product-inventory-management-after.git

			@@ -8,12 +8,14 @@
			import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
			import org.springframework.security.config.annotation.web.builders.HttpSecurity;
			import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
			import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
			import org.springframework.security.config.http.SessionCreationPolicy;
			import org.springframework.security.core.userdetails.UserDetailsService;
			import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
			import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
			import org.springframework.security.web.authentication.logout.LogoutFilter;
			import org.springframework.web.filter.CorsFilter;
			import com.ruoyi.framework.config.properties.PermitAllUrlProperties;
			import com.ruoyi.framework.security.filter.JwtAuthenticationTokenFilter;
			import com.ruoyi.framework.security.handle.AuthenticationEntryPointImpl;
			import com.ruoyi.framework.security.handle.LogoutSuccessHandlerImpl;
			@@ -55,7 +57,13 @@
			*/
			@Autowired
			private CorsFilter corsFilter;


			/**
			* 允许匿名访问的地址
			*/
			@Autowired
			private PermitAllUrlProperties permitAllUrl;

			/**
			* 解决无法直接注入 AuthenticationManager
			*
			@@ -87,36 +95,31 @@
			@Override
			protected void configure(HttpSecurity httpSecurity) throws Exception
			{
			// 注解标记允许匿名访问的url
			ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = httpSecurity.authorizeRequests();
			permitAllUrl.getUrls().forEach(url -> registry.antMatchers(url).permitAll());

			httpSecurity
			// CRSF禁用，因为不使用session
			// CSRF禁用，因为不使用session
			.csrf().disable()
			// 禁用HTTP响应标头
			.headers().cacheControl().disable().and()
			// 认证失败处理类
			.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
			// 基于token，所以不需要session
			.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
			// 过滤请求
			.authorizeRequests()
			// 对于登录login 验证码captchaImage 允许匿名访问
			.antMatchers("/login", "/captchaImage").anonymous()
			.antMatchers(
			HttpMethod.GET,
			"/*.html",
			"/*/.html",
			"/*/.css",
			"/*/.js"
			).permitAll()
			.antMatchers("/profile/**").anonymous()
			.antMatchers("/common/download**").anonymous()
			.antMatchers("/common/download/resource**").anonymous()
			.antMatchers("/swagger-ui.html").anonymous()
			.antMatchers("/swagger-resources/**").anonymous()
			.antMatchers("/webjars/**").anonymous()
			.antMatchers("/*/api-docs").anonymous()
			.antMatchers("/druid/**").anonymous()
			// 对于登录login 注册register 验证码captchaImage 允许匿名访问
			.antMatchers("/login", "/register", "/captchaImage").permitAll()
			// 静态资源，可匿名访问
			.antMatchers(HttpMethod.GET, "/", "/.html", "//.html", "/*/.css", "/*/.js", "/profile/**").permitAll()
			.antMatchers("/swagger-ui.html", "/swagger-resources/", "/webjars/", "//api-docs", "/druid/*").permitAll()
			// 除上面外的所有请求全部需要鉴权认证
			.anyRequest().authenticated()
			.and()
			.headers().frameOptions().disable();
			// 添加Logout filter
			httpSecurity.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);
			// 添加JWT filter
			httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);