wvp-pro.git - Gitblit

			@@ -1,6 +1,8 @@
			package com.genersoft.iot.vmp.conf.security;

			import com.genersoft.iot.vmp.conf.UserSetup;
			import org.springframework.beans.factory.annotation.Autowired;
			import org.springframework.beans.factory.annotation.Value;
			import org.springframework.context.annotation.Bean;
			import org.springframework.context.annotation.Configuration;
			import org.springframework.security.authentication.AuthenticationManager;
			@@ -20,6 +22,9 @@
			@EnableWebSecurity
			@EnableGlobalMethodSecurity(prePostEnabled = true)
			public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

			@Autowired
			private UserSetup userSetup;

			@Autowired
			private DefaultUserDetailsServiceImpl userDetailsService;
			@@ -66,18 +71,22 @@
			**/
			@Override
			public void configure(WebSecurity web) {
			// 可以直接访问的静态数据
			web.ignoring()
			.antMatchers("/")
			.antMatchers("/css/**")
			.antMatchers("/img/**")
			.antMatchers("/fonts/**")
			.antMatchers("/index.html")
			.antMatchers("/doc.html") // "/webjars/", "/swagger-resources/", "/v3/api-docs/**"
			.antMatchers("/webjars/**")
			.antMatchers("/swagger-resources/**")
			.antMatchers("/v3/api-docs/**")
			.antMatchers("/js/**");

			if (!userSetup.isInterfaceAuthentication()) {
			web.ignoring().antMatchers("**");
			}else {
			// 可以直接访问的静态数据
			web.ignoring()
			.antMatchers("/")
			.antMatchers("/#/**")
			.antMatchers("/static/**")
			.antMatchers("/index.html")
			.antMatchers("/doc.html") // "/webjars/", "/swagger-resources/", "/v3/api-docs/**"
			.antMatchers("/webjars/**")
			.antMatchers("/swagger-resources/**")
			.antMatchers("/v3/api-docs/**")
			.antMatchers("/js/**");
			}
			}

			/**
			@@ -100,6 +109,8 @@
			@Override
			protected void configure(HttpSecurity http) throws Exception {
			http.cors().and().csrf().disable();
			// 设置允许添加静态文件
			http.headers().contentTypeOptions().disable();
			http.authorizeRequests()
			// 放行接口
			.antMatchers("/api/user/login","/index/hook/**").permitAll()