部分问题修复
This commit is contained in:
zhh
@@ -2,6 +2,7 @@ package com.macro.mall.config;
|
||||
|
||||
import com.macro.mall.bo.AdminUserDetails;
|
||||
import com.macro.mall.component.JwtAuthenticationTokenFilter;
|
||||
import com.macro.mall.component.RestfulAccessDeniedHandler;
|
||||
import com.macro.mall.model.UmsAdmin;
|
||||
import com.macro.mall.service.UmsAdminService;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
@@ -18,6 +19,7 @@ import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||
import org.springframework.security.web.access.AccessDeniedHandler;
|
||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||
|
||||
|
||||
@@ -32,31 +34,33 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity httpSecurity) throws Exception {
|
||||
httpSecurity.csrf()// 由于使用的是JWT,我们这里不需要csrf
|
||||
.disable()
|
||||
.sessionManagement()// 基于token,所以不需要session
|
||||
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
|
||||
.and()
|
||||
.authorizeRequests()
|
||||
.antMatchers(HttpMethod.GET, // 允许对于网站静态资源的无授权访问
|
||||
"/",
|
||||
"/*.html",
|
||||
"/favicon.ico",
|
||||
"/**/*.html",
|
||||
"/**/*.css",
|
||||
"/**/*.js",
|
||||
"/swagger-resources/**",
|
||||
"/v2/api-docs/**"
|
||||
)
|
||||
.permitAll()
|
||||
.antMatchers("/admin/**")// 对于获取token的rest api要允许匿名访问
|
||||
.permitAll()
|
||||
.anyRequest()// 除上面外的所有请求全部需要鉴权认证
|
||||
.authenticated();
|
||||
httpSecurity.csrf()// 由于使用的是JWT,我们这里不需要csrf
|
||||
.disable()
|
||||
.sessionManagement()// 基于token,所以不需要session
|
||||
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
|
||||
.and()
|
||||
.authorizeRequests()
|
||||
.antMatchers(HttpMethod.GET, // 允许对于网站静态资源的无授权访问
|
||||
"/",
|
||||
"/*.html",
|
||||
"/favicon.ico",
|
||||
"/**/*.html",
|
||||
"/**/*.css",
|
||||
"/**/*.js",
|
||||
"/swagger-resources/**",
|
||||
"/v2/api-docs/**"
|
||||
)
|
||||
.permitAll()
|
||||
.antMatchers("/admin/**")// 对于获取token的rest api要允许匿名访问
|
||||
.permitAll()
|
||||
.antMatchers("/**")//测试时全部运行访问
|
||||
.permitAll()
|
||||
.anyRequest()// 除上面外的所有请求全部需要鉴权认证
|
||||
.authenticated();
|
||||
// 禁用缓存
|
||||
httpSecurity.headers().cacheControl();
|
||||
httpSecurity.headers().cacheControl();
|
||||
// 添加JWT filter
|
||||
httpSecurity.addFilterBefore(jwtAuthenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class);
|
||||
httpSecurity.addFilterBefore(jwtAuthenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class);
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -66,7 +70,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
}
|
||||
|
||||
@Bean
|
||||
public PasswordEncoder passwordEncoder(){
|
||||
public PasswordEncoder passwordEncoder() {
|
||||
return new Md5PasswordEncoder();
|
||||
}
|
||||
|
||||
@@ -77,7 +81,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
@Override
|
||||
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
|
||||
UmsAdmin admin = adminService.getAdminByUsername(username);
|
||||
if(admin!=null){
|
||||
if (admin != null) {
|
||||
return new AdminUserDetails(admin);
|
||||
}
|
||||
throw new UsernameNotFoundException("用户名或密码错误");
|
||||
@@ -89,4 +93,5 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
public JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter(){
|
||||
return new JwtAuthenticationTokenFilter();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user