From 458a590d905246081332cba18997c9b5c68aa725 Mon Sep 17 00:00:00 2001
From: CeDo <cedoogle@gmail.com>
Date: 星期一, 10 五月 2021 15:55:07 +0800
Subject: [PATCH] Merge branch 'cedoodev' into test

---
 springcloud_k8s_panzhihuazhihuishequ/zuul/src/main/java/com/panzhihua/zuul/config/SpringSecurityConfig.java |   26 +++++++++++++++-----------
 1 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/springcloud_k8s_panzhihuazhihuishequ/zuul/src/main/java/com/panzhihua/zuul/config/SpringSecurityConfig.java b/springcloud_k8s_panzhihuazhihuishequ/zuul/src/main/java/com/panzhihua/zuul/config/SpringSecurityConfig.java
index 8d74a7e..f6feb77 100644
--- a/springcloud_k8s_panzhihuazhihuishequ/zuul/src/main/java/com/panzhihua/zuul/config/SpringSecurityConfig.java
+++ b/springcloud_k8s_panzhihuazhihuishequ/zuul/src/main/java/com/panzhihua/zuul/config/SpringSecurityConfig.java
@@ -1,10 +1,14 @@
 package com.panzhihua.zuul.config;
 
+import com.panzhihua.zuul.filters.AppletAuthenticationFilter;
 import com.panzhihua.zuul.filters.JWTAuthenticationTokenFilter;
 import com.panzhihua.zuul.filters.SercuritFilter;
 import com.panzhihua.zuul.handles.UserAuthAccessDeniedHandler;
 import com.panzhihua.zuul.manager.RoleAccessDecisionManager;
+import org.springframework.boot.autoconfigure.security.SecurityProperties;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
 import org.springframework.security.config.annotation.ObjectPostProcessor;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -12,6 +16,7 @@
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
 import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
 import javax.annotation.Resource;
 
@@ -23,6 +28,7 @@
  **/
 @Configuration
 @EnableWebSecurity
+@Order(SecurityProperties.BASIC_AUTH_ORDER-1)
 public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
 
     @Resource
@@ -34,6 +40,7 @@
      */
     @Resource
     private UserAuthAccessDeniedHandler userAuthAccessDeniedHandler;
+
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http.authorizeRequests()
@@ -49,16 +56,13 @@
                 .and()
                 // 配置没有权限自定义处理类
                 .exceptionHandling().accessDeniedHandler(userAuthAccessDeniedHandler)
-               .and()
-             .csrf().disable();
-            // 基于Token不需要session
-            http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
-            // 禁用缓存
-            http.headers().cacheControl();
-            http.addFilterBefore(new JWTAuthenticationTokenFilter(), AnonymousAuthenticationFilter.class);
-
-
-
-
+                .and()
+                .csrf().disable();
+        // 基于Token不需要session
+        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
+        // 禁用缓存
+        http.headers().cacheControl();
+        http.addFilterBefore(new JWTAuthenticationTokenFilter(), AnonymousAuthenticationFilter.class);
     }
+
 }

--
Gitblit v1.7.1