From a5fac95408a43ad43de9d88c30d06c0918c7bc8f Mon Sep 17 00:00:00 2001
From: zhongrj <646384940@qq.com>
Date: Wed, 29 May 2024 11:14:44 +0800
Subject: [PATCH] 配置调整

---
 src/main/java/org/springblade/auth/config/SecurityConfiguration.java |   20 +++++++++++++++++++-
 1 files changed, 19 insertions(+), 1 deletions(-)

diff --git a/src/main/java/org/springblade/auth/config/SecurityConfiguration.java b/src/main/java/org/springblade/auth/config/SecurityConfiguration.java
index 946645b..6ee943c 100644
--- a/src/main/java/org/springblade/auth/config/SecurityConfiguration.java
+++ b/src/main/java/org/springblade/auth/config/SecurityConfiguration.java
@@ -2,22 +2,27 @@
 
 import lombok.AllArgsConstructor;
 import lombok.SneakyThrows;
+import org.springblade.auth.filter.TokenFilterHandle;
 import org.springblade.auth.support.BladePasswordEncoderFactories;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
 /**
  * Security配置
  *
  * @author Chill
  */
-@Configuration(proxyBeanMethods = false)
+@Configuration
 @AllArgsConstructor
+@EnableGlobalMethodSecurity(prePostEnabled = true,securedEnabled = true,jsr250Enabled = true)
 public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
 
 	@Bean
@@ -38,6 +43,19 @@
 		http.headers().frameOptions().disable();
 		http.httpBasic().and().csrf().disable();
 		http.formLogin().loginPage("/oauth/login").loginProcessingUrl("/oauth/form");
+
+//		http
+//			.addFilterBefore(new TokenFilterHandle(), UsernamePasswordAuthenticationFilter.class)//免登录过滤器
+//			.formLogin().permitAll()
+//			// 配置Basic登录
+//			//.and().httpBasic()
+//			// 配置登出页面
+//			.and().logout().logoutUrl("/logout").logoutSuccessUrl("/")
+//			.and().authorizeRequests().antMatchers("/oauth/**", "/login/**", "/logout/**").permitAll()
+//			// 其余所有请求全部需要鉴权认证
+//			.anyRequest().authenticated()
+//			// 关闭跨域保护;
+//			.and().csrf().disable();
 	}
 
 	@Override

--
Gitblit v1.9.3