|
|
@@ -7,45 +7,16 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
|
|
7
|
7
|
|
|
8
|
8
|
@Configuration
|
|
9
|
9
|
@EnableWebSecurity
|
|
10
|
|
-public class WebSecurityConfig
|
|
11
|
|
-extends WebSecurityConfigurerAdapter
|
|
|
10
|
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter
|
|
12
|
11
|
{
|
|
13
|
12
|
|
|
14
|
13
|
@Override
|
|
15
|
14
|
protected void configure(HttpSecurity http) throws Exception {
|
|
16
|
|
- String[] urls = {
|
|
17
|
|
- "*",
|
|
18
|
|
- "/*",
|
|
19
|
|
- "/*/*",
|
|
20
|
|
- "/*/*/*",
|
|
21
|
|
- "/*/*/*/*",
|
|
22
|
|
- "/*/*/*/*/*/*",
|
|
23
|
|
- "/depot-system/userInfo/login",
|
|
24
|
|
- "/login",
|
|
25
|
|
- "depot-system/userInfo/login",
|
|
26
|
|
- "login"
|
|
27
|
|
- };
|
|
28
|
15
|
|
|
29
|
16
|
http.authorizeRequests().anyRequest().permitAll() //允许所有用户访问所有资源
|
|
30
|
17
|
.and()
|
|
31
|
18
|
.csrf().disable(); // 禁用CSRF(防止伪造的跨域攻击)
|
|
32
|
19
|
|
|
33
|
20
|
super.configure(http);
|
|
34
|
|
-//
|
|
35
|
|
-// http.authorizeRequests() // 对请求执行认证与授权
|
|
36
|
|
-// .antMatchers(urls) // 匹配某些请求路径
|
|
37
|
|
-// .permitAll() // (对此前匹配的请求路径)不需要通过认证即允许访问
|
|
38
|
|
-// .anyRequest() // 除以上配置过的请求路径以外的所有请求路径
|
|
39
|
|
-// .authenticated(); // 要求是已经通过认证的
|
|
40
|
|
-// super.configure(http);
|
|
41
|
|
-
|
|
42
|
|
-// http.httpBasic().and().authorizeRequests().antMatchers("/actuator/**").authenticated().anyRequest().permitAll();
|
|
43
|
|
-// http
|
|
44
|
|
-// // 关闭csrf token认证不需要csrf防护
|
|
45
|
|
-// .csrf().disable()
|
|
46
|
|
-// // 关闭session会话管理器 JWT 不需要
|
|
47
|
|
-// .sessionManagement().disable()
|
|
48
|
|
-// // 关闭记住我功能 JWT 不需要
|
|
49
|
|
-// .rememberMe().disable();
|
|
50
|
21
|
}
|
|
51
|
22
|
}
|
