帷幄君成后端代码
blame | 历史 | 补丁 | 提交 | 提交对比 | 忽略空白
hongjli
2025-04-15 80096e5cd21947461a47b7d2440b436899953e6f 
 src/main/java/com/weiwojc/config/SecurityConfig.java


@@ -12,6 +12,9 @@


import org.springframework.security.crypto.password.PasswordEncoder;


import org.springframework.security.web.SecurityFilterChain;


import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;


import org.springframework.web.cors.CorsConfiguration;


import org.springframework.web.cors.CorsConfigurationSource;


import org.springframework.web.cors.UrlBasedCorsConfigurationSource;




@Configuration


@EnableWebSecurity


@@ -23,6 +26,7 @@


    @Bean


    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {


        http


            .cors(cors -> cors.configurationSource(corsConfigurationSource()))


            .csrf(AbstractHttpConfigurer::disable)


            .sessionManagement(session -> session


                .sessionCreationPolicy(SessionCreationPolicy.STATELESS))


@@ -35,6 +39,21 @@


    }




    @Bean


    public CorsConfigurationSource corsConfigurationSource() {


        CorsConfiguration configuration = new CorsConfiguration();


        configuration.addAllowedOriginPattern("*");


        configuration.addAllowedMethod("*");


        configuration.addAllowedHeader("*");


        configuration.setAllowCredentials(true);


        configuration.addExposedHeader("*");


        configuration.setMaxAge(3600L);




        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();


        source.registerCorsConfiguration("/**", configuration);


        return source;


    }




    @Bean


    public PasswordEncoder passwordEncoder() {


        return new BCryptPasswordEncoder();


    }