From 5d901b5e3f033e8b04e53420d68626cbd87431c8 Mon Sep 17 00:00:00 2001 From: 648540858 <648540858@qq.com> Date: 星期五, 06 五月 2022 10:12:34 +0800 Subject: [PATCH] 使用阿里代码规范。规范代码写法 --- src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java | 49 +++++++++++++++++++++++++++++++++++++------------ 1 files changed, 37 insertions(+), 12 deletions(-) diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java index 1de14e6..47cfdab 100644 --- a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java +++ b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java @@ -1,5 +1,8 @@ package com.genersoft.iot.vmp.conf.security; +import com.genersoft.iot.vmp.conf.UserSetting; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -13,6 +16,8 @@ import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import java.util.List; + /** * 閰嶇疆Spring Security */ @@ -20,6 +25,11 @@ @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class WebSecurityConfig extends WebSecurityConfigurerAdapter { + + private final static Logger logger = LoggerFactory.getLogger(WebSecurityConfig.class); + + @Autowired + private UserSetting userSetting; @Autowired private DefaultUserDetailsServiceImpl userDetailsService; @@ -66,18 +76,31 @@ **/ @Override public void configure(WebSecurity web) { - // 鍙互鐩存帴璁块棶鐨勯潤鎬佹暟鎹� - web.ignoring() - .antMatchers("/") - .antMatchers("/css/**") - .antMatchers("/img/**") - .antMatchers("/fonts/**") - .antMatchers("/index.html") - .antMatchers("/doc.html") // "/webjars/**", "/swagger-resources/**", "/v3/api-docs/**" - .antMatchers("/webjars/**") - .antMatchers("/swagger-resources/**") - .antMatchers("/v3/api-docs/**") - .antMatchers("/js/**"); + + if (!userSetting.isInterfaceAuthentication()) { + web.ignoring().antMatchers("**"); + }else { + // 鍙互鐩存帴璁块棶鐨勯潤鎬佹暟鎹� + web.ignoring() + .antMatchers("/") + .antMatchers("/#/**") + .antMatchers("/static/**") + .antMatchers("/index.html") + .antMatchers("/doc.html") // "/webjars/**", "/swagger-resources/**", "/v3/api-docs/**" + .antMatchers("/webjars/**") + .antMatchers("/swagger-resources/**") + .antMatchers("/v3/api-docs/**") + .antMatchers("/js/**"); + List<String> interfaceAuthenticationExcludes = userSetting.getInterfaceAuthenticationExcludes(); + for (String interfaceAuthenticationExclude : interfaceAuthenticationExcludes) { + if (interfaceAuthenticationExclude.split("/").length < 4 ) { + logger.warn("{}涓嶆弧瓒充袱绾х洰褰曪紝宸插拷鐣�", interfaceAuthenticationExclude); + }else { + web.ignoring().antMatchers(interfaceAuthenticationExclude); + } + + } + } } /** @@ -100,6 +123,8 @@ @Override protected void configure(HttpSecurity http) throws Exception { http.cors().and().csrf().disable(); + // 璁剧疆鍏佽娣诲姞闈欐�佹枃浠� + http.headers().contentTypeOptions().disable(); http.authorizeRequests() // 鏀捐鎺ュ彛 .antMatchers("/api/user/login","/index/hook/**").permitAll() -- Gitblit v1.8.0