/** * Spring Security配置类 */ @Slf4j @Configuration @EnableGlobalMethodSecurity(prePostEnabled = true) public class SecurityConfiguration extends WebSecurityConfigurerAdapter { @Autowired private JwtAuthorizationFilter jwtAuthorizationFilter; public SecurityConfiguration() { log.debug("创建配置类对象:SecurityConfiguration"); } @Override protected void configure(HttpSecurity http) throws Exception { // 白名单 String[] urls = { "/favicon.ico", "/doc.html", "/**/*.js", "/**/*.css", "/swagger-resources", "/v2/api-docs" }; // 启用CorsFilter(Spring Security内置的处理跨域的过滤器) http.cors(); // 将防止伪造跨域攻击的机制禁用 http.csrf().disable(); http.authorizeRequests() // 管理请求授权 .mvcMatchers(urls) // 匹配某些路径 .permitAll() // 直接许可,即可不需要通过认证即可访问 .anyRequest() // 除了以上配置过的以外的其它所有请求 .authenticated(); // 要求是“已经通过认证的” // 将JWT过滤器添加到Spring Security框架的过滤器链中 http.addFilterBefore(jwtAuthorizationFilter, UsernamePasswordAuthenticationFilter.class); } }
Security配置
最新推荐文章于 2024-03-22 16:52:16 发布