pom.xml
+++ b/example/example-domain/example-domain-user/pom.xml
@@ -6,7 +6,7 @@
com.codingapi.springboot
example-domain
- 3.4.3
+ 3.4.4
../pom.xml
diff --git a/example/example-domain/pom.xml b/example/example-domain/pom.xml
index e0b9e95d..90f33ec8 100644
--- a/example/example-domain/pom.xml
+++ b/example/example-domain/pom.xml
@@ -5,7 +5,7 @@
com.codingapi.springboot
springboot-example
- 3.4.3
+ 3.4.4
../pom.xml
4.0.0
diff --git a/example/example-infra/example-infra-flow/pom.xml b/example/example-infra/example-infra-flow/pom.xml
index d5c0e706..768ec2e1 100644
--- a/example/example-infra/example-infra-flow/pom.xml
+++ b/example/example-infra/example-infra-flow/pom.xml
@@ -5,7 +5,7 @@
com.codingapi.springboot
example-infra
- 3.4.3
+ 3.4.4
../pom.xml
diff --git a/example/example-infra/example-infra-jpa/pom.xml b/example/example-infra/example-infra-jpa/pom.xml
index c4ee5d01..b4ed72fb 100644
--- a/example/example-infra/example-infra-jpa/pom.xml
+++ b/example/example-infra/example-infra-jpa/pom.xml
@@ -5,7 +5,7 @@
com.codingapi.springboot
example-infra
- 3.4.3
+ 3.4.4
../pom.xml
diff --git a/example/example-infra/example-infra-security/pom.xml b/example/example-infra/example-infra-security/pom.xml
index c00e3853..122e166c 100644
--- a/example/example-infra/example-infra-security/pom.xml
+++ b/example/example-infra/example-infra-security/pom.xml
@@ -6,7 +6,7 @@
com.codingapi.springboot
example-infra
- 3.4.3
+ 3.4.4
../pom.xml
diff --git a/example/example-infra/pom.xml b/example/example-infra/pom.xml
index f5717b3c..cee76323 100644
--- a/example/example-infra/pom.xml
+++ b/example/example-infra/pom.xml
@@ -6,7 +6,7 @@
com.codingapi.springboot
springboot-example
- 3.4.3
+ 3.4.4
../pom.xml
pom
diff --git a/example/example-interface/pom.xml b/example/example-interface/pom.xml
index e16ae049..9a41c37a 100644
--- a/example/example-interface/pom.xml
+++ b/example/example-interface/pom.xml
@@ -6,7 +6,7 @@
com.codingapi.springboot
springboot-example
- 3.4.3
+ 3.4.4
example-interface
diff --git a/example/example-server/pom.xml b/example/example-server/pom.xml
index 461be7b9..c2dcedab 100644
--- a/example/example-server/pom.xml
+++ b/example/example-server/pom.xml
@@ -5,7 +5,7 @@
springboot-example
com.codingapi.springboot
- 3.4.3
+ 3.4.4
4.0.0
diff --git a/example/pom.xml b/example/pom.xml
index 972fa22b..c303c80c 100644
--- a/example/pom.xml
+++ b/example/pom.xml
@@ -19,7 +19,7 @@
springboot-example
- 3.4.3
+ 3.4.4
springboot-example
springboot-example project for Spring Boot
diff --git a/pom.xml b/pom.xml
index 747b3b7b..e05b1385 100644
--- a/pom.xml
+++ b/pom.xml
@@ -12,7 +12,7 @@
com.codingapi.springboot
springboot-parent
- 3.4.3
+ 3.4.4
https://github.com/codingapi/springboot-framewrok
springboot-parent
diff --git a/springboot-starter-data-authorization/pom.xml b/springboot-starter-data-authorization/pom.xml
index 5f8c1745..038ac8b5 100644
--- a/springboot-starter-data-authorization/pom.xml
+++ b/springboot-starter-data-authorization/pom.xml
@@ -6,7 +6,7 @@
com.codingapi.springboot
springboot-parent
- 3.4.3
+ 3.4.4
springboot-starter-data-authorization
diff --git a/springboot-starter-data-fast/pom.xml b/springboot-starter-data-fast/pom.xml
index 42dad582..2f317b13 100644
--- a/springboot-starter-data-fast/pom.xml
+++ b/springboot-starter-data-fast/pom.xml
@@ -5,7 +5,7 @@
springboot-parent
com.codingapi.springboot
- 3.4.3
+ 3.4.4
4.0.0
