wvp-pro.git - Gitblit

			@@ -25,6 +25,7 @@

			import java.util.ArrayList;
			import java.util.Arrays;
			import java.util.Collections;

			/**
			* 配置Spring Security
			@@ -68,6 +69,8 @@
			matchers.add("/");
			matchers.add("/#/**");
			matchers.add("/static/**");
			matchers.add("/swagger-ui.html");
			matchers.add("/swagger-ui/");
			matchers.add("/index.html");
			matchers.add("/doc.html");
			matchers.add("/webjars/**");
			@@ -77,7 +80,7 @@
			matchers.add("/api/device/query/snap/**");
			matchers.add("/record_proxy//*");
			matchers.add("/api/emit");
			matchers.addAll(userSetting.getInterfaceAuthenticationExcludes());
			matchers.add("/favicon.ico");
			// 可以直接访问的静态数据
			web.ignoring().antMatchers(matchers.toArray(new String[0]));
			}
			@@ -114,7 +117,7 @@
			.authorizeRequests()
			.requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
			.antMatchers(userSetting.getInterfaceAuthenticationExcludes().toArray(new String[0])).permitAll()
			.antMatchers("/api/user/login", "/index/hook/**").permitAll()
			.antMatchers("/api/user/login", "/index/hook/", "/swagger-ui/", "/doc.html").permitAll()
			.anyRequest().authenticated()
			// 异常处理器
			.and()
			@@ -133,8 +136,14 @@
			corsConfiguration.setAllowedHeaders(Arrays.asList("*"));
			corsConfiguration.setAllowedMethods(Arrays.asList("*"));
			corsConfiguration.setMaxAge(3600L);
			corsConfiguration.setAllowCredentials(true);
			corsConfiguration.setAllowedOrigins(userSetting.getAllowedOrigins());
			if (userSetting.getAllowedOrigins() != null && !userSetting.getAllowedOrigins().isEmpty()) {
			corsConfiguration.setAllowCredentials(true);
			corsConfiguration.setAllowedOrigins(userSetting.getAllowedOrigins());
			}else {
			corsConfiguration.setAllowCredentials(false);
			corsConfiguration.setAllowedOrigins(Collections.singletonList(CorsConfiguration.ALL));
			}

			corsConfiguration.setExposedHeaders(Arrays.asList(JwtUtils.getHeader()));

			UrlBasedCorsConfigurationSource url = new UrlBasedCorsConfigurationSource();