0.10.2 修复跨域问题

2021-04-11 16:13:20 +08:00
parent 117ed25cee
commit 038ed84a1e
2 changed files with 24 additions and 17 deletions
--- a/build.gradle
+++ b/build.gradle
@@ -21,7 +21,7 @@ allprojects {

 subprojects {
    ext {
-        version '0.10.1'
+        version '0.10.2'
        spring_version = "2.3.0.RELEASE"
    }

--- a/src/gaea.app/src/main/kotlin/com/synebula/gaea/app/component/security/WebSecurity.kt
+++ b/src/gaea.app/src/main/kotlin/com/synebula/gaea/app/component/security/WebSecurity.kt
@@ -13,6 +13,7 @@ import org.springframework.stereotype.Component
 import org.springframework.web.cors.CorsConfiguration
 import org.springframework.web.cors.CorsConfigurationSource
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource
+import java.util.*


@Component
@@ -28,21 +29,21 @@ class WebSecurity : WebSecurityConfigurerAdapter() {
    override fun configure(http: HttpSecurity) {
        // 跨域共享
        http.cors()
-            .and().csrf().disable() // 跨域伪造请求限制无效
-            .authorizeRequests()
-            .anyRequest().authenticated()// 资源任何人都可访问
-            .and()
-            .addFilter(WebAuthorization(authenticationManager(), tokenManager))// 添加JWT鉴权拦截器
-            .sessionManagement()
-            .sessionCreationPolicy(SessionCreationPolicy.STATELESS) // 设置Session的创建策略为：Spring Security永不创建HttpSession 不使用HttpSession来获取SecurityContext
-            .and()
-            .exceptionHandling()
-            .authenticationEntryPoint { _, response, _ ->
-                response.status = Status.Success
-                response.characterEncoding = "utf-8"
-                response.contentType = "text/javascript;charset=utf-8"
-                response.writer.print(HttpMessage(Status.Unauthorized, "用户未登录，请重新登录后尝试！"))
-            }
+                .and().csrf().disable() // 跨域伪造请求限制无效
+                .authorizeRequests()
+                .anyRequest().authenticated()// 资源任何人都可访问
+                .and()
+                .addFilter(WebAuthorization(authenticationManager(), tokenManager))// 添加JWT鉴权拦截器
+                .sessionManagement()
+                .sessionCreationPolicy(SessionCreationPolicy.STATELESS) // 设置Session的创建策略为：Spring Security永不创建HttpSession 不使用HttpSession来获取SecurityContext
+                .and()
+                .exceptionHandling()
+                .authenticationEntryPoint { _, response, _ ->
+                    response.status = Status.Success
+                    response.characterEncoding = "utf-8"
+                    response.contentType = "text/javascript;charset=utf-8"
+                    response.writer.print(HttpMessage(Status.Unauthorized, "用户未登录，请重新登录后尝试！"))
+                }
    }

    @Throws(Exception::class)
@@ -56,9 +57,15 @@ class WebSecurity : WebSecurityConfigurerAdapter() {
     */
    @Bean
    fun corsConfigurationSource(): CorsConfigurationSource {
+        val configuration = CorsConfiguration()
+        configuration.allowedOrigins = listOf("*")
+        configuration.allowedMethods = listOf("*")
+        configuration.allowedHeaders = listOf("*")
+        // 如果所有的属性不全部配置，一定要执行该方法
+        configuration.applyPermitDefaultValues()
        val source = UrlBasedCorsConfigurationSource()
        // 注册跨域配置
-        source.registerCorsConfiguration("/**", CorsConfiguration().applyPermitDefaultValues())
+        source.registerCorsConfiguration("/**", configuration)
        return source
    }
 }