~qirong/qyksxt.git

			@@ -6,6 +6,7 @@
			import org.springframework.beans.factory.annotation.Autowired;
			import org.springframework.context.annotation.Bean;
			import org.springframework.context.annotation.Configuration;
			import org.springframework.http.HttpMethod;
			import org.springframework.security.config.annotation.web.builders.HttpSecurity;
			import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
			import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
			@@ -79,9 +80,17 @@
			.and().authenticationProvider(restAuthenticationProvider)
			.authorizeRequests()
			.antMatchers(securityIgnoreUrls.toArray(ignores)).permitAll()
			.antMatchers("/api/admin/department/list", "/api/admin/video/getList","/api/admin/user/conversion").permitAll()
			.antMatchers("/api/admin/**").hasRole(RoleEnum.ADMIN.getName())
			.antMatchers("/api/student/**").hasRole(RoleEnum.STUDENT.getName())
			.antMatchers("/api/admin/department/list",
			"/api/admin/video/getList",
			"/api/admin/user/conversion",
			"/api/admin/examPaperGrade/updates",
			"/api/admin/question/download/question/import/temp",
			"/api/admin/question/question/import"
			).permitAll()
			.antMatchers("/files/**").permitAll()
			// 静态资源，可匿名访问
			.antMatchers("/api/admin/**").hasAnyRole(RoleEnum.ADMIN.getName(), RoleEnum.DEPT_ADMIN.getName())
			.antMatchers("/api/student/**").hasAnyRole(RoleEnum.STUDENT.getName(), RoleEnum.DEPT_ADMIN.getName())
			.anyRequest().permitAll()
			.and().exceptionHandling().accessDeniedHandler(restAccessDeniedHandler)
			.and().formLogin().successHandler(restAuthenticationSuccessHandler).failureHandler(restAuthenticationFailureHandler)
			@@ -90,7 +99,6 @@
			.and().csrf().disable()
			.cors();
			}


			/**
			* Cors configuration source cors configuration source.