7x31
/
databasir
mirror of https://github.com/vran-dev/databasir.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat: update url auth pattern

This commit is contained in:
vran 2022-03-05 11:04:29 +08:00
parent 3e0b6224f5
commit 7d4328cd5b
2 changed files with 13 additions and 7 deletions
api/src/main/java/com/databasir/api
Routes.java
config
SecurityConfig.java

2
api/src/main/java/com/databasir/api/Routes.java
View File

@ -105,7 +105,7 @@ public interface Routes {
String REFRESH_ACCESS_TOKEN = "/access_tokens";
String LOGIN_INFO = "/login_info";
String LOGIN_INFO = BASE + "/login_info";
}

18
api/src/main/java/com/databasir/api/config/SecurityConfig.java
View File

@ -44,14 +44,20 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
.successHandler(databasirAuthenticationSuccessHandler)
.and()
.authorizeRequests()
.antMatchers("/login", Routes.Login.REFRESH_ACCESS_TOKEN).permitAll()
.antMatchers("/oauth2/apps", "/oauth2/failure", "/oauth2/authorization/*",
"/oauth2/login/*", "/login/oauth2/*")
// 登录和 Token 刷新无需授权
.antMatchers("/login", Routes.Login.REFRESH_ACCESS_TOKEN)
.permitAll()
.antMatchers("/", "/*.html", "/js/**", "/css/**", "/img/**", "/*.ico").permitAll()
.anyRequest().authenticated()
// oauth 回调地址无需鉴权
.antMatchers("/oauth2/apps", "/oauth2/authorization/*", "/oauth2/login/*")
.permitAll()
// 静态资源无需鉴权
.antMatchers("/", "/*.html", "/js/**", "/css/**", "/img/**", "/*.ico")
.permitAll()
// api 请求需要授权
.antMatchers("/api/**").authenticated()
.and()
.exceptionHandling().authenticationEntryPoint(databasirAuthenticationEntryPoint);
.exceptionHandling()
.authenticationEntryPoint(databasirAuthenticationEntryPoint);
http.addFilterBefore(
databasirJwtTokenFilter,