兰宝车间质量管理系统
blame | 历史 | 补丁 | 提交 | 提交对比 | 忽略空白
疯狂的狮子li
2021-07-09 1c11d7ccc125366ff12efa4770749e389aba01fb 
 ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java


@@ -1,5 +1,8 @@


package com.ruoyi.framework.config;




import com.ruoyi.framework.security.filter.JwtAuthenticationTokenFilter;


import com.ruoyi.framework.security.handle.AuthenticationEntryPointImpl;


import com.ruoyi.framework.security.handle.LogoutSuccessHandlerImpl;


import org.springframework.beans.factory.annotation.Autowired;


import org.springframework.context.annotation.Bean;


import org.springframework.http.HttpMethod;


@@ -14,13 +17,10 @@


import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;


import org.springframework.security.web.authentication.logout.LogoutFilter;


import org.springframework.web.filter.CorsFilter;


import com.ruoyi.framework.security.filter.JwtAuthenticationTokenFilter;


import com.ruoyi.framework.security.handle.AuthenticationEntryPointImpl;


import com.ruoyi.framework.security.handle.LogoutSuccessHandlerImpl;




/**


 * spring security配置


 * 


 *


 * @author ruoyi


 */


@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)


@@ -31,7 +31,7 @@


     */


    @Autowired


    private UserDetailsService userDetailsService;


    




    /**


     * 认证失败处理类


     */


@@ -55,7 +55,7 @@


     */


    @Autowired


    private CorsFilter corsFilter;


    




    /**


     * 解决 无法直接注入 AuthenticationManager


     *


@@ -88,7 +88,7 @@


    protected void configure(HttpSecurity httpSecurity) throws Exception


    {


        httpSecurity


                // CRSF禁用,因为不使用session


                // CSRF禁用,因为不使用session


                .csrf().disable()


                // 认证失败处理类


                .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()


@@ -108,11 +108,14 @@


                .antMatchers("/profile/**").anonymous()


                .antMatchers("/common/download**").anonymous()


                .antMatchers("/common/download/resource**").anonymous()


                .antMatchers("/swagger-ui.html").anonymous()


                .antMatchers("/doc.html").anonymous()


                .antMatchers("/swagger-resources/**").anonymous()


                .antMatchers("/webjars/**").anonymous()


                .antMatchers("/*/api-docs").anonymous()


                .antMatchers("/druid/**").anonymous()


                // Spring Boot Actuator 的安全配置


                .antMatchers("/actuator").anonymous()


                .antMatchers("/actuator/**").anonymous()


                // 除上面外的所有请求全部需要鉴权认证


                .anyRequest().authenticated()


                .and()


@@ -125,7 +128,7 @@


        httpSecurity.addFilterBefore(corsFilter, LogoutFilter.class);


    }




    




    /**


     * 强散列哈希加密实现


     */