2022/3/21 开放了所有权限方便开发

master
GPU is all you need 4 years ago
parent d5201930f8
commit 1a01740ed0
  1. 102
      awardBE/src/main/java/edu/ncst/award/config/SecurityConfig.java

@ -139,60 +139,60 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
// HttpSecurity 及WebSecurity 作用是不一样的:
// WebSecurity 主要针对的全局的忽略规则,
// HttpSecurity主要是权限控制规则。
@Override
protected void configure(HttpSecurity http) throws Exception {
//允许跨域
http.cors().and().anonymous().and()
// CRSF禁用,因为不使用session
.csrf().disable()
.formLogin().disable().httpBasic().disable()
.authorizeRequests()
.accessDecisionManager(accessDecisionManager())//访问决策管理器
.antMatchers("/api/login").permitAll()
.antMatchers("/system/init").permitAll()
// 除上面外的所有请求全部需要鉴权认证
.anyRequest().authenticated()
.and().exceptionHandling().accessDeniedHandler(accessDeniedHandler).and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.addFilterAfter(new AuthCheckFilter(redisCacheTemplate), UsernamePasswordAuthenticationFilter.class)
.addFilterAt(
new LoginFilter(authenticationManager(), loginLogService, redisCacheTemplate), UsernamePasswordAuthenticationFilter.class
)
.exceptionHandling()//登录认证失败
.authenticationEntryPoint(((request, response, authException) -> {
response.setCharacterEncoding("utf-8");
response.setContentType("application/json;charset=utf-8");
PrintWriter out = response.getWriter();
out.write(new ObjectMapper().writeValueAsString(ResultUtils.error(CodeMsg.USER_NEED_LOGIN)));
out.flush();
out.close();
}));
// 退出登录
http.logout()
.logoutUrl("/logout")
.deleteCookies("JSESSIONID")
.logoutSuccessHandler(((request, response, authentication) -> {
PrintWriter out = response.getWriter();
response.setContentType("application/json");
out.write(new ObjectMapper().writeValueAsString(ResultUtils.success("注销成功")));
out.flush();
out.close();
}));
}
// @Override
// protected void configure(HttpSecurity httpSecurity) throws Exception{
// //调试阶段
// httpSecurity.csrf().disable().authorizeRequests();
// httpSecurity.authorizeRequests().anyRequest()
// .permitAll().and().logout().permitAll();
// protected void configure(HttpSecurity http) throws Exception {
//
// //允许跨域
// http.cors().and().anonymous().and()
// // CRSF禁用,因为不使用session
// .csrf().disable()
// .formLogin().disable().httpBasic().disable()
// .authorizeRequests()
// .accessDecisionManager(accessDecisionManager())//访问决策管理器
// .antMatchers("/api/login").permitAll()
// .antMatchers("/system/init").permitAll()
// // 除上面外的所有请求全部需要鉴权认证
// .anyRequest().authenticated()
// .and().exceptionHandling().accessDeniedHandler(accessDeniedHandler).and()
// .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
//
// http.addFilterAfter(new AuthCheckFilter(redisCacheTemplate), UsernamePasswordAuthenticationFilter.class)
// .addFilterAt(
// new LoginFilter(authenticationManager(), loginLogService, redisCacheTemplate), UsernamePasswordAuthenticationFilter.class
// )
// .exceptionHandling()//登录认证失败
// .authenticationEntryPoint(((request, response, authException) -> {
// response.setCharacterEncoding("utf-8");
// response.setContentType("application/json;charset=utf-8");
//
// PrintWriter out = response.getWriter();
// out.write(new ObjectMapper().writeValueAsString(ResultUtils.error(CodeMsg.USER_NEED_LOGIN)));
// out.flush();
// out.close();
// }));
//
// // 退出登录
// http.logout()
// .logoutUrl("/logout")
// .deleteCookies("JSESSIONID")
// .logoutSuccessHandler(((request, response, authentication) -> {
// PrintWriter out = response.getWriter();
// response.setContentType("application/json");
// out.write(new ObjectMapper().writeValueAsString(ResultUtils.success("注销成功")));
// out.flush();
// out.close();
// }));
// }
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception{
//调试阶段
httpSecurity.csrf().disable().authorizeRequests();
httpSecurity.authorizeRequests().anyRequest()
.permitAll().and().logout().permitAll();
}
//用于配置全局的某些通用事物,例如静态资源等
@Override
public void configure(WebSecurity web) throws Exception {

Loading…
Cancel
Save