修订 loginPage 失败降级,改为指定 EndPoint

This commit is contained in:
2026-06-08 17:42:14 +08:00
parent ae4599cd9a
commit 287b124f7e
@@ -8,10 +8,13 @@ import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.password.NoOpPasswordEncoder; import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import lombok.RequiredArgsConstructor; import lombok.RequiredArgsConstructor;
import quant.rich.emoney.service.AuthService; import quant.rich.emoney.service.AuthService;
@@ -27,10 +30,10 @@ public class SecurityConfig {
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http http
.headers(headers -> headers .headers(headers -> headers
.cacheControl(cache -> cache.disable()) .cacheControl(HeadersConfigurer.CacheControlConfig::disable)
.frameOptions(f -> f.sameOrigin()) .frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin)
) )
.csrf(csrf -> csrf.disable()) .csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(auth -> auth .authorizeHttpRequests(auth -> auth
.requestMatchers("/favicon.ico").permitAll() .requestMatchers("/favicon.ico").permitAll()
.requestMatchers("/admin/*/login").permitAll() .requestMatchers("/admin/*/login").permitAll()
@@ -41,11 +44,8 @@ public class SecurityConfig {
.requestMatchers("/img/**").permitAll() .requestMatchers("/img/**").permitAll()
.anyRequest().authenticated() .anyRequest().authenticated()
) )
.formLogin(form -> form // 开启表单登录,并指定登录页 .exceptionHandling(ex -> ex
.loginPage("/admin/v1/login") // 指定登录页 .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/admin/v1/login")))
.loginProcessingUrl("/admin/v1/doLogin") // 处理登录请求的 URL
.defaultSuccessUrl("/admin/v1/", false) // 登录成功后默认跳转
.permitAll())
.logout(logout -> logout .logout(logout -> logout
.logoutUrl("/admin/v1/logout") .logoutUrl("/admin/v1/logout")
.logoutSuccessUrl("/admin/v1/login") .logoutSuccessUrl("/admin/v1/login")
@@ -54,7 +54,6 @@ public class SecurityConfig {
.sessionManagement(session -> session .sessionManagement(session -> session
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED) .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
); );
;
return http.build(); return http.build();
} }
@@ -72,4 +71,4 @@ public class SecurityConfig {
public PasswordEncoder passwordEncoder() { public PasswordEncoder passwordEncoder() {
return NoOpPasswordEncoder.getInstance(); return NoOpPasswordEncoder.getInstance();
} }
} }