add HttpSecurityCustomer

Author: xlorne

example/example-app/example-app-cmd-domain/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>com.codingapi.springboot</groupId>
         <artifactId>example-app</artifactId>
-        <version>3.4.3</version>
+        <version>3.4.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

example/example-app/example-app-cmd-meta/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>com.codingapi.springboot</groupId>
         <artifactId>example-app</artifactId>
-        <version>3.4.3</version>
+        <version>3.4.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

example/example-app/example-app-query/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>com.codingapi.springboot</groupId>
         <artifactId>example-app</artifactId>
-        <version>3.4.3</version>
+        <version>3.4.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

example/example-app/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>com.codingapi.springboot</groupId>
         <artifactId>springboot-example</artifactId>
-        <version>3.4.3</version>
+        <version>3.4.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <packaging>pom</packaging>

example/example-domain/example-domain-leave/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>com.codingapi.springboot</groupId>
         <artifactId>example-domain</artifactId>
-        <version>3.4.3</version>
+        <version>3.4.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

example/example-domain/example-domain-user/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>com.codingapi.springboot</groupId>
         <artifactId>example-domain</artifactId>
-        <version>3.4.3</version>
+        <version>3.4.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

example/example-domain/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>com.codingapi.springboot</groupId>
         <artifactId>springboot-example</artifactId>
-       <version>3.4.3</version>
+       <version>3.4.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>

example/example-infra/example-infra-flow/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>com.codingapi.springboot</groupId>
         <artifactId>example-infra</artifactId>
-       <version>3.4.3</version>
+       <version>3.4.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

example/example-infra/example-infra-jpa/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>com.codingapi.springboot</groupId>
         <artifactId>example-infra</artifactId>
-        <version>3.4.3</version>
+        <version>3.4.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

example/example-infra/example-infra-security/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>com.codingapi.springboot</groupId>
         <artifactId>example-infra</artifactId>
-        <version>3.4.3</version>
+        <version>3.4.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

example/example-infra/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>com.codingapi.springboot</groupId>
         <artifactId>springboot-example</artifactId>
-        <version>3.4.3</version>
+        <version>3.4.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <packaging>pom</packaging>

example/example-interface/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>com.codingapi.springboot</groupId>
         <artifactId>springboot-example</artifactId>
-        <version>3.4.3</version>
+        <version>3.4.4</version>
     </parent>
 
     <artifactId>example-interface</artifactId>

example/example-server/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <artifactId>springboot-example</artifactId>
         <groupId>com.codingapi.springboot</groupId>
-       <version>3.4.3</version>
+       <version>3.4.4</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

example/pom.xml

@@ -19,7 +19,7 @@
     </parent>
 
     <artifactId>springboot-example</artifactId>
-    <version>3.4.3</version>
+    <version>3.4.4</version>
 
     <name>springboot-example</name>
     <description>springboot-example project for Spring Boot</description>

pom.xml

@@ -12,7 +12,7 @@
 
     <groupId>com.codingapi.springboot</groupId>
     <artifactId>springboot-parent</artifactId>
-    <version>3.4.3</version>
+    <version>3.4.4</version>
 
     <url>https://github.com/codingapi/springboot-framewrok</url>
     <name>springboot-parent</name>

springboot-starter-data-authorization/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>com.codingapi.springboot</groupId>
         <artifactId>springboot-parent</artifactId>
-       <version>3.4.3</version>
+       <version>3.4.4</version>
     </parent>
 
     <artifactId>springboot-starter-data-authorization</artifactId>

springboot-starter-data-fast/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <artifactId>springboot-parent</artifactId>
         <groupId>com.codingapi.springboot</groupId>
-       <version>3.4.3</version>
+       <version>3.4.4</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

springboot-starter-flow/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <artifactId>springboot-parent</artifactId>
         <groupId>com.codingapi.springboot</groupId>
-       <version>3.4.3</version>
+       <version>3.4.4</version>
     </parent>
 
     <name>springboot-starter-flow</name>

springboot-starter-security/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <artifactId>springboot-parent</artifactId>
         <groupId>com.codingapi.springboot</groupId>
-       <version>3.4.3</version>
+       <version>3.4.4</version>
     </parent>
 
     <artifactId>springboot-starter-security</artifactId>

springboot-starter-security/src/main/java/com/codingapi/springboot/security/AutoConfiguration.java

@@ -2,6 +2,8 @@
 
 import com.codingapi.springboot.security.configurer.HttpSecurityConfigurer;
 import com.codingapi.springboot.security.controller.VersionController;
+import com.codingapi.springboot.security.customer.DefaultHttpSecurityCustomer;
+import com.codingapi.springboot.security.customer.HttpSecurityCustomer;
 import com.codingapi.springboot.security.dto.request.LoginRequest;
 import com.codingapi.springboot.security.dto.response.LoginResponse;
 import com.codingapi.springboot.security.filter.*;
@@ -21,6 +23,7 @@
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
@@ -89,28 +92,24 @@ public AuthenticationTokenFilter authenticationTokenFilter() {
         };
     }
 
