package junren.config;
import junren.filter.CoreConfig;
import junren.filter.jwtFilter;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class securityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().disable()
.authorizeRequests()//开启登录配置
.antMatchers("/doc.html","/webjars/**","/swagger-resources/**","/v2/api-docs/**")
.permitAll()
.antMatchers("/user/**","/files/**","/admin/login**","/update/**")
.permitAll()
.anyRequest()
.authenticated()
.and().anonymous().and()
.addFilterBefore(new jwtFilter(), UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(new CoreConfig(),jwtFilter.class)
.csrf()
.disable();
}
}
浙公网安备 33010602011771号