| | |
|---|
| | | import com.panzhihua.zuul.filters.SercuritFilter; |
|---|
| | | import com.panzhihua.zuul.handles.UserAuthAccessDeniedHandler; |
|---|
| | | import com.panzhihua.zuul.manager.RoleAccessDecisionManager; |
|---|
| | | import org.springframework.boot.autoconfigure.security.SecurityProperties; |
|---|
| | | import org.springframework.context.annotation.Bean; |
|---|
| | | import org.springframework.context.annotation.Configuration; |
|---|
| | | import org.springframework.core.annotation.Order; |
|---|
| | | import org.springframework.security.config.annotation.ObjectPostProcessor; |
|---|
| | | import org.springframework.security.config.annotation.web.builders.HttpSecurity; |
|---|
| | | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; |
|---|
| | |
|---|
| | | import org.springframework.security.config.http.SessionCreationPolicy; |
|---|
| | | import org.springframework.security.web.access.intercept.FilterSecurityInterceptor; |
|---|
| | | import org.springframework.security.web.authentication.AnonymousAuthenticationFilter; |
|---|
| | | import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; |
|---|
| | | |
|---|
| | | import javax.annotation.Resource; |
|---|
| | | |
|---|
| | |
|---|
| | | **/ |
|---|
| | | @Configuration |
|---|
| | | @EnableWebSecurity |
|---|
| | | @Order(SecurityProperties.BASIC_AUTH_ORDER-1) |
|---|
| | | public class SpringSecurityConfig extends WebSecurityConfigurerAdapter { |
|---|
| | | |
|---|
| | | @Resource |
|---|
| | |
|---|
| | | http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); |
|---|
| | | // 禁用缓存 |
|---|
| | | http.headers().cacheControl(); |
|---|
| | | http.antMatcher("/api/applet/**").addFilterBefore(new AppletAuthenticationFilter(), AnonymousAuthenticationFilter.class); |
|---|
| | | http.addFilterBefore(new JWTAuthenticationTokenFilter(), AnonymousAuthenticationFilter.class); |
|---|
| | | } |
|---|
| | | |
|---|
| | | } |
|---|
