andyliu
/
KprProxyCenter


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249
							package com.shkpr.service.proxycenter.configuration;

import com.global.base.tools.EncryptionUtil;
import com.global.base.tools.RandomUtil;
import com.shkpr.service.proxycenter.components.*;
import com.shkpr.service.proxycenter.constants.ProxyPassDefine;
import com.shkpr.service.proxycenter.controllerfilter.CustomAuthenticationProvider;
import com.shkpr.service.proxycenter.controllerfilter.SelfBizFilterMgr;
import com.shkpr.service.proxycenter.globalcache.GlobalData;
import org.mitre.dsmiley.httpproxy.ProxyServlet;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.web.servlet.ServletRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import javax.annotation.PostConstruct;
import java.util.HashMap;
import java.util.Map;

/**
 * 该类主要用来做权限控制的配置、以及注册各种过滤器
 * 执行顺序
 * (1) 注册验证组件 - configure(AuthenticationManagerBuilder auth)方法中注册自定义验证组件
 * (2) 设置验证规则 - configure(HttpSecurity http)方法中设置了各种路由访问规则
 * (3) 初始化过滤组件 - JWTLoginFilter 和 SelfAuthenticationFilter 类会初始化
 */
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)                     //@PreAuthorize对权限的注解需要设置prePostEnabled = true
@ConfigurationProperties(prefix = "atuocfg")
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
    @Value("${global.test.pressure:false}")
    private boolean mBForPressureTest;

    @Value("${global.ops.lan.ip:127.0.0.1}")
    private String mStrOpsServerLanIP;

    private Map<String, String> proxyToAddress = new HashMap<>();
    private Map<String, String> proxyToPassword = new HashMap<>();
    private Map<String, String> proxyToUri = new HashMap<>();

    public Map<String, String> getProxyToAddress() {
        return proxyToAddress;
    }

    public void setProxyToAddress(Map<String, String> proxyToAddress) {
        this.proxyToAddress = proxyToAddress;
    }

    public Map<String, String> getProxyToPassword() {
        return proxyToPassword;
    }

    public void setProxyToPassword(Map<String, String> proxyToPassword) {
        this.proxyToPassword = proxyToPassword;
    }

    public Map<String, String> getProxyToUri() {
        return proxyToUri;
    }

    public void setProxyToUri(Map<String, String> proxyToUri) {
        this.proxyToUri = proxyToUri;
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        //使用自定义身份验证组件
        auth.authenticationProvider(new CustomAuthenticationProvider());
    }

    // 设置 HTTP 验证规则
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        String[] arrOpsServerLanIPs = mStrOpsServerLanIP.split(";");
        String strAccessFilterForOps = "hasIpAddress('127.0.0.1')";
        for (String strTmp:arrOpsServerLanIPs){
            strAccessFilterForOps += " or hasIpAddress('"+ strTmp +"')";
        }

        http.csrf().disable()                                          // 关闭csrf验证
                .authorizeRequests()                                   // 对请求进行认证
                //.antMatchers(ApiURI.URI_BASE_PROXY_XXX).permitAll()
                .antMatchers("/**").permitAll()
                .anyRequest().authenticated()
                .and()
                .addFilterBefore(new SelfBizFilterMgr("/**", authenticationManager()),
                        UsernamePasswordAuthenticationFilter.class);                                                                                          //所有其他请求需要身份认证;
                /*.addFilterBefore(new ServerStatusMonitorFilter(ThirdApiURI.URI_HGAS_MONITOR_XXX, authenticationManager()),
                        UsernamePasswordAuthenticationFilter.class);*/

    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        /*web.ignoring()
                .antMatchers("/error")
                .antMatchers("/static")
                .antMatchers("/static/**");                                                               // 所有/static下的静态资源请求时都忽略访问规则
        */
    }

