From 038ed84a1e027561ad022b6a21c9a665aaa1f2f0 Mon Sep 17 00:00:00 2001 From: alex Date: Sun, 11 Apr 2021 16:13:20 +0800 Subject: [PATCH] =?UTF-8?q?0.10.2=20=E4=BF=AE=E5=A4=8D=E8=B7=A8=E5=9F=9F?= =?UTF-8?q?=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- build.gradle | 2 +- .../app/component/security/WebSecurity.kt | 39 +++++++++++-------- 2 files changed, 24 insertions(+), 17 deletions(-) diff --git a/build.gradle b/build.gradle index df48694..41816a9 100644 --- a/build.gradle +++ b/build.gradle @@ -21,7 +21,7 @@ allprojects { subprojects { ext { - version '0.10.1' + version '0.10.2' spring_version = "2.3.0.RELEASE" } diff --git a/src/gaea.app/src/main/kotlin/com/synebula/gaea/app/component/security/WebSecurity.kt b/src/gaea.app/src/main/kotlin/com/synebula/gaea/app/component/security/WebSecurity.kt index c0a6a43..3efed1f 100644 --- a/src/gaea.app/src/main/kotlin/com/synebula/gaea/app/component/security/WebSecurity.kt +++ b/src/gaea.app/src/main/kotlin/com/synebula/gaea/app/component/security/WebSecurity.kt @@ -13,6 +13,7 @@ import org.springframework.stereotype.Component import org.springframework.web.cors.CorsConfiguration import org.springframework.web.cors.CorsConfigurationSource import org.springframework.web.cors.UrlBasedCorsConfigurationSource +import java.util.* @Component @@ -28,21 +29,21 @@ class WebSecurity : WebSecurityConfigurerAdapter() { override fun configure(http: HttpSecurity) { // 跨域共享 http.cors() - .and().csrf().disable() // 跨域伪造请求限制无效 - .authorizeRequests() - .anyRequest().authenticated()// 资源任何人都可访问 - .and() - .addFilter(WebAuthorization(authenticationManager(), tokenManager))// 添加JWT鉴权拦截器 - .sessionManagement() - .sessionCreationPolicy(SessionCreationPolicy.STATELESS) // 设置Session的创建策略为:Spring Security永不创建HttpSession 不使用HttpSession来获取SecurityContext - .and() - .exceptionHandling() - .authenticationEntryPoint { _, response, _ -> - response.status = Status.Success - response.characterEncoding = "utf-8" - response.contentType = "text/javascript;charset=utf-8" - response.writer.print(HttpMessage(Status.Unauthorized, "用户未登录,请重新登录后尝试!")) - } + .and().csrf().disable() // 跨域伪造请求限制无效 + .authorizeRequests() + .anyRequest().authenticated()// 资源任何人都可访问 + .and() + .addFilter(WebAuthorization(authenticationManager(), tokenManager))// 添加JWT鉴权拦截器 + .sessionManagement() + .sessionCreationPolicy(SessionCreationPolicy.STATELESS) // 设置Session的创建策略为:Spring Security永不创建HttpSession 不使用HttpSession来获取SecurityContext + .and() + .exceptionHandling() + .authenticationEntryPoint { _, response, _ -> + response.status = Status.Success + response.characterEncoding = "utf-8" + response.contentType = "text/javascript;charset=utf-8" + response.writer.print(HttpMessage(Status.Unauthorized, "用户未登录,请重新登录后尝试!")) + } } @Throws(Exception::class) @@ -56,9 +57,15 @@ class WebSecurity : WebSecurityConfigurerAdapter() { */ @Bean fun corsConfigurationSource(): CorsConfigurationSource { + val configuration = CorsConfiguration() + configuration.allowedOrigins = listOf("*") + configuration.allowedMethods = listOf("*") + configuration.allowedHeaders = listOf("*") + // 如果所有的属性不全部配置,一定要执行该方法 + configuration.applyPermitDefaultValues() val source = UrlBasedCorsConfigurationSource() // 注册跨域配置 - source.registerCorsConfiguration("/**", CorsConfiguration().applyPermitDefaultValues()) + source.registerCorsConfiguration("/**", configuration) return source } }