0.10.2 修复跨域问题
This commit is contained in:
@@ -21,7 +21,7 @@ allprojects {
|
|||||||
|
|
||||||
subprojects {
|
subprojects {
|
||||||
ext {
|
ext {
|
||||||
version '0.10.1'
|
version '0.10.2'
|
||||||
spring_version = "2.3.0.RELEASE"
|
spring_version = "2.3.0.RELEASE"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -13,6 +13,7 @@ import org.springframework.stereotype.Component
|
|||||||
import org.springframework.web.cors.CorsConfiguration
|
import org.springframework.web.cors.CorsConfiguration
|
||||||
import org.springframework.web.cors.CorsConfigurationSource
|
import org.springframework.web.cors.CorsConfigurationSource
|
||||||
import org.springframework.web.cors.UrlBasedCorsConfigurationSource
|
import org.springframework.web.cors.UrlBasedCorsConfigurationSource
|
||||||
|
import java.util.*
|
||||||
|
|
||||||
|
|
||||||
@Component
|
@Component
|
||||||
@@ -28,21 +29,21 @@ class WebSecurity : WebSecurityConfigurerAdapter() {
|
|||||||
override fun configure(http: HttpSecurity) {
|
override fun configure(http: HttpSecurity) {
|
||||||
// 跨域共享
|
// 跨域共享
|
||||||
http.cors()
|
http.cors()
|
||||||
.and().csrf().disable() // 跨域伪造请求限制无效
|
.and().csrf().disable() // 跨域伪造请求限制无效
|
||||||
.authorizeRequests()
|
.authorizeRequests()
|
||||||
.anyRequest().authenticated()// 资源任何人都可访问
|
.anyRequest().authenticated()// 资源任何人都可访问
|
||||||
.and()
|
.and()
|
||||||
.addFilter(WebAuthorization(authenticationManager(), tokenManager))// 添加JWT鉴权拦截器
|
.addFilter(WebAuthorization(authenticationManager(), tokenManager))// 添加JWT鉴权拦截器
|
||||||
.sessionManagement()
|
.sessionManagement()
|
||||||
.sessionCreationPolicy(SessionCreationPolicy.STATELESS) // 设置Session的创建策略为:Spring Security永不创建HttpSession 不使用HttpSession来获取SecurityContext
|
.sessionCreationPolicy(SessionCreationPolicy.STATELESS) // 设置Session的创建策略为:Spring Security永不创建HttpSession 不使用HttpSession来获取SecurityContext
|
||||||
.and()
|
.and()
|
||||||
.exceptionHandling()
|
.exceptionHandling()
|
||||||
.authenticationEntryPoint { _, response, _ ->
|
.authenticationEntryPoint { _, response, _ ->
|
||||||
response.status = Status.Success
|
response.status = Status.Success
|
||||||
response.characterEncoding = "utf-8"
|
response.characterEncoding = "utf-8"
|
||||||
response.contentType = "text/javascript;charset=utf-8"
|
response.contentType = "text/javascript;charset=utf-8"
|
||||||
response.writer.print(HttpMessage(Status.Unauthorized, "用户未登录,请重新登录后尝试!"))
|
response.writer.print(HttpMessage(Status.Unauthorized, "用户未登录,请重新登录后尝试!"))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Throws(Exception::class)
|
@Throws(Exception::class)
|
||||||
@@ -56,9 +57,15 @@ class WebSecurity : WebSecurityConfigurerAdapter() {
|
|||||||
*/
|
*/
|
||||||
@Bean
|
@Bean
|
||||||
fun corsConfigurationSource(): CorsConfigurationSource {
|
fun corsConfigurationSource(): CorsConfigurationSource {
|
||||||
|
val configuration = CorsConfiguration()
|
||||||
|
configuration.allowedOrigins = listOf("*")
|
||||||
|
configuration.allowedMethods = listOf("*")
|
||||||
|
configuration.allowedHeaders = listOf("*")
|
||||||
|
// 如果所有的属性不全部配置,一定要执行该方法
|
||||||
|
configuration.applyPermitDefaultValues()
|
||||||
val source = UrlBasedCorsConfigurationSource()
|
val source = UrlBasedCorsConfigurationSource()
|
||||||
// 注册跨域配置
|
// 注册跨域配置
|
||||||
source.registerCorsConfiguration("/**", CorsConfiguration().applyPermitDefaultValues())
|
source.registerCorsConfiguration("/**", configuration)
|
||||||
return source
|
return source
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user