    @Bean(name = ProxyPassDefine.PROXY_BASE)
    @Primary
    public ServletRegistrationBean<BaseASProxyServlet> servletServletRegistrationForBase() {
        ServletRegistrationBean<BaseASProxyServlet> servletRegistrationBean = new ServletRegistrationBean<>();
        servletRegistrationBean.setServlet(new BaseASProxyServlet(proxyToUri.get(ProxyPassDefine.PROXY_BASE)
                , ProxyPassDefine.PROXY_BASE
                , proxyToAddress.get(ProxyPassDefine.PROXY_BASE)
                , EncryptionUtil.MD5Hash(proxyToPassword.getOrDefault(ProxyPassDefine.PROXY_BASE, RandomUtil.getRandomStr(8)))));
        servletRegistrationBean.addUrlMappings(String.format("%s/%s", proxyToUri.get(ProxyPassDefine.PROXY_BASE), "*"));
        servletRegistrationBean.addInitParameter(ProxyServlet.P_LOG, "false");
        servletRegistrationBean.addInitParameter( "targetUri", "https://127.0.0.1:9000");
        return servletRegistrationBean;
    }

    @Bean(name = ProxyPassDefine.PROXY_TASK)
    public ServletRegistrationBean<TaskASProxyServlet> servletServletRegistrationForTask() {
        ServletRegistrationBean<TaskASProxyServlet> servletRegistrationBean = new ServletRegistrationBean<>();
        servletRegistrationBean.setServlet(new TaskASProxyServlet(proxyToUri.get(ProxyPassDefine.PROXY_TASK)
                , ProxyPassDefine.PROXY_TASK
                , proxyToAddress.get(ProxyPassDefine.PROXY_TASK)
                , EncryptionUtil.MD5Hash(proxyToAddress.getOrDefault(ProxyPassDefine.PROXY_TASK, RandomUtil.getRandomStr(8)))));
        servletRegistrationBean.addUrlMappings(String.format("%s/%s", proxyToUri.get(ProxyPassDefine.PROXY_TASK), "*"));
        servletRegistrationBean.addInitParameter(ProxyServlet.P_LOG, "false");
        servletRegistrationBean.addInitParameter( "targetUri", "https://127.0.0.1:9000");
        return servletRegistrationBean;
    }

    @Bean(name = ProxyPassDefine.PROXY_AI_MODEL)
    public ServletRegistrationBean<AIModelASProxyServlet> servletServletRegistrationForAIModel() {
        ServletRegistrationBean<AIModelASProxyServlet> servletRegistrationBean = new ServletRegistrationBean<>();
        servletRegistrationBean.setServlet(new AIModelASProxyServlet(proxyToUri.get(ProxyPassDefine.PROXY_AI_MODEL)
                , ProxyPassDefine.PROXY_AI_MODEL
                , proxyToAddress.get(ProxyPassDefine.PROXY_AI_MODEL)
                , EncryptionUtil.MD5Hash(proxyToAddress.getOrDefault(ProxyPassDefine.PROXY_AI_MODEL, RandomUtil.getRandomStr(8)))));
        servletRegistrationBean.addUrlMappings(String.format("%s/%s", proxyToUri.get(ProxyPassDefine.PROXY_TASK), "*"));
        servletRegistrationBean.addInitParameter(ProxyServlet.P_LOG, "false");
        servletRegistrationBean.addInitParameter( "targetUri", "https://127.0.0.1:9000");
        return servletRegistrationBean;
    }

