2.10.4 add HttpSecurityCustomer

Author: xlorne

pom.xml

@@ -15,7 +15,7 @@
 
     <groupId>com.codingapi.springboot</groupId>
     <artifactId>springboot-parent</artifactId>
-    <version>2.10.3</version>
+    <version>2.10.4</version>
 
     <url>https://github.com/codingapi/springboot-framewrok</url>
     <name>springboot-parent</name>

springboot-starter-data-authorization/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <artifactId>springboot-parent</artifactId>
         <groupId>com.codingapi.springboot</groupId>
-        <version>2.10.3</version>
+        <version>2.10.4</version>
     </parent>
 
     <artifactId>springboot-starter-data-authorization</artifactId>

springboot-starter-data-fast/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <artifactId>springboot-parent</artifactId>
         <groupId>com.codingapi.springboot</groupId>
-        <version>2.10.3</version>
+        <version>2.10.4</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

springboot-starter-flow/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <artifactId>springboot-parent</artifactId>
         <groupId>com.codingapi.springboot</groupId>
-        <version>2.10.3</version>
+        <version>2.10.4</version>
     </parent>
 
     <name>springboot-starter-flow</name>

springboot-starter-security/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <artifactId>springboot-parent</artifactId>
         <groupId>com.codingapi.springboot</groupId>
-        <version>2.10.3</version>
+        <version>2.10.4</version>
     </parent>
 
     <artifactId>springboot-starter-security</artifactId>

springboot-starter-security/src/main/java/com/codingapi/springboot/security/AutoConfiguration.java

@@ -2,6 +2,8 @@
 
 import com.codingapi.springboot.security.configurer.HttpSecurityConfigurer;
 import com.codingapi.springboot.security.controller.VersionController;
+import com.codingapi.springboot.security.customer.DefaultHttpSecurityCustomer;
+import com.codingapi.springboot.security.customer.HttpSecurityCustomer;
 import com.codingapi.springboot.security.dto.request.LoginRequest;
 import com.codingapi.springboot.security.dto.response.LoginResponse;
 import com.codingapi.springboot.security.filter.*;
@@ -67,6 +69,11 @@ public AuthenticationTokenFilter authenticationTokenFilter() {
         };
     }
 
+    @Bean
+    @ConditionalOnMissingBean
+    public HttpSecurityCustomer httpSecurityCustomer(CodingApiSecurityProperties properties){
+        return new DefaultHttpSecurityCustomer(properties);
+    }
 
     @Bean
     @ConditionalOnMissingBean
@@ -91,16 +98,15 @@ public LoginResponse postHandle(HttpServletRequest request, HttpServletResponse
 
     @Bean
     @ConditionalOnMissingBean
-    public SecurityFilterChain filterChain(HttpSecurity security, TokenGateway tokenGateway, SecurityLoginHandler loginHandler,
-                                           CodingApiSecurityProperties properties, AuthenticationTokenFilter authenticationTokenFilter) throws Exception {
-        //disable basic auth
-        security.httpBasic().disable();
-
-        //before add addCorsMappings to enable cors.
-        security.cors();
-        if (properties.isDisableCsrf()) {
-            security.csrf().disable();
-        }
+    public SecurityFilterChain filterChain(HttpSecurity security,
+                                           HttpSecurityCustomer httpSecurityCustomer,
+                                           TokenGateway tokenGateway,
+                                           SecurityLoginHandler loginHandler,
+                                           CodingApiSecurityProperties properties,
+                                           AuthenticationTokenFilter authenticationTokenFilter) throws Exception {
+
+        httpSecurityCustomer.customize(security);
+
         security.apply(new HttpSecurityConfigurer(tokenGateway, loginHandler, properties, authenticationTokenFilter));
         security
                 .exceptionHandling()

springboot-starter-security/src/main/java/com/codingapi/springboot/security/customer/DefaultHttpSecurityCustomer.java

@@ -0,0 +1,50 @@
+package com.codingapi.springboot.security.customer;
+
+import com.codingapi.springboot.security.properties.CodingApiSecurityProperties;
+import lombok.AllArgsConstructor;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
+
+@AllArgsConstructor
+public class DefaultHttpSecurityCustomer implements HttpSecurityCustomer {
+
+    private final CodingApiSecurityProperties properties;
+
+    @Override
+    public void customize(HttpSecurity security) throws Exception {
+        //disable basic auth
+        if (properties.isDisableBasicAuth()) {
+            security.httpBasic(AbstractHttpConfigurer::disable);
+        }
+
+        //disable frame options
+        if (properties.isDisableFrameOptions()) {
+            security.headers(new Customizer<HeadersConfigurer<HttpSecurity>>() {
+                @Override
+                public void customize(HeadersConfigurer<HttpSecurity> httpSecurityHeadersConfigurer) {
+                    httpSecurityHeadersConfigurer.frameOptions(new Customizer<HeadersConfigurer<HttpSecurity>.FrameOptionsConfig>() {
+                        @Override
+                        public void customize(HeadersConfigurer<HttpSecurity>.FrameOptionsConfig frameOptionsConfig) {
+                            frameOptionsConfig.disable();
+                        }
+                    });
+                }
+            });
+        }
+
+        //before add addCorsMappings to enable cors.
+        security.cors(httpSecurityCorsConfigurer -> {
+            if (properties.isDisableCors()) {
+                httpSecurityCorsConfigurer.disable();
+            }
+        });
+
+        security.csrf(httpSecurityCsrfConfigurer -> {
+            if (properties.isDisableCsrf()) {
+                httpSecurityCsrfConfigurer.disable();
+            }
+        });
+    }
+}

springboot-starter-security/src/main/java/com/codingapi/springboot/security/customer/HttpSecurityCustomer.java

@@ -0,0 +1,9 @@
+package com.codingapi.springboot.security.customer;
+
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+
+public interface HttpSecurityCustomer {
+
+    void customize(HttpSecurity security) throws Exception;
+
+}

springboot-starter-security/src/main/java/com/codingapi/springboot/security/properties/CodingApiSecurityProperties.java

@@ -38,6 +38,15 @@ public class CodingApiSecurityProperties {
      */
     private String aseIv = "QUNYRkdIQEVEUyNYQ1phcw==";
 
+    /**
+     * 禁用Basic Auth
+     */
+    private boolean disableBasicAuth = true;
+
+    /**
+     * 禁用FrameOptions
+     */
+    private boolean disableFrameOptions = true;
 
     /**
      * 启用禁用CSRF

springboot-starter/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>com.codingapi.springboot</groupId>
         <artifactId>springboot-parent</artifactId>
-        <version>2.10.3</version>
+        <version>2.10.4</version>
     </parent>
     <artifactId>springboot-starter</artifactId>
 

springboot-starter/src/main/resources/META-INF/banner.txt

@@ -1,4 +1,4 @@
 ------------------------------------------------------
-CodingApi SpringBoot-Starter 2.10.3
+CodingApi SpringBoot-Starter 2.10.4
 springboot version (${spring-boot.version})
 ------------------------------------------------------