diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java index bb8b7f231..450eccd45 100644 --- a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java +++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java @@ -21,18 +21,17 @@ import org.springframework.web.filter.CorsFilter; /** * spring security配置 - * + * * @author ruoyi */ @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true) -public class SecurityConfig extends WebSecurityConfigurerAdapter -{ +public class SecurityConfig extends WebSecurityConfigurerAdapter { /** * 自定义用户认证逻辑 */ @Autowired private UserDetailsService userDetailsService; - + /** * 认证失败处理类 */ @@ -50,7 +49,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter */ @Autowired private JwtAuthenticationTokenFilter authenticationTokenFilter; - + /** * 跨域过滤器 */ @@ -68,8 +67,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter */ @Bean @Override - public AuthenticationManager authenticationManagerBean() throws Exception - { + public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } @@ -89,31 +87,30 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter * authenticated | 用户登录后可访问 */ @Override - protected void configure(HttpSecurity httpSecurity) throws Exception - { + protected void configure(HttpSecurity httpSecurity) throws Exception { httpSecurity - // CSRF禁用,因为不使用session - .csrf().disable() - // 认证失败处理类 - .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and() - // 基于token,所以不需要session - .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() - // 过滤请求 - .authorizeRequests() - .antMatchers( - HttpMethod.GET, - "/", - "/*.html", - "/**/*.html", - "/**/*.css", - "/**/*.js" - ).permitAll() - .antMatchers(securityProperties.getAnonymous()).anonymous() - .antMatchers(securityProperties.getPermitAll()).permitAll() - // 除上面外的所有请求全部需要鉴权认证 - .anyRequest().authenticated() - .and() - .headers().frameOptions().disable(); + // CSRF禁用,因为不使用session + .csrf().disable() + // 认证失败处理类 + .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and() + // 基于token,所以不需要session + .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() + // 过滤请求 + .authorizeRequests() + .antMatchers( + HttpMethod.GET, + "/", + "/*.html", + "/**/*.html", + "/**/*.css", + "/**/*.js" + ).permitAll() + .antMatchers(securityProperties.getAnonymous()).anonymous() + .antMatchers(securityProperties.getPermitAll()).permitAll() + // 除上面外的所有请求全部需要鉴权认证 + .anyRequest().authenticated() + .and() + .headers().frameOptions().disable(); httpSecurity.logout().logoutUrl(securityProperties.getLogoutUrl()).logoutSuccessHandler(logoutSuccessHandler); // 添加JWT filter httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class); @@ -126,8 +123,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter * 强散列哈希加密实现 */ @Bean - public BCryptPasswordEncoder bCryptPasswordEncoder() - { + public BCryptPasswordEncoder bCryptPasswordEncoder() { return new BCryptPasswordEncoder(); } @@ -135,8 +131,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter * 身份认证接口 */ @Override - protected void configure(AuthenticationManagerBuilder auth) throws Exception - { + protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder()); } }