补充security工程的注释信息
This commit is contained in:
ajaxfan
@ -40,8 +40,11 @@ public class BrowserSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||||||
@Override
|
@Override
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
protected void configure(HttpSecurity http) throws Exception {
|
||||||
http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint()).and().sessionManagement()
|
http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint()).and().sessionManagement()
|
||||||
|
// Spring security 默认是使用 HttpSessionSecurityContextRepository 来存储SecurityContext
|
||||||
|
// 的, 因我们的应用系统不是基于 login 认证模式, 如果开启session 则会产生 token 缓存问题(即新的请求可能使用的是过期token)
|
||||||
.sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
|
.sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
|
||||||
.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class)
|
.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class)
|
||||||
|
// 只对业务节点请求做认证处理
|
||||||
.authorizeRequests().antMatchers("/v1/**").authenticated().and().httpBasic().and().csrf().disable();
|
.authorizeRequests().antMatchers("/v1/**").authenticated().and().httpBasic().and().csrf().disable();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user