@Override
protected void configure(HttpSecurity http) throws Exception {
//xxx的部分,需要自己根据业务定义
http
.authorizeRequests()
/* allow */
.antMatchers("/plugins/**", "/api-docs/**") .permitAll()
.antMatchers("/login", "/logout").permitAll()
/* auth control */
.antMatchers("/xxx/user", "/xxx/user/**").access("hasAuthority('xxx:user')")
.antMatchers("/xxx/role", "/xxx/role/**").access("hasAuthority('xxx:role')")
/* others */
.anyRequest().authenticated()
/* other Filters */
.and()
.addFilterBefore(xxxFilter(), UsernamePasswordAuthenticationFilter.class)
/* iframe */
.headers()
.frameOptions()
.sameOrigin()
/* form login & logout */
.and().formLogin()
.loginPage("/login")
.usernameParameter("username")
.passwordParameter("password")
.defaultSuccessUrl("/admin/", true)
.and().rememberMe()
.rememberMeParameter("remember")
.rememberMeCookieName("remember")
.and().logout()
.deleteCookies("JSESSIONID")
.invalidateHttpSession(true)
.logoutSuccessHandler(new XXXLogoutSuccessHandler(localeResolver()))
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.permitAll()
/* csrf */
.and().csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
// .and().cors()
}
Spring Security - CookieCsrfTokenRepository.withHttpOnlyFalse() 模板
最新推荐文章于 2024-03-31 17:39:40 发布