    @Bean(name = ProxyPassDefine.PROXY_GW)
    public ServletRegistrationBean<DataGWASProxyServlet> servletServletRegistrationForDataGW() {
        ServletRegistrationBean<DataGWASProxyServlet> servletRegistrationBean = new ServletRegistrationBean<>();
        servletRegistrationBean.setServlet(new DataGWASProxyServlet(proxyToUri.get(ProxyPassDefine.PROXY_GW)
                , ProxyPassDefine.PROXY_GW
                , proxyToAddress.get(ProxyPassDefine.PROXY_GW)
                , EncryptionUtil.MD5Hash(proxyToAddress.getOrDefault(ProxyPassDefine.PROXY_GW, RandomUtil.getRandomStr(8)))));
        servletRegistrationBean.addUrlMappings(String.format("%s/%s", proxyToUri.get(ProxyPassDefine.PROXY_GW), "*"));
        servletRegistrationBean.addInitParameter(ProxyServlet.P_LOG, "false");
        servletRegistrationBean.addInitParameter( "targetUri", "https://127.0.0.1:9000");
        return servletRegistrationBean;
    }

    @Bean(name = ProxyPassDefine.PROXY_GIS)
    public ServletRegistrationBean<GisAEASProxyServlet> servletServletRegistrationForGisAe() {
        ServletRegistrationBean<GisAEASProxyServlet> servletRegistrationBean = new ServletRegistrationBean<>();
        servletRegistrationBean.setServlet(new GisAEASProxyServlet(proxyToUri.get(ProxyPassDefine.PROXY_GIS)
                , ProxyPassDefine.PROXY_GIS
                , proxyToAddress.get(ProxyPassDefine.PROXY_GIS)
                , EncryptionUtil.MD5Hash(proxyToAddress.getOrDefault(ProxyPassDefine.PROXY_GIS, RandomUtil.getRandomStr(8)))));
        servletRegistrationBean.addUrlMappings(String.format("%s/%s", proxyToUri.get(ProxyPassDefine.PROXY_GIS), "*"));
        servletRegistrationBean.addInitParameter(ProxyServlet.P_LOG, "false");
        servletRegistrationBean.addInitParameter( "targetUri", "https://127.0.0.1:9000");
        return servletRegistrationBean;
    }

    @Bean(name = ProxyPassDefine.PROXY_STATS)
    public ServletRegistrationBean<IotStatsASProxyServlet> servletServletRegistrationForIotStats() {
        ServletRegistrationBean<IotStatsASProxyServlet> servletRegistrationBean = new ServletRegistrationBean<>();
        servletRegistrationBean.setServlet(new IotStatsASProxyServlet(proxyToUri.get(ProxyPassDefine.PROXY_STATS)
                , ProxyPassDefine.PROXY_STATS
                , proxyToAddress.get(ProxyPassDefine.PROXY_STATS)
                , EncryptionUtil.MD5Hash(proxyToAddress.getOrDefault(ProxyPassDefine.PROXY_STATS, RandomUtil.getRandomStr(8)))));
        servletRegistrationBean.addUrlMappings(String.format("%s/%s", proxyToUri.get(ProxyPassDefine.PROXY_STATS), "*"));
        servletRegistrationBean.addInitParameter(ProxyServlet.P_LOG, "false");
        servletRegistrationBean.addInitParameter( "targetUri", "https://127.0.0.1:9000");
        return servletRegistrationBean;
    }

    @Bean(name = ProxyPassDefine.PROXY_OLD_STATS)
    public ServletRegistrationBean<IotStatsOldProxyServlet> servletServletRegistrationForOldIotStats() {
        ServletRegistrationBean<IotStatsOldProxyServlet> servletRegistrationBean = new ServletRegistrationBean<>();
        servletRegistrationBean.setServlet(new IotStatsOldProxyServlet(proxyToUri.get(ProxyPassDefine.PROXY_OLD_STATS)
                , ProxyPassDefine.PROXY_OLD_STATS
                , proxyToAddress.get(ProxyPassDefine.PROXY_OLD_STATS)
                , EncryptionUtil.MD5Hash(proxyToAddress.getOrDefault(ProxyPassDefine.PROXY_OLD_STATS, RandomUtil.getRandomStr(8)))));
        servletRegistrationBean.addUrlMappings(String.format("%s/%s", proxyToUri.get(ProxyPassDefine.PROXY_OLD_STATS), "*"));
        servletRegistrationBean.addInitParameter(ProxyServlet.P_LOG, "false");
        servletRegistrationBean.addInitParameter( "targetUri", "https://127.0.0.1:9000");
        return servletRegistrationBean;
    }

