From 47cd9ecc0eff38ffe6b3b794b2bf197e958f4403 Mon Sep 17 00:00:00 2001
From: xiangpei <xiangpei@timesnew.cn>
Date: 星期三, 14 五月 2025 15:50:57 +0800
Subject: [PATCH] bug:学员有状态不能修改问题
---
src/main/java/com/mindskip/xzs/configuration/spring/security/SecurityConfigurer.java | 42 ++++++++++++++++++++----------------------
1 files changed, 20 insertions(+), 22 deletions(-)
diff --git a/src/main/java/com/mindskip/xzs/configuration/spring/security/SecurityConfigurer.java b/src/main/java/com/mindskip/xzs/configuration/spring/security/SecurityConfigurer.java
index 4440272..e7b5b97 100644
--- a/src/main/java/com/mindskip/xzs/configuration/spring/security/SecurityConfigurer.java
+++ b/src/main/java/com/mindskip/xzs/configuration/spring/security/SecurityConfigurer.java
@@ -75,6 +75,7 @@
List<String> securityIgnoreUrls = systemConfig.getSecurityIgnoreUrls();
String[] ignores = new String[securityIgnoreUrls.size()];
http
+ .addFilterAt(authenticationFilter(), UsernamePasswordAuthenticationFilter.class)
.exceptionHandling().authenticationEntryPoint(restAuthenticationEntryPoint)
.and().authenticationProvider(restAuthenticationProvider)
.authorizeRequests()
@@ -84,14 +85,12 @@
"/api/admin/user/conversion",
"/api/admin/examPaperGrade/updates",
"/api/admin/question/download/question/import/temp",
- "/api/admin/question/question/import",
- "/api/upload/**"
+ "/api/admin/question/question/import"
).permitAll()
.antMatchers("/files/**").permitAll()
// 闈欐�佽祫婧愶紝鍙尶鍚嶈闂�
- // todo 璁剧疆閮ㄩ棬绠$悊鍛樺彲浠ョ湅鐨勮姹�
.antMatchers("/api/admin/**").hasAnyRole(RoleEnum.ADMIN.getName(), RoleEnum.DEPT_ADMIN.getName())
- .antMatchers("/api/student/**").hasRole(RoleEnum.STUDENT.getName())
+ .antMatchers("/api/student/**").hasAnyRole(RoleEnum.STUDENT.getName(), RoleEnum.DEPT_ADMIN.getName())
.anyRequest().permitAll()
.and().exceptionHandling().accessDeniedHandler(restAccessDeniedHandler)
.and().formLogin().successHandler(restAuthenticationSuccessHandler).failureHandler(restAuthenticationFailureHandler)
@@ -99,26 +98,25 @@
.and().rememberMe().key(CookieConfig.getName()).tokenValiditySeconds(CookieConfig.getInterval()).userDetailsService(formDetailsService)
.and().csrf().disable()
.cors();
- http.addFilterAt(authenticationFilter(), UsernamePasswordAuthenticationFilter.class);
}
-// /**
-// * Cors configuration source cors configuration source.
-// *
-// * @return the cors configuration source
-// */
-// @Bean
-// public CorsConfigurationSource corsConfigurationSource() {
-// final CorsConfiguration configuration = new CorsConfiguration();
-// configuration.setMaxAge(3600L);
-// configuration.setAllowedOrigins(Collections.singletonList("*"));
-// configuration.setAllowedMethods(Collections.singletonList("*"));
-// configuration.setAllowCredentials(true);
-// configuration.setAllowedHeaders(Collections.singletonList("*"));
-// final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-// source.registerCorsConfiguration("/api/**", configuration);
-// return source;
-// }
+ /**
+ * Cors configuration source cors configuration source.
+ *
+ * @return the cors configuration source
+ */
+ @Bean
+ public CorsConfigurationSource corsConfigurationSource() {
+ final CorsConfiguration configuration = new CorsConfiguration();
+ configuration.setMaxAge(3600L);
+ configuration.setAllowedOrigins(Collections.singletonList("*"));
+ configuration.setAllowedMethods(Collections.singletonList("*"));
+ configuration.setAllowCredentials(true);
+ configuration.setAllowedHeaders(Collections.singletonList("*"));
+ final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+ source.registerCorsConfiguration("/api/**", configuration);
+ return source;
+ }
/**
--
Gitblit v1.8.0