diff --git a/springboot-starter-flow/pom.xml b/springboot-starter-flow/pom.xml
index b7da735f..567a4388 100644
--- a/springboot-starter-flow/pom.xml
+++ b/springboot-starter-flow/pom.xml
@@ -6,7 +6,7 @@
springboot-parent
com.codingapi.springboot
- 3.4.3
+ 3.4.4
springboot-starter-flow
diff --git a/springboot-starter-security/pom.xml b/springboot-starter-security/pom.xml
index a8b5ad5e..6cc96320 100644
--- a/springboot-starter-security/pom.xml
+++ b/springboot-starter-security/pom.xml
@@ -6,7 +6,7 @@
springboot-parent
com.codingapi.springboot
- 3.4.3
+ 3.4.4
springboot-starter-security
diff --git a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/AutoConfiguration.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/AutoConfiguration.java
index 2f40a953..fdc348df 100644
--- a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/AutoConfiguration.java
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/AutoConfiguration.java
@@ -2,6 +2,8 @@
import com.codingapi.springboot.security.configurer.HttpSecurityConfigurer;
import com.codingapi.springboot.security.controller.VersionController;
+import com.codingapi.springboot.security.customer.DefaultHttpSecurityCustomer;
+import com.codingapi.springboot.security.customer.HttpSecurityCustomer;
import com.codingapi.springboot.security.dto.request.LoginRequest;
import com.codingapi.springboot.security.dto.response.LoginResponse;
import com.codingapi.springboot.security.filter.*;
@@ -21,6 +23,7 @@
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
@@ -89,28 +92,24 @@ public AuthenticationTokenFilter authenticationTokenFilter() {
};
}
-
@Bean
@ConditionalOnMissingBean
- public SecurityFilterChain filterChain(HttpSecurity security, TokenGateway tokenGateway, SecurityLoginHandler loginHandler,
- CodingApiSecurityProperties properties, AuthenticationTokenFilter authenticationTokenFilter) throws Exception {
- //disable basic auth
- security.httpBasic(AbstractHttpConfigurer::disable);
-
- //before add addCorsMappings to enable cors.
- security.cors(httpSecurityCorsConfigurer -> {
- if (properties.isDisableCors()) {
- httpSecurityCorsConfigurer.disable();
- }
- });
-
- security.csrf(httpSecurityCsrfConfigurer -> {
- if (properties.isDisableCsrf()) {
- httpSecurityCsrfConfigurer.disable();
- }
- });
+ public HttpSecurityCustomer httpSecurityCustomer(CodingApiSecurityProperties properties){
+ return new DefaultHttpSecurityCustomer(properties);
+ }
+ @Bean
+ @ConditionalOnMissingBean
+ public SecurityFilterChain filterChain(HttpSecurity security,
+ HttpSecurityCustomer httpSecurityCustomer,
+ TokenGateway tokenGateway,
+ SecurityLoginHandler loginHandler,
+ CodingApiSecurityProperties properties,
+ AuthenticationTokenFilter authenticationTokenFilter) throws Exception {
+ httpSecurityCustomer.customize(security);
+
+ //authentication filter
security.with(new HttpSecurityConfigurer(tokenGateway, loginHandler, properties, authenticationTokenFilter), Customizer.withDefaults());
security.exceptionHandling(httpSecurityExceptionHandlingConfigurer ->
httpSecurityExceptionHandlingConfigurer.authenticationEntryPoint(new MyUnAuthenticationEntryPoint())
diff --git a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/customer/DefaultHttpSecurityCustomer.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/customer/DefaultHttpSecurityCustomer.java
new file mode 100644
index 00000000..dfff8208
--- /dev/null
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/customer/DefaultHttpSecurityCustomer.java
