From f65cd6245de4757ecea7b6c127fa54f0786b514f Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期四, 30 十二月 2021 14:14:40 +0800
Subject: [PATCH] 防重复提交标识组合(key + url + header)
---
ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java | 16 +++++++---------
1 files changed, 7 insertions(+), 9 deletions(-)
diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java
index 1053159..58dd02a 100644
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java
@@ -49,7 +49,7 @@
*/
@Autowired
private JwtAuthenticationTokenFilter authenticationTokenFilter;
-
+
/**
* 跨域过滤器
*/
@@ -88,7 +88,7 @@
protected void configure(HttpSecurity httpSecurity) throws Exception
{
httpSecurity
- // CRSF禁用,因为不使用session
+ // CSRF禁用,因为不使用session
.csrf().disable()
// 认证失败处理类
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
@@ -96,18 +96,17 @@
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
// 过滤请求
.authorizeRequests()
- // 对于登录login 验证码captchaImage 允许匿名访问
- .antMatchers("/login", "/captchaImage").anonymous()
+ // 对于登录login 注册register 验证码captchaImage 允许匿名访问
+ .antMatchers("/login", "/register", "/captchaImage").anonymous()
.antMatchers(
HttpMethod.GET,
+ "/",
"/*.html",
"/**/*.html",
"/**/*.css",
- "/**/*.js"
+ "/**/*.js",
+ "/profile/**"
).permitAll()
- .antMatchers("/profile/**").anonymous()
- .antMatchers("/common/download**").anonymous()
- .antMatchers("/common/download/resource**").anonymous()
.antMatchers("/swagger-ui.html").anonymous()
.antMatchers("/swagger-resources/**").anonymous()
.antMatchers("/webjars/**").anonymous()
@@ -125,7 +124,6 @@
httpSecurity.addFilterBefore(corsFilter, LogoutFilter.class);
}
-
/**
* 强散列哈希加密实现
*/
--
Gitblit v1.9.2