修订 loginPage 失败降级,改为指定 EndPoint
This commit is contained in:
@@ -8,10 +8,13 @@ import org.springframework.security.authentication.ProviderManager;
|
||||
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
|
||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
|
||||
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import quant.rich.emoney.service.AuthService;
|
||||
@@ -27,10 +30,10 @@ public class SecurityConfig {
|
||||
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.headers(headers -> headers
|
||||
.cacheControl(cache -> cache.disable())
|
||||
.frameOptions(f -> f.sameOrigin())
|
||||
.cacheControl(HeadersConfigurer.CacheControlConfig::disable)
|
||||
.frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin)
|
||||
)
|
||||
.csrf(csrf -> csrf.disable())
|
||||
.csrf(AbstractHttpConfigurer::disable)
|
||||
.authorizeHttpRequests(auth -> auth
|
||||
.requestMatchers("/favicon.ico").permitAll()
|
||||
.requestMatchers("/admin/*/login").permitAll()
|
||||
@@ -41,11 +44,8 @@ public class SecurityConfig {
|
||||
.requestMatchers("/img/**").permitAll()
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.formLogin(form -> form // 开启表单登录,并指定登录页
|
||||
.loginPage("/admin/v1/login") // 指定登录页
|
||||
.loginProcessingUrl("/admin/v1/doLogin") // 处理登录请求的 URL
|
||||
.defaultSuccessUrl("/admin/v1/", false) // 登录成功后默认跳转
|
||||
.permitAll())
|
||||
.exceptionHandling(ex -> ex
|
||||
.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/admin/v1/login")))
|
||||
.logout(logout -> logout
|
||||
.logoutUrl("/admin/v1/logout")
|
||||
.logoutSuccessUrl("/admin/v1/login")
|
||||
@@ -54,7 +54,6 @@ public class SecurityConfig {
|
||||
.sessionManagement(session -> session
|
||||
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
|
||||
);
|
||||
;
|
||||
|
||||
return http.build();
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user