青阳考试系统
blame | 历史 | 补丁 | 提交 | 提交对比 | ignore whitespace
xiangpei
2025-05-14 47cd9ecc0eff38ffe6b3b794b2bf197e958f4403 
 src/main/java/com/mindskip/xzs/configuration/spring/security/SecurityConfigurer.java


@@ -6,6 +6,7 @@


import org.springframework.beans.factory.annotation.Autowired;


import org.springframework.context.annotation.Bean;


import org.springframework.context.annotation.Configuration;


import org.springframework.http.HttpMethod;


import org.springframework.security.config.annotation.web.builders.HttpSecurity;


import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;


import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;


@@ -18,12 +19,7 @@


import java.util.List;






/**


 * @version 3.5.0


 * @description: The type Security configurer.


 * Copyright (C), 2020-2021, 武汉思维跳跃科技有限公司


 * @date 2021/12/25 9:45


 */




@Configuration


@EnableWebSecurity


public class SecurityConfigurer {


@@ -84,9 +80,17 @@


                    .and().authenticationProvider(restAuthenticationProvider)


                    .authorizeRequests()


                    .antMatchers(securityIgnoreUrls.toArray(ignores)).permitAll()


                    .antMatchers("/api/admin/department/list", "/api/admin/video/getList").permitAll()


                    .antMatchers("/api/admin/**").hasRole(RoleEnum.ADMIN.getName())


                    .antMatchers("/api/student/**").hasRole(RoleEnum.STUDENT.getName())


                    .antMatchers("/api/admin/department/list",


                            "/api/admin/video/getList",


                            "/api/admin/user/conversion",


                            "/api/admin/examPaperGrade/updates",


                            "/api/admin/question/download/question/import/temp",


                            "/api/admin/question/question/import"


                    ).permitAll()


                    .antMatchers("/files/**").permitAll()


                    // 静态资源,可匿名访问


                    .antMatchers("/api/admin/**").hasAnyRole(RoleEnum.ADMIN.getName(), RoleEnum.DEPT_ADMIN.getName())


                    .antMatchers("/api/student/**").hasAnyRole(RoleEnum.STUDENT.getName(), RoleEnum.DEPT_ADMIN.getName())


                    .anyRequest().permitAll()


                    .and().exceptionHandling().accessDeniedHandler(restAccessDeniedHandler)


                    .and().formLogin().successHandler(restAuthenticationSuccessHandler).failureHandler(restAuthenticationFailureHandler)


@@ -95,7 +99,6 @@


                    .and().csrf().disable()


                    .cors();


        }






        /**


         * Cors configuration source cors configuration source.