diff --git a/src/main/java/quant/rich/emoney/config/SecurityConfig.java b/src/main/java/quant/rich/emoney/config/SecurityConfig.java index 200f339..90c55d9 100644 --- a/src/main/java/quant/rich/emoney/config/SecurityConfig.java +++ b/src/main/java/quant/rich/emoney/config/SecurityConfig.java @@ -8,10 +8,13 @@ import org.springframework.security.authentication.ProviderManager; import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; +import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.crypto.password.NoOpPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint; import lombok.RequiredArgsConstructor; import quant.rich.emoney.service.AuthService; @@ -27,10 +30,10 @@ public class SecurityConfig { public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http .headers(headers -> headers - .cacheControl(cache -> cache.disable()) - .frameOptions(f -> f.sameOrigin()) + .cacheControl(HeadersConfigurer.CacheControlConfig::disable) + .frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin) ) - .csrf(csrf -> csrf.disable()) + .csrf(AbstractHttpConfigurer::disable) .authorizeHttpRequests(auth -> auth .requestMatchers("/favicon.ico").permitAll() .requestMatchers("/admin/*/login").permitAll() @@ -41,11 +44,8 @@ public class SecurityConfig { .requestMatchers("/img/**").permitAll() .anyRequest().authenticated() ) - .formLogin(form -> form // 开启表单登录,并指定登录页 - .loginPage("/admin/v1/login") // 指定登录页 - .loginProcessingUrl("/admin/v1/doLogin") // 处理登录请求的 URL - .defaultSuccessUrl("/admin/v1/", false) // 登录成功后默认跳转 - .permitAll()) + .exceptionHandling(ex -> ex + .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/admin/v1/login"))) .logout(logout -> logout .logoutUrl("/admin/v1/logout") .logoutSuccessUrl("/admin/v1/login") @@ -54,7 +54,6 @@ public class SecurityConfig { .sessionManagement(session -> session .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED) ); - ; return http.build(); } @@ -72,4 +71,4 @@ public class SecurityConfig { public PasswordEncoder passwordEncoder() { return NoOpPasswordEncoder.getInstance(); } -} \ No newline at end of file +}