From b009fb792ad85f637ababdd16d7ab0b1ae3d67cc Mon Sep 17 00:00:00 2001 From: LuoYe_MyWork Date: Fri, 21 Aug 2020 17:15:48 +0800 Subject: [PATCH] ~ --- .../io/qyi/e5/config/security/UrlAccessDecisionManager.java | 6 +++--- .../UrlInvocationSecurityMetadataSourceService.java | 2 ++ .../security/filter/LinkTokenAuthenticationFilter.java | 6 ++---- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/main/java/io/qyi/e5/config/security/UrlAccessDecisionManager.java b/src/main/java/io/qyi/e5/config/security/UrlAccessDecisionManager.java index baef417..70662df 100644 --- a/src/main/java/io/qyi/e5/config/security/UrlAccessDecisionManager.java +++ b/src/main/java/io/qyi/e5/config/security/UrlAccessDecisionManager.java @@ -25,18 +25,18 @@ import java.util.Iterator; public class UrlAccessDecisionManager implements AccessDecisionManager { @Override public void decide(Authentication authentication, Object o, Collection collection) throws AccessDeniedException, InsufficientAuthenticationException { - log.debug("进入权限判断!"); + log.info("进入权限判断!"); if (collection == null) { return; } - log.debug("object is a URL. {}", o.toString()); + log.info("object is a URL. {}", o.toString()); //所请求的资源拥有的权限(一个资源对多个权限) Iterator iterator = collection.iterator(); while (iterator.hasNext()) { ConfigAttribute configAttribute = iterator.next(); //访问所请求资源所需要的权限 String needPermission = configAttribute.getAttribute(); - log.debug("访问 " + o.toString() + " 需要的权限是:" + needPermission); + log.info("访问 " + o.toString() + " 需要的权限是:" + needPermission); if (needPermission == null) { break; } diff --git a/src/main/java/io/qyi/e5/config/security/UrlInvocationSecurityMetadataSourceService.java b/src/main/java/io/qyi/e5/config/security/UrlInvocationSecurityMetadataSourceService.java index c69eaa2..43cfe5e 100644 --- a/src/main/java/io/qyi/e5/config/security/UrlInvocationSecurityMetadataSourceService.java +++ b/src/main/java/io/qyi/e5/config/security/UrlInvocationSecurityMetadataSourceService.java @@ -36,6 +36,8 @@ public class UrlInvocationSecurityMetadataSourceService implements FilterInvocat permissions.put("/admin/**", "admin"); permissions.put("/**", "user"); permissions.put("/auth2/**", "ROLE_ANONYMOUS"); + permissions.put("/error", "ROLE_ANONYMOUS"); + Iterator> iterator = permissions.entrySet().iterator(); while (iterator.hasNext()) { Map.Entry next = iterator.next(); diff --git a/src/main/java/io/qyi/e5/config/security/filter/LinkTokenAuthenticationFilter.java b/src/main/java/io/qyi/e5/config/security/filter/LinkTokenAuthenticationFilter.java index 2c5f21a..bd242b5 100644 --- a/src/main/java/io/qyi/e5/config/security/filter/LinkTokenAuthenticationFilter.java +++ b/src/main/java/io/qyi/e5/config/security/filter/LinkTokenAuthenticationFilter.java @@ -4,12 +4,10 @@ import io.qyi.e5.config.security.UsernamePasswordAuthenticationToken; import io.qyi.e5.util.SpringUtil; import io.qyi.e5.util.redis.RedisUtil; import lombok.extern.slf4j.Slf4j; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpMethod; import org.springframework.http.HttpStatus; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.stereotype.Component; import org.springframework.web.filter.OncePerRequestFilter; import javax.servlet.FilterChain; @@ -52,9 +50,9 @@ public class LinkTokenAuthenticationFilter extends OncePerRequestFilter { log.info("--------------Token鉴权---------------"); /*设置跨域*/ HttpServletResponse response = httpServletResponse; - response.setHeader("Access-Control-Allow-Origin", "e5.qyi.io"); + response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Credentials", "true"); - response.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST"); + response.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST,OPTIONS"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, token"); /*如果是OPTIONS则结束请求*/