From 01788ea18a48b738df0807f656a4007a5f16a13a Mon Sep 17 00:00:00 2001
From: 无关风月 <443237572@qq.com>
Date: 星期一, 06 一月 2025 17:51:54 +0800
Subject: [PATCH] Merge branch 'master' of http://120.76.84.145:10101/gitblit/r/java/eyes

---
 manage/src/main/java/com/jilongda/manage/config/WebSecurityConfig.java |   14 +++++++++-----
 1 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/manage/src/main/java/com/jilongda/manage/config/WebSecurityConfig.java b/manage/src/main/java/com/jilongda/manage/config/WebSecurityConfig.java
index 58186dd..328ce4f 100644
--- a/manage/src/main/java/com/jilongda/manage/config/WebSecurityConfig.java
+++ b/manage/src/main/java/com/jilongda/manage/config/WebSecurityConfig.java
@@ -1,5 +1,6 @@
 package com.jilongda.manage.config;
 
+import com.jilongda.common.security.ExceptionHandleFilter;
 import com.jilongda.manage.security.SecurityAccessDeniedHandler;
 import com.jilongda.manage.security.SysUserDetailsService;
 import com.jilongda.common.basic.Constant;
@@ -22,6 +23,7 @@
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
 
 /**
  * 细粒度的访问控制
@@ -59,8 +61,8 @@
      */
     @Bean
     public SecurityUtils securityUtils() {
-//        return new SecurityUtils(accessTokenCache,refreshTokenCache);
-        return new SecurityUtils();
+        return new SecurityUtils(accessTokenCache,refreshTokenCache);
+//        return new SecurityUtils();
     }
 
 
@@ -107,14 +109,14 @@
                 .logout().disable()
                 .csrf().disable()
                 // 放在 Cookie 中返回前端，防止跨域伪造
-                //.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and()
+//                .csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and()
                 //.and()
                 .authorizeRequests()
                 // 跨域预检请求
-//                .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
+                .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
                 // 登录URL permitAll() 无需保护 ---> 此种方式配置忽略认证规则会走Spring Security 过滤器链，在过滤器链中，给请求放行
                 // 不需要保护的请求,但需要经过过滤连
-                .antMatchers(HttpMethod.POST, "/**").permitAll()
+//                .antMatchers(HttpMethod.POST, "/**").permitAll()
                 // 其他都需要权限认证
                 .anyRequest()
                 .authenticated()
@@ -135,6 +137,8 @@
         http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
         // 访问控制时登录状态检查过滤器
         http.addFilterBefore(new AuthenticationFilter(securityUtils()), UsernamePasswordAuthenticationFilter.class);
+        // 异常捕捉过滤器，必须在AuthenticationFilter之前才能捕捉到异常信息
+        http.addFilterBefore(new ExceptionHandleFilter(), AuthenticationFilter.class);
         //禁用缓存
         http.headers().cacheControl();
     }

--
Gitblit v1.7.1