| | |
| | | permitAllUrl.getUrls().forEach(url -> registry.antMatchers(url).permitAll()); |
| | | |
| | | httpSecurity |
| | | .cors().and() |
| | | // CSRF禁用,因为不使用session |
| | | .csrf().disable() |
| | | // 禁用HTTP响应标头 |
| | |
| | | // 过滤请求 |
| | | .authorizeRequests() |
| | | // 对于登录login 注册register 验证码captchaImage 允许匿名访问 |
| | | .antMatchers("/**/login", "/register", "/system/captcha/captchaImage").permitAll() |
| | | .antMatchers("/**/login", "/register", "/system/captcha/captchaImage","/system/common/importExcel").permitAll() |
| | | // 静态资源,可匿名访问 |
| | | .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**","/**/favicon.ico","/**/images/**").permitAll() |
| | | .antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll() |
| | |
| | | httpSecurity.addFilterBefore(corsFilter, LogoutFilter.class); |
| | | } |
| | | |
| | | |
| | | /** |
| | | * 强散列哈希加密实现 |
| | | */ |