Commit 68fbc8fef1ba8d77472e6b849c9265fff751ec31
1 parent
ab34cb37
优化跨域配置,默认允许全部跨域
Showing
3 changed files
with
11 additions
and
8 deletions
src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
| 1 | package com.genersoft.iot.vmp.conf.security; | 1 | package com.genersoft.iot.vmp.conf.security; |
| 2 | 2 | ||
| 3 | import com.genersoft.iot.vmp.conf.UserSetting; | 3 | import com.genersoft.iot.vmp.conf.UserSetting; |
| 4 | -import org.springframework.core.annotation.Order; | ||
| 5 | import org.slf4j.Logger; | 4 | import org.slf4j.Logger; |
| 6 | import org.slf4j.LoggerFactory; | 5 | import org.slf4j.LoggerFactory; |
| 7 | import org.springframework.beans.factory.annotation.Autowired; | 6 | import org.springframework.beans.factory.annotation.Autowired; |
| 8 | import org.springframework.context.annotation.Bean; | 7 | import org.springframework.context.annotation.Bean; |
| 9 | import org.springframework.context.annotation.Configuration; | 8 | import org.springframework.context.annotation.Configuration; |
| 9 | +import org.springframework.core.annotation.Order; | ||
| 10 | import org.springframework.security.authentication.AuthenticationManager; | 10 | import org.springframework.security.authentication.AuthenticationManager; |
| 11 | import org.springframework.security.authentication.dao.DaoAuthenticationProvider; | 11 | import org.springframework.security.authentication.dao.DaoAuthenticationProvider; |
| 12 | import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; | 12 | import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; |
| @@ -25,6 +25,7 @@ import org.springframework.web.cors.UrlBasedCorsConfigurationSource; | @@ -25,6 +25,7 @@ import org.springframework.web.cors.UrlBasedCorsConfigurationSource; | ||
| 25 | 25 | ||
| 26 | import java.util.ArrayList; | 26 | import java.util.ArrayList; |
| 27 | import java.util.Arrays; | 27 | import java.util.Arrays; |
| 28 | +import java.util.Collections; | ||
| 28 | 29 | ||
| 29 | /** | 30 | /** |
| 30 | * 配置Spring Security | 31 | * 配置Spring Security |
| @@ -129,8 +130,14 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { | @@ -129,8 +130,14 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { | ||
| 129 | corsConfiguration.setAllowedHeaders(Arrays.asList("*")); | 130 | corsConfiguration.setAllowedHeaders(Arrays.asList("*")); |
| 130 | corsConfiguration.setAllowedMethods(Arrays.asList("*")); | 131 | corsConfiguration.setAllowedMethods(Arrays.asList("*")); |
| 131 | corsConfiguration.setMaxAge(3600L); | 132 | corsConfiguration.setMaxAge(3600L); |
| 132 | - corsConfiguration.setAllowCredentials(true); | ||
| 133 | - corsConfiguration.setAllowedOrigins(userSetting.getAllowedOrigins()); | 133 | + if (userSetting.getAllowedOrigins() != null && !userSetting.getAllowedOrigins().isEmpty()) { |
| 134 | + corsConfiguration.setAllowCredentials(true); | ||
| 135 | + corsConfiguration.setAllowedOrigins(userSetting.getAllowedOrigins()); | ||
| 136 | + }else { | ||
| 137 | + corsConfiguration.setAllowCredentials(false); | ||
| 138 | + corsConfiguration.setAllowedOrigins(Collections.singletonList(CorsConfiguration.ALL)); | ||
| 139 | + } | ||
| 140 | + | ||
| 134 | corsConfiguration.setExposedHeaders(Arrays.asList(JwtUtils.getHeader())); | 141 | corsConfiguration.setExposedHeaders(Arrays.asList(JwtUtils.getHeader())); |
| 135 | 142 | ||
| 136 | UrlBasedCorsConfigurationSource url = new UrlBasedCorsConfigurationSource(); | 143 | UrlBasedCorsConfigurationSource url = new UrlBasedCorsConfigurationSource(); |
src/main/resources/all-application.yml
| @@ -237,7 +237,7 @@ user-settings: | @@ -237,7 +237,7 @@ user-settings: | ||
| 237 | register-again-after-time: 60 | 237 | register-again-after-time: 60 |
| 238 | # 国标续订方式,true为续订,每次注册在同一个会话里,false为重新注册,每次使用新的会话 | 238 | # 国标续订方式,true为续订,每次注册在同一个会话里,false为重新注册,每次使用新的会话 |
| 239 | register-keep-int-dialog: false | 239 | register-keep-int-dialog: false |
| 240 | - # 跨域配置,配置你访问前端页面的地址即可, 可以配置多个 | 240 | + # 跨域配置,不配置此项则允许所有跨域请求,配置后则只允许配置的页面的地址请求, 可以配置多个 |
| 241 | allowed-origins: | 241 | allowed-origins: |
| 242 | - http://localhost:8008 | 242 | - http://localhost:8008 |
| 243 | - http://192.168.1.3:8008 | 243 | - http://192.168.1.3:8008 |
src/main/resources/application-dev.yml
| @@ -110,10 +110,6 @@ user-settings: | @@ -110,10 +110,6 @@ user-settings: | ||
| 110 | auto-apply-play: true | 110 | auto-apply-play: true |
| 111 | # 设备/通道状态变化时发送消息 | 111 | # 设备/通道状态变化时发送消息 |
| 112 | device-status-notify: true | 112 | device-status-notify: true |
| 113 | - # 跨域配置,配置你访问前端页面的地址即可, 可以配置多个 | ||
| 114 | - allowed-origins: | ||
| 115 | - - http://localhost:8080 | ||
| 116 | - - http://127.0.0.1:8080 | ||
| 117 | # [可选] 日志配置, 一般不需要改 | 113 | # [可选] 日志配置, 一般不需要改 |
| 118 | logging: | 114 | logging: |
| 119 | config: classpath:logback-spring-local.xml | 115 | config: classpath:logback-spring-local.xml |