From 341ea7110a954bf72493990e02eef5048504c3d4 Mon Sep 17 00:00:00 2001
From: 648540858 <648540858@qq.com>
Date: 星期五, 05 十一月 2021 10:04:45 +0800
Subject: [PATCH] 添加注释
---
src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java | 49 +++++++++++++++++++++++++++++++++++++------------
1 files changed, 37 insertions(+), 12 deletions(-)
diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
index 1de14e6..f0eca85 100644
--- a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
@@ -1,5 +1,8 @@
package com.genersoft.iot.vmp.conf.security;
+import com.genersoft.iot.vmp.conf.UserSetup;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@@ -13,6 +16,8 @@
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import java.util.List;
+
/**
* 閰嶇疆Spring Security
*/
@@ -20,6 +25,11 @@
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+
+ private final static Logger logger = LoggerFactory.getLogger(WebSecurityConfig.class);
+
+ @Autowired
+ private UserSetup userSetup;
@Autowired
private DefaultUserDetailsServiceImpl userDetailsService;
@@ -66,18 +76,31 @@
**/
@Override
public void configure(WebSecurity web) {
- // 鍙互鐩存帴璁块棶鐨勯潤鎬佹暟鎹�
- web.ignoring()
- .antMatchers("/")
- .antMatchers("/css/**")
- .antMatchers("/img/**")
- .antMatchers("/fonts/**")
- .antMatchers("/index.html")
- .antMatchers("/doc.html") // "/webjars/**", "/swagger-resources/**", "/v3/api-docs/**"
- .antMatchers("/webjars/**")
- .antMatchers("/swagger-resources/**")
- .antMatchers("/v3/api-docs/**")
- .antMatchers("/js/**");
+
+ if (!userSetup.isInterfaceAuthentication()) {
+ web.ignoring().antMatchers("**");
+ }else {
+ // 鍙互鐩存帴璁块棶鐨勯潤鎬佹暟鎹�
+ web.ignoring()
+ .antMatchers("/")
+ .antMatchers("/#/**")
+ .antMatchers("/static/**")
+ .antMatchers("/index.html")
+ .antMatchers("/doc.html") // "/webjars/**", "/swagger-resources/**", "/v3/api-docs/**"
+ .antMatchers("/webjars/**")
+ .antMatchers("/swagger-resources/**")
+ .antMatchers("/v3/api-docs/**")
+ .antMatchers("/js/**");
+ List<String> interfaceAuthenticationExcludes = userSetup.getInterfaceAuthenticationExcludes();
+ for (String interfaceAuthenticationExclude : interfaceAuthenticationExcludes) {
+ if (interfaceAuthenticationExclude.split("/").length < 4 ) {
+ logger.warn("{}涓嶆弧瓒充袱绾х洰褰曪紝宸插拷鐣�", interfaceAuthenticationExclude);
+ }else {
+ web.ignoring().antMatchers(interfaceAuthenticationExclude);
+ }
+
+ }
+ }
}
/**
@@ -100,6 +123,8 @@
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable();
+ // 璁剧疆鍏佽娣诲姞闈欐�佹枃浠�
+ http.headers().contentTypeOptions().disable();
http.authorizeRequests()
// 鏀捐鎺ュ彛
.antMatchers("/api/user/login","/index/hook/**").permitAll()
--
Gitblit v1.8.0