From 1a01740ed0df9caf6cff53a942e7d7aa59ef11c6 Mon Sep 17 00:00:00 2001 From: GPU is all you need <2778335106@qq.com> Date: Tue, 19 Apr 2022 23:16:32 +0800 Subject: [PATCH] =?UTF-8?q?2022/3/21=20=E5=BC=80=E6=94=BE=E4=BA=86?= =?UTF-8?q?=E6=89=80=E6=9C=89=E6=9D=83=E9=99=90=E6=96=B9=E4=BE=BF=E5=BC=80?= =?UTF-8?q?=E5=8F=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../edu/ncst/award/config/SecurityConfig.java | 102 +++++++++--------- 1 file changed, 51 insertions(+), 51 deletions(-) diff --git a/awardBE/src/main/java/edu/ncst/award/config/SecurityConfig.java b/awardBE/src/main/java/edu/ncst/award/config/SecurityConfig.java index 0168a3f..daae5c5 100644 --- a/awardBE/src/main/java/edu/ncst/award/config/SecurityConfig.java +++ b/awardBE/src/main/java/edu/ncst/award/config/SecurityConfig.java @@ -139,60 +139,60 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { // HttpSecurity 及WebSecurity 作用是不一样的: // WebSecurity 主要针对的全局的忽略规则, // HttpSecurity主要是权限控制规则。 - @Override - protected void configure(HttpSecurity http) throws Exception { - - //允许跨域 - http.cors().and().anonymous().and() - // CRSF禁用,因为不使用session - .csrf().disable() - .formLogin().disable().httpBasic().disable() - .authorizeRequests() - .accessDecisionManager(accessDecisionManager())//访问决策管理器 - .antMatchers("/api/login").permitAll() - .antMatchers("/system/init").permitAll() - // 除上面外的所有请求全部需要鉴权认证 - .anyRequest().authenticated() - .and().exceptionHandling().accessDeniedHandler(accessDeniedHandler).and() - .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); - - http.addFilterAfter(new AuthCheckFilter(redisCacheTemplate), UsernamePasswordAuthenticationFilter.class) - .addFilterAt( - new LoginFilter(authenticationManager(), loginLogService, redisCacheTemplate), UsernamePasswordAuthenticationFilter.class - ) - .exceptionHandling()//登录认证失败 - .authenticationEntryPoint(((request, response, authException) -> { - response.setCharacterEncoding("utf-8"); - response.setContentType("application/json;charset=utf-8"); - - PrintWriter out = response.getWriter(); - out.write(new ObjectMapper().writeValueAsString(ResultUtils.error(CodeMsg.USER_NEED_LOGIN))); - out.flush(); - out.close(); - })); - - // 退出登录 - http.logout() - .logoutUrl("/logout") - .deleteCookies("JSESSIONID") - .logoutSuccessHandler(((request, response, authentication) -> { - PrintWriter out = response.getWriter(); - response.setContentType("application/json"); - out.write(new ObjectMapper().writeValueAsString(ResultUtils.success("注销成功"))); - out.flush(); - out.close(); - })); - } - - // @Override -// protected void configure(HttpSecurity httpSecurity) throws Exception{ -// //调试阶段 -// httpSecurity.csrf().disable().authorizeRequests(); -// httpSecurity.authorizeRequests().anyRequest() -// .permitAll().and().logout().permitAll(); +// protected void configure(HttpSecurity http) throws Exception { +// +// //允许跨域 +// http.cors().and().anonymous().and() +// // CRSF禁用,因为不使用session +// .csrf().disable() +// .formLogin().disable().httpBasic().disable() +// .authorizeRequests() +// .accessDecisionManager(accessDecisionManager())//访问决策管理器 +// .antMatchers("/api/login").permitAll() +// .antMatchers("/system/init").permitAll() +// // 除上面外的所有请求全部需要鉴权认证 +// .anyRequest().authenticated() +// .and().exceptionHandling().accessDeniedHandler(accessDeniedHandler).and() +// .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); +// +// http.addFilterAfter(new AuthCheckFilter(redisCacheTemplate), UsernamePasswordAuthenticationFilter.class) +// .addFilterAt( +// new LoginFilter(authenticationManager(), loginLogService, redisCacheTemplate), UsernamePasswordAuthenticationFilter.class +// ) +// .exceptionHandling()//登录认证失败 +// .authenticationEntryPoint(((request, response, authException) -> { +// response.setCharacterEncoding("utf-8"); +// response.setContentType("application/json;charset=utf-8"); +// +// PrintWriter out = response.getWriter(); +// out.write(new ObjectMapper().writeValueAsString(ResultUtils.error(CodeMsg.USER_NEED_LOGIN))); +// out.flush(); +// out.close(); +// })); +// +// // 退出登录 +// http.logout() +// .logoutUrl("/logout") +// .deleteCookies("JSESSIONID") +// .logoutSuccessHandler(((request, response, authentication) -> { +// PrintWriter out = response.getWriter(); +// response.setContentType("application/json"); +// out.write(new ObjectMapper().writeValueAsString(ResultUtils.success("注销成功"))); +// out.flush(); +// out.close(); +// })); // } + + @Override + protected void configure(HttpSecurity httpSecurity) throws Exception{ + //调试阶段 + httpSecurity.csrf().disable().authorizeRequests(); + httpSecurity.authorizeRequests().anyRequest() + .permitAll().and().logout().permitAll(); + } + //用于配置全局的某些通用事物,例如静态资源等 @Override public void configure(WebSecurity web) throws Exception {