expert_management.git

			@@ -102,6 +102,8 @@
			httpSecurity
			// CSRF禁用，因为不使用session
			.csrf().disable()
			// 禁用HTTP响应标头
			.headers().cacheControl().disable().and()
			// 认证失败处理类
			.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
			// 基于token，所以不需要session
			@@ -109,7 +111,7 @@
			// 过滤请求
			.authorizeRequests()
			// 对于登录login 注册register 验证码captchaImage 允许匿名访问
			.antMatchers("/login", "/register", "/captchaImage").anonymous()
			.antMatchers("/login", "/register", "/captchaImage").permitAll()
			// 静态资源，可匿名访问
			.antMatchers(HttpMethod.GET, "/", "/.html", "//.html", "/*/.css", "/*/.js", "/profile/**").permitAll()
			.antMatchers("/swagger-ui.html", "/swagger-resources/", "/webjars/", "//api-docs", "/druid/*").permitAll()
			@@ -124,8 +126,6 @@
			// 添加CORS filter
			httpSecurity.addFilterBefore(corsFilter, JwtAuthenticationTokenFilter.class);
			httpSecurity.addFilterBefore(corsFilter, LogoutFilter.class);
			// 禁用缓存
			httpSecurity.headers().cacheControl().disable();
			}

			/**