From fe29db7a08e9da70ca3c78db27a11e48fa5f6f43 Mon Sep 17 00:00:00 2001
From: xiangpei <xiangpei@timesnew.cn>
Date: 星期三, 15 五月 2024 22:24:47 +0800
Subject: [PATCH] springboot静态文件配置。删除dist

---
 src/main/java/com/mindskip/xzs/configuration/spring/security/SecurityConfigurer.java |   52 +++++++++++++++++++++++++++++++---------------------
 1 files changed, 31 insertions(+), 21 deletions(-)

diff --git a/src/main/java/com/mindskip/xzs/configuration/spring/security/SecurityConfigurer.java b/src/main/java/com/mindskip/xzs/configuration/spring/security/SecurityConfigurer.java
index da15ddd..4440272 100644
--- a/src/main/java/com/mindskip/xzs/configuration/spring/security/SecurityConfigurer.java
+++ b/src/main/java/com/mindskip/xzs/configuration/spring/security/SecurityConfigurer.java
@@ -6,6 +6,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@@ -74,13 +75,22 @@
             List<String> securityIgnoreUrls = systemConfig.getSecurityIgnoreUrls();
             String[] ignores = new String[securityIgnoreUrls.size()];
             http
-                    .addFilterAt(authenticationFilter(), UsernamePasswordAuthenticationFilter.class)
                     .exceptionHandling().authenticationEntryPoint(restAuthenticationEntryPoint)
                     .and().authenticationProvider(restAuthenticationProvider)
                     .authorizeRequests()
                     .antMatchers(securityIgnoreUrls.toArray(ignores)).permitAll()
-                    .antMatchers("/api/admin/department/list", "/api/admin/video/getList","/api/admin/user/conversion").permitAll()
-                    .antMatchers("/api/admin/**").hasRole(RoleEnum.ADMIN.getName())
+                    .antMatchers("/api/admin/department/list",
+                            "/api/admin/video/getList",
+                            "/api/admin/user/conversion",
+                            "/api/admin/examPaperGrade/updates",
+                            "/api/admin/question/download/question/import/temp",
+                            "/api/admin/question/question/import",
+                            "/api/upload/**"
+                    ).permitAll()
+                    .antMatchers("/files/**").permitAll()
+                    // 闈欐�佽祫婧愶紝鍙尶鍚嶈闂�
+                    // todo 璁剧疆閮ㄩ棬绠＄悊鍛樺彲浠ョ湅鐨勮姹�
+                    .antMatchers("/api/admin/**").hasAnyRole(RoleEnum.ADMIN.getName(), RoleEnum.DEPT_ADMIN.getName())
                     .antMatchers("/api/student/**").hasRole(RoleEnum.STUDENT.getName())
                     .anyRequest().permitAll()
                     .and().exceptionHandling().accessDeniedHandler(restAccessDeniedHandler)
@@ -89,26 +99,26 @@
                     .and().rememberMe().key(CookieConfig.getName()).tokenValiditySeconds(CookieConfig.getInterval()).userDetailsService(formDetailsService)
                     .and().csrf().disable()
                     .cors();
+            http.addFilterAt(authenticationFilter(), UsernamePasswordAuthenticationFilter.class);
         }
 
-
-        /**
-         * Cors configuration source cors configuration source.
-         *
-         * @return the cors configuration source
-         */
-        @Bean
-        public CorsConfigurationSource corsConfigurationSource() {
-            final CorsConfiguration configuration = new CorsConfiguration();
-            configuration.setMaxAge(3600L);
-            configuration.setAllowedOrigins(Collections.singletonList("*"));
-            configuration.setAllowedMethods(Collections.singletonList("*"));
-            configuration.setAllowCredentials(true);
-            configuration.setAllowedHeaders(Collections.singletonList("*"));
-            final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-            source.registerCorsConfiguration("/api/**", configuration);
-            return source;
-        }
+//        /**
+//         * Cors configuration source cors configuration source.
+//         *
+//         * @return the cors configuration source
+//         */
+//        @Bean
+//        public CorsConfigurationSource corsConfigurationSource() {
+//            final CorsConfiguration configuration = new CorsConfiguration();
+//            configuration.setMaxAge(3600L);
+//            configuration.setAllowedOrigins(Collections.singletonList("*"));
+//            configuration.setAllowedMethods(Collections.singletonList("*"));
+//            configuration.setAllowCredentials(true);
+//            configuration.setAllowedHeaders(Collections.singletonList("*"));
+//            final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+//            source.registerCorsConfiguration("/api/**", configuration);
+//            return source;
+//        }
 
 
         /**

--
Gitblit v1.8.0