@@ -0,0 +1,51 @@
+package com.codingapi.springboot.security.customer;
+
+import com.codingapi.springboot.security.properties.CodingApiSecurityProperties;
+import lombok.AllArgsConstructor;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
+
+@AllArgsConstructor
+public class DefaultHttpSecurityCustomer implements HttpSecurityCustomer {
+
+ private final CodingApiSecurityProperties properties;
+
+ @Override
+ public void customize(HttpSecurity security) throws Exception {
+
+ //disable basic auth
+ if (properties.isDisableBasicAuth()) {
+ security.httpBasic(AbstractHttpConfigurer::disable);
+ }
+
+ //disable frame options
+ if (properties.isDisableFrameOptions()) {
+ security.headers(new Customizer>() {
+ @Override
+ public void customize(HeadersConfigurer httpSecurityHeadersConfigurer) {
+ httpSecurityHeadersConfigurer.frameOptions(new Customizer.FrameOptionsConfig>() {
+ @Override
+ public void customize(HeadersConfigurer.FrameOptionsConfig frameOptionsConfig) {
+ frameOptionsConfig.disable();
+ }
+ });
+ }
+ });
+ }
+
+ //before add addCorsMappings to enable cors.
+ security.cors(httpSecurityCorsConfigurer -> {
+ if (properties.isDisableCors()) {
+ httpSecurityCorsConfigurer.disable();
+ }
+ });
+
+ security.csrf(httpSecurityCsrfConfigurer -> {
+ if (properties.isDisableCsrf()) {
+ httpSecurityCsrfConfigurer.disable();
+ }
+ });
+ }
+}
diff --git a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/customer/HttpSecurityCustomer.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/customer/HttpSecurityCustomer.java
new file mode 100644
index 00000000..ddc35dd6
--- /dev/null
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/customer/HttpSecurityCustomer.java
@@ -0,0 +1,9 @@
+package com.codingapi.springboot.security.customer;
+
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+
+public interface HttpSecurityCustomer {
+
+ void customize(HttpSecurity security) throws Exception;
+
+}
diff --git a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/properties/CodingApiSecurityProperties.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/properties/CodingApiSecurityProperties.java
index 4a33d91b..1798bc09 100644
--- a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/properties/CodingApiSecurityProperties.java
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/properties/CodingApiSecurityProperties.java
@@ -39,6 +39,16 @@ public class CodingApiSecurityProperties {
private String aseIv = "QUNYRkdIQEVEUyNYQ1phcw==";
+ /**
+ * 禁用Basic Auth
+ */
+ private boolean disableBasicAuth = true;
+
+ /**
+ * 禁用FrameOptions
+ */
+ private boolean disableFrameOptions = true;
+
/**
* 启用禁用CSRF
*/
diff --git a/springboot-starter/pom.xml b/springboot-starter/pom.xml
index 32ecdd29..fd60a122 100644
--- a/springboot-starter/pom.xml
+++ b/springboot-starter/pom.xml
@@ -5,7 +5,7 @@
com.codingapi.springboot
springboot-parent
- 3.4.3
+ 3.4.4
springboot-starter
diff --git a/springboot-starter/src/main/resources/banner.txt b/springboot-starter/src/main/resources/banner.txt
index 6b9cef9a..cb247fec 100644
--- a/springboot-starter/src/main/resources/banner.txt
+++ b/springboot-starter/src/main/resources/banner.txt
@@ -1,4 +1,4 @@
------------------------------------------------------
-CodingApi SpringBoot-Starter 3.4.3
+CodingApi SpringBoot-Starter 3.4.4
springboot version (${spring-boot.version})
------------------------------------------------------