From 1fc2916c2b4b28fbf722c4401e559805f9578573 Mon Sep 17 00:00:00 2001
From: 648540858 <648540858@qq.com>
Date: 星期日, 28 四月 2024 22:25:58 +0800
Subject: [PATCH] Merge pull request #1432 from AlphaWu/Zafu-Dev-20240428
---
 src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java |   43 ++++++++++++++++++++++---------------------
 1 files changed, 22 insertions(+), 21 deletions(-)
diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
index be2850f..b035fcb 100644
--- a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
@@ -1,12 +1,12 @@
 package com.genersoft.iot.vmp.conf.security;
 
 import com.genersoft.iot.vmp.conf.UserSetting;
-import org.junit.jupiter.api.Order;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
@@ -25,9 +25,11 @@
 
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collections;
 
 /**
  * 閰嶇疆Spring Security
+ *
  * @author lin
  */
 @Configuration
@@ -47,16 +49,6 @@
      * 鐧诲嚭鎴愬姛鐨勫鐞�
      */
     @Autowired
-    private LoginFailureHandler loginFailureHandler;
-    /**
-     * 鐧诲綍鎴愬姛鐨勫鐞�
-     */
-    @Autowired
-    private LoginSuccessHandler loginSuccessHandler;
-    /**
-     * 鐧诲嚭鎴愬姛鐨勫鐞�
-     */
-    @Autowired
     private LogoutHandler logoutHandler;
     /**
      * 鏈櫥褰曠殑澶勭悊
@@ -72,21 +64,23 @@
      **/
     @Override
     public void configure(WebSecurity web) {
-
-        if (!userSetting.isInterfaceAuthentication()) {
-            web.ignoring().antMatchers("**");
-        }else {
+        if (userSetting.isInterfaceAuthentication()) {
             ArrayList<String> matchers = new ArrayList<>();
             matchers.add("/");
             matchers.add("/#/**");
             matchers.add("/static/**");
+            matchers.add("/swagger-ui.html");
+            matchers.add("/swagger-ui/");
             matchers.add("/index.html");
             matchers.add("/doc.html");
             matchers.add("/webjars/**");
             matchers.add("/swagger-resources/**");
             matchers.add("/v3/api-docs/**");
             matchers.add("/js/**");
-            matchers.addAll(userSetting.getInterfaceAuthenticationExcludes());
+            matchers.add("/api/device/query/snap/**");
+            matchers.add("/record_proxy/*/**");
+            matchers.add("/api/emit");
+            matchers.add("/favicon.ico");
             // 鍙互鐩存帴璁块棶鐨勯潤鎬佹暟鎹�
             web.ignoring().antMatchers(matchers.toArray(new String[0]));
         }
@@ -94,6 +88,7 @@
 
     /**
      * 閰嶇疆璁よ瘉鏂瑰紡
+     *
      * @param auth
      * @throws Exception
      */
@@ -122,7 +117,7 @@
                 .authorizeRequests()
                 .requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
                 .antMatchers(userSetting.getInterfaceAuthenticationExcludes().toArray(new String[0])).permitAll()
-                .antMatchers("/api/user/login","/index/hook/**").permitAll()
+                .antMatchers("/api/user/login", "/index/hook/**","/index/hook/abl/**", "/swagger-ui/**", "/doc.html").permitAll()
                 .anyRequest().authenticated()
                 // 寮傚父澶勭悊鍣�
                 .and()
@@ -135,18 +130,24 @@
 
     }
 
-    CorsConfigurationSource configurationSource(){
+    CorsConfigurationSource configurationSource() {
         // 閰嶇疆璺ㄥ煙
         CorsConfiguration corsConfiguration = new CorsConfiguration();
         corsConfiguration.setAllowedHeaders(Arrays.asList("*"));
         corsConfiguration.setAllowedMethods(Arrays.asList("*"));
         corsConfiguration.setMaxAge(3600L);
-        corsConfiguration.setAllowCredentials(true);
-        corsConfiguration.setAllowedOrigins(userSetting.getAllowedOrigins());
+        if (userSetting.getAllowedOrigins() != null && !userSetting.getAllowedOrigins().isEmpty()) {
+            corsConfiguration.setAllowCredentials(true);
+            corsConfiguration.setAllowedOrigins(userSetting.getAllowedOrigins());
+        }else {
+            corsConfiguration.setAllowCredentials(false);
+            corsConfiguration.setAllowedOrigins(Collections.singletonList(CorsConfiguration.ALL));
+        }
+
         corsConfiguration.setExposedHeaders(Arrays.asList(JwtUtils.getHeader()));
 
         UrlBasedCorsConfigurationSource url = new UrlBasedCorsConfigurationSource();
-        url.registerCorsConfiguration("/**",corsConfiguration);
+        url.registerCorsConfiguration("/**", corsConfiguration);
         return url;
     }
 
--
Gitblit v1.8.0