| | |
|---|
| | | */ |
|---|
| | | @Resource |
|---|
| | | private UserAuthAccessDeniedHandler userAuthAccessDeniedHandler; |
|---|
| | | |
|---|
| | | @Override |
|---|
| | | protected void configure(HttpSecurity http) throws Exception { |
|---|
| | | http.authorizeRequests() |
|---|
| | |
|---|
| | | .and() |
|---|
| | | // 配置没有权限自定义处理类 |
|---|
| | | .exceptionHandling().accessDeniedHandler(userAuthAccessDeniedHandler) |
|---|
| | | .and() |
|---|
| | | .csrf().disable(); |
|---|
| | | // 基于Token不需要session |
|---|
| | | http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); |
|---|
| | | // 禁用缓存 |
|---|
| | | http.headers().cacheControl(); |
|---|
| | | http.addFilterBefore(new JWTAuthenticationTokenFilter(), AnonymousAuthenticationFilter.class); |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | .and() |
|---|
| | | .csrf().disable(); |
|---|
| | | // 基于Token不需要session |
|---|
| | | http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); |
|---|
| | | // 禁用缓存 |
|---|
| | | http.headers().cacheControl(); |
|---|
| | | http.addFilterBefore(new JWTAuthenticationTokenFilter(), AnonymousAuthenticationFilter.class); |
|---|
| | | } |
|---|
| | | |
|---|
| | | } |
|---|
