兰宝车间质量管理系统
blame | 历史 | 补丁 | 提交 | 提交对比 | 忽略空白
疯狂的狮子li
2021-12-07 09dfb25d735d26e08b81307515ec32708016da33 
 ruoyi-extend/ruoyi-monitor-admin/src/main/java/com/ruoyi/monitor/admin/config/SecurityConfig.java


@@ -2,20 +2,18 @@




import de.codecentric.boot.admin.server.config.AdminServerProperties;


import org.springframework.context.annotation.Configuration;


import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;


import org.springframework.security.config.annotation.web.builders.HttpSecurity;


import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;


import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;


import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;




/**


 * spring security配置


 * admin 监控 安全配置


 *


 * @author ruoyi


 * @author Lion Li


 */


@Configuration


@EnableWebSecurity


@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, proxyTargetClass = true)


public class SecurityConfig extends WebSecurityConfigurerAdapter {




   private final String adminContextPath;


@@ -29,11 +27,13 @@


      SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();


      successHandler.setTargetUrlParameter("redirectTo");


      successHandler.setDefaultTargetUrl(adminContextPath + "/");




      // admin监控 用户鉴权


      httpSecurity.authorizeRequests()


         //授予对所有静态资产和登录页面的公共访问权限。


         .antMatchers(adminContextPath + "/assets/**").permitAll()


         .antMatchers(adminContextPath + "/login").permitAll()


            .antMatchers("/actuator").permitAll()


            .antMatchers("/actuator/**").permitAll()


         //必须对每个其他请求进行身份验证


         .anyRequest().authenticated().and()


         //配置登录和注销