From 5c67ffa649378a06b01f78bf42c768517b42eaf6 Mon Sep 17 00:00:00 2001
From: 无关风月 <443237572@qq.com>
Date: 星期五, 10 一月 2025 18:31:08 +0800
Subject: [PATCH] bug修改

---
 manage/src/main/java/com/jilongda/manage/config/WebSecurityConfig.java |   10 +++++++---
 1 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/manage/src/main/java/com/jilongda/manage/config/WebSecurityConfig.java b/manage/src/main/java/com/jilongda/manage/config/WebSecurityConfig.java
index 58186dd..89cdfe6 100644
--- a/manage/src/main/java/com/jilongda/manage/config/WebSecurityConfig.java
+++ b/manage/src/main/java/com/jilongda/manage/config/WebSecurityConfig.java
@@ -1,5 +1,6 @@
 package com.jilongda.manage.config;
 
+import com.jilongda.common.security.ExceptionHandleFilter;
 import com.jilongda.manage.security.SecurityAccessDeniedHandler;
 import com.jilongda.manage.security.SysUserDetailsService;
 import com.jilongda.common.basic.Constant;
@@ -22,6 +23,7 @@
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
 
 /**
  * 细粒度的访问控制
@@ -107,14 +109,14 @@
                 .logout().disable()
                 .csrf().disable()
                 // 放在 Cookie 中返回前端，防止跨域伪造
-                //.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and()
+//                .csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and()
                 //.and()
                 .authorizeRequests()
                 // 跨域预检请求
-//                .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
+                .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
                 // 登录URL permitAll() 无需保护 ---> 此种方式配置忽略认证规则会走Spring Security 过滤器链，在过滤器链中，给请求放行
                 // 不需要保护的请求,但需要经过过滤连
-                .antMatchers(HttpMethod.POST, "/**").permitAll()
+//                .antMatchers(HttpMethod.POST, "/**").permitAll()
                 // 其他都需要权限认证
                 .anyRequest()
                 .authenticated()
@@ -135,6 +137,8 @@
         http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
         // 访问控制时登录状态检查过滤器
         http.addFilterBefore(new AuthenticationFilter(securityUtils()), UsernamePasswordAuthenticationFilter.class);
+        // 异常捕捉过滤器，必须在AuthenticationFilter之前才能捕捉到异常信息
+        http.addFilterBefore(new ExceptionHandleFilter(), AuthenticationFilter.class);
         //禁用缓存
         http.headers().cacheControl();
     }

--
Gitblit v1.7.1