    @Bean(name = ProxyPassDefine.PROXY_PUSH)
    public ServletRegistrationBean<PushASProxyServlet> servletServletRegistrationForPush() {
        ServletRegistrationBean<PushASProxyServlet> servletRegistrationBean = new ServletRegistrationBean<>();
        servletRegistrationBean.setServlet(new PushASProxyServlet(proxyToUri.get(ProxyPassDefine.PROXY_PUSH)
                , ProxyPassDefine.PROXY_PUSH
                , proxyToAddress.get(ProxyPassDefine.PROXY_PUSH)
                , EncryptionUtil.MD5Hash(proxyToAddress.getOrDefault(ProxyPassDefine.PROXY_PUSH, RandomUtil.getRandomStr(8)))));
        servletRegistrationBean.addUrlMappings(String.format("%s/%s", proxyToUri.get(ProxyPassDefine.PROXY_PUSH), "*"));
        servletRegistrationBean.addInitParameter(ProxyServlet.P_LOG, "false");
        servletRegistrationBean.addInitParameter( "targetUri", "https://127.0.0.1:9000");
        return servletRegistrationBean;
    }

    @Bean(name = ProxyPassDefine.PROXY_ANALY)
    public ServletRegistrationBean<AnalyASProxyServlet> servletServletRegistrationForAnaly() {
        ServletRegistrationBean<AnalyASProxyServlet> servletRegistrationBean = new ServletRegistrationBean<>();
        servletRegistrationBean.setServlet(new AnalyASProxyServlet(proxyToUri.get(ProxyPassDefine.PROXY_ANALY)
                , ProxyPassDefine.PROXY_ANALY
                , proxyToAddress.get(ProxyPassDefine.PROXY_ANALY)
                , EncryptionUtil.MD5Hash(proxyToAddress.getOrDefault(ProxyPassDefine.PROXY_ANALY, RandomUtil.getRandomStr(8)))));
        servletRegistrationBean.addUrlMappings(String.format("%s/%s", proxyToUri.get(ProxyPassDefine.PROXY_ANALY), "*"));
        servletRegistrationBean.addInitParameter(ProxyServlet.P_LOG, "false");
        servletRegistrationBean.addInitParameter( "targetUri", "https://127.0.0.1:9000");
        return servletRegistrationBean;
    }

    @Bean(name = ProxyPassDefine.PROXY_GEOSERVER)
    public ServletRegistrationBean<GeoServerProxyServlet> servletServletRegistrationForGeoServer() {
        ServletRegistrationBean<GeoServerProxyServlet> servletRegistrationBean = new ServletRegistrationBean<>();
        servletRegistrationBean.setServlet(new GeoServerProxyServlet(proxyToUri.get(ProxyPassDefine.PROXY_GEOSERVER)
                , ProxyPassDefine.PROXY_GEOSERVER
                , proxyToAddress.get(ProxyPassDefine.PROXY_GEOSERVER)
                , proxyToAddress.getOrDefault(ProxyPassDefine.PROXY_ANALY, RandomUtil.getRandomStr(8))));
        servletRegistrationBean.addUrlMappings(String.format("%s/%s", proxyToUri.get(ProxyPassDefine.PROXY_GEOSERVER), "*"));
        servletRegistrationBean.addInitParameter(ProxyServlet.P_LOG, "false");
        servletRegistrationBean.addInitParameter( "targetUri", "https://127.0.0.1:9000");
        return servletRegistrationBean;
    }

    @PostConstruct
    public void init(){
        GlobalData.getInstance().initProxyToAddress(proxyToAddress);
        GlobalData.getInstance().initProxyToPassword(proxyToPassword);
        GlobalData.getInstance().initProxyToUri(proxyToUri);
    }
}