| | |
|---|
| | | import org.springframework.security.web.SecurityFilterChain; |
|---|
| | | import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; |
|---|
| | | import org.springframework.security.web.authentication.logout.LogoutFilter; |
|---|
| | | import org.springframework.web.cors.CorsConfiguration; |
|---|
| | | import org.springframework.web.cors.UrlBasedCorsConfigurationSource; |
|---|
| | | import org.springframework.web.filter.CorsFilter; |
|---|
| | | |
|---|
| | | /** |
|---|
| | |
|---|
| | | /** |
|---|
| | | * 允许匿名访问的地址 |
|---|
| | | */ |
|---|
| | | @Autowired |
|---|
| | | @Resource |
|---|
| | | private PermitAllUrlProperties permitAllUrl; |
|---|
| | | |
|---|
| | | @Bean |
|---|
| | |
|---|
| | | // 对于登录login 注册register 验证码captchaImage 允许匿名访问 |
|---|
| | | .requestMatchers("/login", "/register", "/captchaImage").permitAll() |
|---|
| | | // 静态资源,可匿名访问 |
|---|
| | | .requestMatchers(HttpMethod.GET, "/", "/*.html", "/*/*.html", "/*/*.css", "/*/*.js", "/profile/*").permitAll() |
|---|
| | | .requestMatchers(HttpMethod.GET, "/", "/*.html", "/*/*.html", "/*/*.css", "/*/*.js", "/profile/**").permitAll() |
|---|
| | | .requestMatchers("/swagger-ui.html", "/swagger-resources/*", "/webjars/*", "/*/api-docs", "/druid/*").permitAll() |
|---|
| | | // 除上面外的所有请求全部需要鉴权认证 |
|---|
| | | .anyRequest().authenticated() |
|---|
