bug修复

This commit is contained in:
nojava
2026-05-18 08:25:00 +08:00
parent 52c845b0c3
commit 9649bc72ae
9 changed files with 166 additions and 11 deletions
@@ -15,7 +15,6 @@ import org.springframework.security.config.annotation.web.configurers.AbstractHt
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.core.annotation.Order;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration;
@@ -34,19 +33,21 @@ public class SecurityConfig {
private final JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
@Bean
@Order(1)
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.csrf(csrf -> csrf.disable())
.csrf(AbstractHttpConfigurer::disable)
.cors(cors -> cors.configurationSource(corsConfigurationSource()))
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.exceptionHandling(ex -> ex.authenticationEntryPoint(jwtAuthenticationEntryPoint))
.requestCache(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(auth -> auth
.requestMatchers("/api/auth/**").permitAll()
.requestMatchers("/api/public/**").permitAll()
.requestMatchers("/api/oauth/**").permitAll()
.requestMatchers("/swagger-ui/**", "/v3/api-docs/**").permitAll()
.requestMatchers("/static/**", "/index.html", "/").permitAll()
.requestMatchers("/assets/**", "/*.js", "/*.css", "/*.ico", "/*.png", "/*.svg").permitAll()
.requestMatchers("/login", "/register").permitAll()
.requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.requestMatchers("/api/admin/**").hasRole("ADMIN")
.requestMatchers("/api/app/**").hasAnyRole("USER", "ADMIN")
@@ -5,9 +5,11 @@ import fun.nojava.framework.filter.XssFilter;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class WebConfig {
public class WebConfig implements WebMvcConfigurer {
@Bean
public FilterRegistrationBean<XssFilter> xssFilterRegistration() {
@@ -17,4 +19,15 @@ public class WebConfig {
registration.setOrder(1);
return registration;
}
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/login").setViewName("forward:/index.html");
registry.addViewController("/register").setViewName("forward:/index.html");
registry.addViewController("/article/{id}").setViewName("forward:/index.html");
registry.addViewController("/app").setViewName("forward:/index.html");
registry.addViewController("/app/**").setViewName("forward:/index.html");
registry.addViewController("/admin").setViewName("forward:/index.html");
registry.addViewController("/admin/**").setViewName("forward:/index.html");
}
}