-
     @Bean
     @ConditionalOnMissingBean
-    public SecurityFilterChain filterChain(HttpSecurity security, TokenGateway tokenGateway, SecurityLoginHandler loginHandler,
-                                           CodingApiSecurityProperties properties, AuthenticationTokenFilter authenticationTokenFilter) throws Exception {
-        //disable basic auth
-        security.httpBasic(AbstractHttpConfigurer::disable);
-
-        //before add addCorsMappings to enable cors.
-        security.cors(httpSecurityCorsConfigurer -> {
-            if (properties.isDisableCors()) {
-                httpSecurityCorsConfigurer.disable();
-            }
-        });
-
-        security.csrf(httpSecurityCsrfConfigurer -> {
-            if (properties.isDisableCsrf()) {
-                httpSecurityCsrfConfigurer.disable();
-            }
-        });
+    public HttpSecurityCustomer httpSecurityCustomer(CodingApiSecurityProperties properties){
+        return new DefaultHttpSecurityCustomer(properties);
+    }
 
 
+    @Bean
+    @ConditionalOnMissingBean
+    public SecurityFilterChain filterChain(HttpSecurity security,
+                                           HttpSecurityCustomer httpSecurityCustomer,
+                                           TokenGateway tokenGateway,
+                                           SecurityLoginHandler loginHandler,
+                                           CodingApiSecurityProperties properties,
+                                           AuthenticationTokenFilter authenticationTokenFilter) throws Exception {
+        httpSecurityCustomer.customize(security);
+
+        //authentication filter
         security.with(new HttpSecurityConfigurer(tokenGateway, loginHandler, properties, authenticationTokenFilter), Customizer.withDefaults());
         security.exceptionHandling(httpSecurityExceptionHandlingConfigurer ->
                         httpSecurityExceptionHandlingConfigurer.authenticationEntryPoint(new MyUnAuthenticationEntryPoint())

springboot-starter-security/src/main/java/com/codingapi/springboot/security/customer/DefaultHttpSecurityCustomer.java

@@ -0,0 +1,51 @@
+package com.codingapi.springboot.security.customer;
+
+import com.codingapi.springboot.security.properties.CodingApiSecurityProperties;
+import lombok.AllArgsConstructor;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
+
+@AllArgsConstructor
+public class DefaultHttpSecurityCustomer implements HttpSecurityCustomer {
+
+    private final CodingApiSecurityProperties properties;
+
+    @Override
+    public void customize(HttpSecurity security) throws Exception {
+
+        //disable basic auth
+        if (properties.isDisableBasicAuth()) {
+            security.httpBasic(AbstractHttpConfigurer::disable);
+        }
+
+        //disable frame options
+        if (properties.isDisableFrameOptions()) {
+            security.headers(new Customizer<HeadersConfigurer<HttpSecurity>>() {
+                @Override
+                public void customize(HeadersConfigurer<HttpSecurity> httpSecurityHeadersConfigurer) {
+                    httpSecurityHeadersConfigurer.frameOptions(new Customizer<HeadersConfigurer<org.springframework.security.config.annotation.web.builders.HttpSecurity>.FrameOptionsConfig>() {
+                        @Override
+                        public void customize(HeadersConfigurer<HttpSecurity>.FrameOptionsConfig frameOptionsConfig) {
+                            frameOptionsConfig.disable();
+                        }
+                    });
+                }
+            });
+        }
+
+        //before add addCorsMappings to enable cors.
+        security.cors(httpSecurityCorsConfigurer -> {
+            if (properties.isDisableCors()) {
+                httpSecurityCorsConfigurer.disable();
+            }
+        });
+
+        security.csrf(httpSecurityCsrfConfigurer -> {
+            if (properties.isDisableCsrf()) {
+                httpSecurityCsrfConfigurer.disable();
+            }
+        });
+    }
+}

springboot-starter-security/src/main/java/com/codingapi/springboot/security/customer/HttpSecurityCustomer.java

@@ -0,0 +1,9 @@
+package com.codingapi.springboot.security.customer;
+
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+
+public interface HttpSecurityCustomer {
+
+    void customize(HttpSecurity security) throws Exception;
+
+}

springboot-starter-security/src/main/java/com/codingapi/springboot/security/properties/CodingApiSecurityProperties.java

@@ -39,6 +39,16 @@ public class CodingApiSecurityProperties {
     private String aseIv = "QUNYRkdIQEVEUyNYQ1phcw==";
 
 
+    /**
+     * 禁用Basic Auth
+     */
+    private boolean disableBasicAuth = true;
+
+    /**
+     * 禁用FrameOptions
+     */
+    private boolean disableFrameOptions = true;
+
     /**
      * 启用禁用CSRF
      */

springboot-starter/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>com.codingapi.springboot</groupId>
         <artifactId>springboot-parent</artifactId>
-       <version>3.4.3</version>
+       <version>3.4.4</version>
     </parent>
     <artifactId>springboot-starter</artifactId>
 

springboot-starter/src/main/resources/banner.txt

@@ -1,4 +1,4 @@
 ------------------------------------------------------
-CodingApi SpringBoot-Starter 3.4.3
+CodingApi SpringBoot-Starter 3.4.4
 springboot version (${spring-boot.version})
 ------------------------------------------------------