From abd569d79a346d9066c4b239dbc452861b26a6cb Mon Sep 17 00:00:00 2001
From: 64850858 <648540858@qq.com>
Date: 星期二, 08 六月 2021 14:43:03 +0800
Subject: [PATCH] 添加注册失败时回复403避免陷入401循环

---
 src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java |   35 +++++++++++++++++++++++------------
 1 files changed, 23 insertions(+), 12 deletions(-)

diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
index 1de14e6..40d588f 100644
--- a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
@@ -1,6 +1,8 @@
 package com.genersoft.iot.vmp.conf.security;
 
+import com.genersoft.iot.vmp.conf.UserSetup;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -20,6 +22,9 @@
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Autowired
+    private UserSetup userSetup;
 
     @Autowired
     private DefaultUserDetailsServiceImpl userDetailsService;
@@ -66,18 +71,22 @@
      **/
     @Override
     public void configure(WebSecurity web) {
-        // 鍙互鐩存帴璁块棶鐨勯潤鎬佹暟鎹�
-        web.ignoring()
-                .antMatchers("/")
-                .antMatchers("/css/**")
-                .antMatchers("/img/**")
-                .antMatchers("/fonts/**")
-                .antMatchers("/index.html")
-                .antMatchers("/doc.html") // "/webjars/**", "/swagger-resources/**", "/v3/api-docs/**"
-                .antMatchers("/webjars/**")
-                .antMatchers("/swagger-resources/**")
-                .antMatchers("/v3/api-docs/**")
-                .antMatchers("/js/**");
+
+        if (!userSetup.isInterfaceAuthentication()) {
+            web.ignoring().antMatchers("**");
+        }else {
+            // 鍙互鐩存帴璁块棶鐨勯潤鎬佹暟鎹�
+            web.ignoring()
+                    .antMatchers("/")
+                    .antMatchers("/#/**")
+                    .antMatchers("/static/**")
+                    .antMatchers("/index.html")
+                    .antMatchers("/doc.html") // "/webjars/**", "/swagger-resources/**", "/v3/api-docs/**"
+                    .antMatchers("/webjars/**")
+                    .antMatchers("/swagger-resources/**")
+                    .antMatchers("/v3/api-docs/**")
+                    .antMatchers("/js/**");
+        }
     }
 
     /**
@@ -100,6 +109,8 @@
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http.cors().and().csrf().disable();
+        // 璁剧疆鍏佽娣诲姞闈欐�佹枃浠�
+        http.headers().contentTypeOptions().disable();
         http.authorizeRequests()
                 // 鏀捐鎺ュ彛
                 .antMatchers("/api/user/login","/index/hook/**").permitAll()

--
Gitblit v1.8.0