提交 bd498f12 编写于 作者: xignzi006's avatar xignzi006 🇨🇳

白名单路径

上级 95d871df
......@@ -3,6 +3,7 @@ package cn.ibizlab.api.config;
import cn.ibizlab.util.security.AuthenticationEntryPoint;
import cn.ibizlab.util.security.AuthorizationTokenFilter;
import cn.ibizlab.util.service.AuthenticationUserService;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
......@@ -55,6 +56,9 @@ public class apiSecurityConfig extends WebSecurityConfigurerAdapter {
@Value("${ibiz.file.previewpath:ibizutil/preview}")
private String previewpath;
@Value("${ibiz.auth.excludesPattern:}")
private String excludesPattern;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
......@@ -120,9 +124,18 @@ public class apiSecurityConfig extends WebSecurityConfigurerAdapter {
.antMatchers("/"+uploadpath).permitAll()
.antMatchers("/"+previewpath+"/**").permitAll()
//消息发送请求
.antMatchers("/notify/**").permitAll()
// 所有请求都需要认证
.anyRequest().authenticated()
.antMatchers("/notify/**").permitAll();
if (StringUtils.isNotBlank(excludesPattern)) {
for (String excludePattern : excludesPattern.split("\\s*,\\s*")) {
authenticationTokenFilter.addExcludePattern(excludePattern);
httpSecurity.authorizeRequests().antMatchers(excludePattern).permitAll();
}
}
// 所有请求都需要认证
httpSecurity.authorizeRequests().anyRequest().authenticated()
// 防止iframe 造成跨域
.and().headers().frameOptions().disable();
......
Markdown 格式
0% or
您添加了 0 到此讨论。请谨慎行事。
先完成此消息的编辑!
想要评论请 注册