帷幄君成后端代码
上一版本: c4713a63 | 补丁 | 提交 | 显示空白
hongjli
2025-04-15 80096e5cd21947461a47b7d2440b436899953e6f 
优化
已添加1个文件
已修改1个文件
52 ■■■■■ 文件已修改
src/main/java/com/weiwojc/config/CorsConfig.java 33 ●●●●● 补丁 | 查看 | 原始文档 | blame | 历史
src/main/java/com/weiwojc/config/SecurityConfig.java 19 ●●●●● 补丁 | 查看 | 原始文档 | blame | 历史 
 src/main/java/com/weiwojc/config/CorsConfig.java


¶Ô±ÈÐÂÎļþ


@@ -0,0 +1,33 @@


package com.weiwojc.config;




import org.springframework.context.annotation.Bean;


import org.springframework.context.annotation.Configuration;


import org.springframework.web.cors.CorsConfiguration;


import org.springframework.web.cors.UrlBasedCorsConfigurationSource;


import org.springframework.web.filter.CorsFilter;




@Configuration


public class CorsConfig {




    @Bean


    public CorsFilter corsFilter() {


        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();


        CorsConfiguration config = new CorsConfiguration();


        


        // å…è®¸è·¨åŸŸçš„源,这里设置为允许所有源


        config.addAllowedOriginPattern("*");


        // å…è®¸è·¨åŸŸçš„请求头


        config.addAllowedHeader("*");


        // å…è®¸è·¨åŸŸçš„请求方法


        config.addAllowedMethod("*");


        // å…è®¸æºå¸¦è®¤è¯ä¿¡æ¯ï¼ˆtoken)


        config.setAllowCredentials(true);


        // æš´éœ²å“åº”头


        config.addExposedHeader("*");


        // è®¾ç½®è·¨åŸŸè¯·æ±‚的有效期,单位为秒


        config.setMaxAge(3600L);




        source.registerCorsConfiguration("/**", config);


        return new CorsFilter(source);


    }


} 




 src/main/java/com/weiwojc/config/SecurityConfig.java


@@ -12,6 +12,9 @@


import org.springframework.security.crypto.password.PasswordEncoder;


import org.springframework.security.web.SecurityFilterChain;


import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;


import org.springframework.web.cors.CorsConfiguration;


import org.springframework.web.cors.CorsConfigurationSource;


import org.springframework.web.cors.UrlBasedCorsConfigurationSource;




@Configuration


@EnableWebSecurity


@@ -23,6 +26,7 @@


    @Bean


    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {


        http


            .cors(cors -> cors.configurationSource(corsConfigurationSource()))


            .csrf(AbstractHttpConfigurer::disable)


            .sessionManagement(session -> session


                .sessionCreationPolicy(SessionCreationPolicy.STATELESS))


@@ -35,6 +39,21 @@


    }




    @Bean


    public CorsConfigurationSource corsConfigurationSource() {


        CorsConfiguration configuration = new CorsConfiguration();


        configuration.addAllowedOriginPattern("*");


        configuration.addAllowedMethod("*");


        configuration.addAllowedHeader("*");


        configuration.setAllowCredentials(true);


        configuration.addExposedHeader("*");


        configuration.setMaxAge(3600L);




        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();


        source.registerCorsConfiguration("/**", configuration);


        return source;


    }




    @Bean


    public PasswordEncoder passwordEncoder() {


        return new BCryptPasswordEncoder();


    }