From 2e98b20bea4463e4465e3c19059d0744a09aec06 Mon Sep 17 00:00:00 2001
From: zhongrj <646384940@qq.com>
Date: Tue, 27 Jun 2023 14:34:41 +0800
Subject: [PATCH] gb28181版本升级-补充

---
 src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java |   36 ++++++++++++++++++++++++------------
 1 files changed, 24 insertions(+), 12 deletions(-)

diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
index 8725929..73676d8 100644
--- a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
@@ -1,6 +1,6 @@
 package com.genersoft.iot.vmp.conf.security;
 
-import com.genersoft.iot.vmp.conf.UserSetup;
+import com.genersoft.iot.vmp.conf.UserSetting;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -20,6 +20,7 @@
 
 /**
  * 配置Spring Security
+ * @author lin
  */
 @Configuration
 @EnableWebSecurity
@@ -29,7 +30,7 @@
     private final static Logger logger = LoggerFactory.getLogger(WebSecurityConfig.class);
 
     @Autowired
-    private UserSetup userSetup;
+    private UserSetting userSetting;
 
     @Autowired
     private DefaultUserDetailsServiceImpl userDetailsService;
@@ -77,7 +78,7 @@
     @Override
     public void configure(WebSecurity web) {
 
-        if (!userSetup.isInterfaceAuthentication()) {
+        if (!userSetting.isInterfaceAuthentication()) {
             web.ignoring().antMatchers("**");
         }else {
             // 可以直接访问的静态数据
@@ -90,8 +91,9 @@
                     .antMatchers("/webjars/**")
                     .antMatchers("/swagger-resources/**")
                     .antMatchers("/v3/api-docs/**")
+                    .antMatchers("/favicon.ico")
                     .antMatchers("/js/**");
-            List<String> interfaceAuthenticationExcludes = userSetup.getInterfaceAuthenticationExcludes();
+            List<String> interfaceAuthenticationExcludes = userSetting.getInterfaceAuthenticationExcludes();
             for (String interfaceAuthenticationExclude : interfaceAuthenticationExcludes) {
                 if (interfaceAuthenticationExclude.split("/").length < 4 ) {
                     logger.warn("{}不满足两级目录,已忽略", interfaceAuthenticationExclude);
@@ -127,20 +129,30 @@
         http.headers().contentTypeOptions().disable();
         http.authorizeRequests()
                 // 放行接口
-                .antMatchers("/api/user/login","/index/hook/**","/api/device/query/**","/api/play/start/**").permitAll()
+                .antMatchers("/api/user/login"
+                        ,"/index/hook/**"
+                        ,"/api/device/query/**"
+                        ,"/api/play/start/**"
+                        ,"/api/position/**"
+                        ,"/api/position/history/**"
+                ).permitAll()
                 // 除上面外的所有请求全部需要鉴权认证
                 .anyRequest().authenticated()
                 // 异常处理(权限拒绝、登录失效等)
                 .and().exceptionHandling()
-                .authenticationEntryPoint(anonymousAuthenticationEntryPoint)//匿名用户访问无权限资源时的异常处理
+                //匿名用户访问无权限资源时的异常处理
+                .authenticationEntryPoint(anonymousAuthenticationEntryPoint)
 //                .accessDeniedHandler(accessDeniedHandler)//登录用户没有权限访问资源
-                // 登入
-                .and().formLogin().permitAll()//允许所有用户
-                .successHandler(loginSuccessHandler)//登录成功处理逻辑
-                .failureHandler(loginFailureHandler)//登录失败处理逻辑
+                // 登入 允许所有用户
+                .and().formLogin().permitAll()
+                //登录成功处理逻辑
+                .successHandler(loginSuccessHandler)
+                //登录失败处理逻辑
+                .failureHandler(loginFailureHandler)
                 // 登出
-                .and().logout().logoutUrl("/api/user/logout").permitAll()//允许所有用户
-                .logoutSuccessHandler(logoutHandler)//登出成功处理逻辑
+                .and().logout().logoutUrl("/api/user/logout").permitAll()
+                //登出成功处理逻辑
+                .logoutSuccessHandler(logoutHandler)
                 .deleteCookies("JSESSIONID")
                 // 会话管理
 //                .and().sessionManagement().invalidSessionStrategy(invalidSessionHandler) // 超时处理

--
Gitblit v1.9.3