记录一下
@Configuration
@EnableResourceServer
public class ResourceServiceConfig extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http
// 针对所有的请求
.authorizeRequests().and().authorizeRequests()
.antMatchers("/login")
.permitAll()
// 路径下的请求做认证
.anyRequest().authenticated().and().httpBasic().and()
// 开启跨域配置
.cors().configurationSource(corsConfigurationSource()).and().csrf().disable();
}
CorsConfigurationSource corsConfigurationSource() {
CorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration corsConfiguration = new CorsConfiguration();
// 同源配置,*表示任何请求都视为同源,若需指定ip和端口可以改为如“localhost:8080”,多个以“,”分隔;
corsConfiguration.addAllowedOrigin("*");
// header,允许哪些header,本案中使用的是token,此处可将*替换为token;
corsConfiguration.addAllowedHeader("*");
// 允许的请求方法,PSOT、GET等
corsConfiguration.addAllowedMethod("*");
// 配置允许跨域访问的url
((UrlBasedCorsConfigurationSource)source).registerCorsConfiguration("/**", corsConfiguration);
return source;
}
/**
* @Author tdh
* @Description 自定义无效TOKEN返回体
* @Date 2022/7/27
*/
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
OAuth2AuthenticationEntryPoint authenticationEntryPoint = new OAuth2AuthenticationEntryPoint();
authenticationEntryPoint.setExceptionTranslator(new CustomExceptionTranslator());
resources.authenticationEntryPoint(authenticationEntryPoint);
}
}