|
|
@@ -9,6 +9,7 @@ import org.springframework.beans.factory.annotation.Autowired;
|
|
|
import org.springframework.beans.factory.annotation.Value;
|
|
|
import org.springframework.context.annotation.Bean;
|
|
|
import org.springframework.context.annotation.Configuration;
|
|
|
+import org.springframework.http.HttpHeaders;
|
|
|
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
|
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|
|
@@ -83,6 +84,14 @@ public class SecurityConfig {
|
|
|
// 设置白名单
|
|
|
.authorizeHttpRequests((authorizeHttpRequests) ->
|
|
|
authorizeHttpRequests
|
|
|
+ // 1. 按路径放行
|
|
|
+ //.requestMatchers("/material/materialList").permitAll()
|
|
|
+ // 2. 按 Host 头放行(新增)
|
|
|
+ .requestMatchers(req -> {
|
|
|
+ String host = req.getHeader(HttpHeaders.HOST);
|
|
|
+ return "dev.manage.daogu.ai".equals(host) ||
|
|
|
+ "dev.daogusc.com".equals(host);
|
|
|
+ }).permitAll()
|
|
|
// .requestMatchers("/api/**").permitAll()
|
|
|
// .requestMatchers(whiteUrls).permitAll()
|
|
|
// .requestMatchers(anonymousUrls).permitAll()
|
|
|
@@ -107,40 +116,6 @@ public class SecurityConfig {
|
|
|
.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
|
|
|
;
|
|
|
|
|
|
- // 使用无状态session,即不使用session缓存数据
|
|
|
-// .logout()
|
|
|
-// .logoutUrl("/api/auth/logout")
|
|
|
-// .addLogoutHandler(new CustomLogoutHandler())
|
|
|
-// .logoutSuccessHandler(((request, response, authentication) -> SecurityContextHolder.clearContext()));
|
|
|
-
|
|
|
-// .authorizeHttpRequests(
|
|
|
-// (requests) -> requests
|
|
|
-// // 放行路径 (6.0 下,antMatchers 已弃用,使用 requestMatchers 代替)
|
|
|
-// .requestMatchers("/", "/api/**").permitAll()
|
|
|
-// // 放行静态资源 (/resources/static/images/p1.jpg)
|
|
|
-// .requestMatchers("/*.ico", "/images/**").permitAll()
|
|
|
-// // ,
|
|
|
-// .anyRequest().authenticated()
|
|
|
-// )
|
|
|
-// .formLogin((form) ->
|
|
|
-// form
|
|
|
-// // 进入登录跳转页面
|
|
|
-// .loginPage("/login")
|
|
|
-//
|
|
|
-// // 自定义拦截器 (错误/成功)
|
|
|
-// .failureHandler(new CustomAuthenticationFailureHandler())
|
|
|
-// .successHandler(new CustomAuthenticationSuccessHandler())
|
|
|
-//
|
|
|
-// .permitAll()
|
|
|
-// ).logout((logout) ->
|
|
|
-// logout
|
|
|
-// // 退出登录后跳转页面
|
|
|
-// .logoutSuccessUrl("/")
|
|
|
-// .permitAll()
|
|
|
-// );
|
|
|
-
|
|
|
- // http.cors(); // 允许跨域
|
|
|
-
|
|
|
return http.build();
|
|
|
}
|
|
|
|
Mure