oauth认证bug

5151c880 · renjie · 66be1dde · 5151c880 · 5151c880
Commit 5151c880 authored Mar 12, 2020 by renjie
Showing with 13 additions and 8 deletions

ResourceServerConfiguration.java ...owserbackend/auth/config/ResourceServerConfiguration.java +9 -6

WebSecurityConfig.java ...m/edgec/browserbackend/auth/config/WebSecurityConfig.java +4 -2

No files found.
--- a/src/main/java/com/edgec/browserbackend/auth/config/ResourceServerConfiguration.java
+++ b/src/main/java/com/edgec/browserbackend/auth/config/ResourceServerConfiguration.java
@@ -17,12 +17,14 @@ public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter

    @Override
    public void configure(HttpSecurity http) throws Exception {
-        http.exceptionHandling()
-                .and()
-                .logout()
-                .logoutUrl("/oauth/logout")
-                .and()
+        http
                .authorizeRequests()
-                .antMatchers("/secure/**").authenticated();
+                .antMatchers("/user/*")
+                .authenticated()
+                .antMatchers("/oauth/**").permitAll()
+                .antMatchers("/shop/*","/ip/*","/group/*").authenticated()
+                .and()
+                //关闭跨站请求防护
+                .csrf().disable();
    }
 }
\ No newline at end of file
--- a/src/main/java/com/edgec/browserbackend/auth/config/WebSecurityConfig.java
+++ b/src/main/java/com/edgec/browserbackend/auth/config/WebSecurityConfig.java
@@ -8,12 +8,14 @@ import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

 /**
 * @author cdov
 */
+@EnableWebSecurity
 @Configuration
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

@@ -30,8 +32,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    public void configure(WebSecurity web) throws Exception {
        web.ignoring()
-                .antMatchers( "/account/authCode", "/user/signup",
-                "/user/reset*", "/token");
+                .antMatchers( "/user/authCode", "/user/signUp",
+                "/user/reset*");
    }

    @Override