From c6c9b7d3baa822765768c110304d27623f946286 Mon Sep 17 00:00:00 2001
From: pjb <123456>
Date: 星期二, 15 七月 2025 14:29:09 +0800
Subject: [PATCH] `1`

---
 zy-asrs-wms/src/main/java/com/zy/asrs/wms/common/security/SecurityConfig.java |  235 ++++++++++++++++++++++++++++++----------------------------
 1 files changed, 120 insertions(+), 115 deletions(-)

diff --git a/zy-asrs-wms/src/main/java/com/zy/asrs/wms/common/security/SecurityConfig.java b/zy-asrs-wms/src/main/java/com/zy/asrs/wms/common/security/SecurityConfig.java
index 42129dd..ebdb0b3 100644
--- a/zy-asrs-wms/src/main/java/com/zy/asrs/wms/common/security/SecurityConfig.java
+++ b/zy-asrs-wms/src/main/java/com/zy/asrs/wms/common/security/SecurityConfig.java
@@ -1,115 +1,120 @@
-package com.zy.asrs.wms.common.security;
-
-import com.zy.asrs.wms.common.constant.Constants;
-import com.zy.asrs.wms.utils.HttpUtils;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.http.HttpMethod;
-import org.springframework.security.access.AccessDeniedException;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.security.web.AuthenticationEntryPoint;
-import org.springframework.security.web.access.AccessDeniedHandler;
-import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
-import org.springframework.stereotype.Component;
-
-import javax.annotation.Resource;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-/**
- * Spring Security閰嶇疆
- *
- */
-@Configuration
-@EnableWebSecurity
-@EnableGlobalMethodSecurity(prePostEnabled = true)
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
-
-    public static final String[] FILTER_PATH = new String[]{
-            "/api/auth/host",
-            "/test/**",
-            "/api/login",
-            "/api/code/auth",
-            "/druid/**",
-            "/swagger-ui.html",
-            "/swagger-resources/**",
-            "/webjars/**",
-            "/v2/api-docs",
-            "/v3/api-docs",
-            "/swagger-ui/**"
-    };
-
-    @Resource
-    private JwtAccessDeniedHandler jwtAccessDeniedHandler;
-    @Resource
-    private JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
-    @Resource
-    private JwtAuthenticationFilter jwtAuthenticationFilter;
-
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http.authorizeRequests()
-                .antMatchers(HttpMethod.OPTIONS, "/**")
-                .permitAll()
-                .antMatchers(HttpMethod.GET, "/api/file/**", "/api/captcha", "/")
-                .permitAll()
-                .antMatchers(FILTER_PATH)
-                .permitAll()
-                .anyRequest()
-                .authenticated()
-                .and()
-                .sessionManagement()
-                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-                .and()
-                .csrf()
-                .disable()
-                .cors()
-                .and()
-                .logout()
-                .disable()
-                .headers()
-                .frameOptions()
-                .disable()
-                .and()
-                .exceptionHandling()
-                .accessDeniedHandler(jwtAccessDeniedHandler)
-                .authenticationEntryPoint(jwtAuthenticationEntryPoint)
-                .and()
-                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
-    }
-
-    @Bean
-    public BCryptPasswordEncoder bCryptPasswordEncoder() {
-        return new BCryptPasswordEncoder();
-    }
-
-    // 娌℃湁璁块棶鏉冮檺寮傚父澶勭悊
-    @Component
-    static class JwtAccessDeniedHandler implements AccessDeniedHandler {
-
-        @Override
-        public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException e) {
-            HttpUtils.responseError(response, Constants.UNAUTHORIZED_CODE, Constants.UNAUTHORIZED_MSG, e.getMessage());
-        }
-
-    }
-
-    // 娌℃湁鐧诲綍寮傚父澶勭悊
-    @Component
-    static class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint {
-
-        @Override
-        public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException e) {
-            HttpUtils.responseError(response, Constants.UNAUTHENTICATED_CODE, Constants.UNAUTHENTICATED_MSG,
-                    e.getMessage());
-        }
-
-    }
-
-}
+package com.zy.asrs.wms.common.security;
+
+import com.zy.asrs.wms.common.constant.Constants;
+import com.zy.asrs.wms.utils.HttpUtils;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
+import org.springframework.stereotype.Component;
+
+import javax.annotation.Resource;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Spring Security閰嶇疆
+ *
+ */
+@Configuration
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+    public static final String[] FILTER_PATH = new String[]{
+            "/api/auth/host",
+            "/api/language/json",
+            "/test/**",
+            "/api/login",
+            "/api/code/auth",
+            "/druid/**",
+            "/swagger-ui.html",
+            "/swagger-resources/**",
+            "/webjars/**",
+            "/v2/api-docs",
+            "/v3/api-docs",
+            "/swagger-ui/**"
+    };
+
+    @Resource
+    private JwtAccessDeniedHandler jwtAccessDeniedHandler;
+    @Resource
+    private JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
+    @Resource
+    private JwtAuthenticationFilter jwtAuthenticationFilter;
+    @Resource
+    private CacheFilter cacheFilter;
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.authorizeRequests()
+                .antMatchers("/**").permitAll()
+                .antMatchers(HttpMethod.GET, "/api/file/**", "/api/captcha", "/")
+                .permitAll()
+                .antMatchers(FILTER_PATH)
+                .permitAll()
+                .anyRequest()
+                .authenticated()
+                .and()
+                .sessionManagement()
+                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                .and()
+                .csrf()
+                .disable()
+                .cors()
+                .and()
+                .logout()
+                .disable()
+                .headers()
+                .frameOptions()
+                .disable()
+                .and()
+                .exceptionHandling()
+                .accessDeniedHandler(jwtAccessDeniedHandler)
+                .authenticationEntryPoint(jwtAuthenticationEntryPoint)
+                .and()
+                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
+                .addFilterBefore(cacheFilter, BasicAuthenticationFilter.class);
+    }
+
+
+    @Bean
+    public BCryptPasswordEncoder bCryptPasswordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+    // 娌℃湁璁块棶鏉冮檺寮傚父澶勭悊
+    @Component
+    static class JwtAccessDeniedHandler implements AccessDeniedHandler {
+
+        @Override
+        public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException e) {
+            HttpUtils.responseError(response, Constants.UNAUTHORIZED_CODE, Constants.UNAUTHORIZED_MSG, e.getMessage());
+        }
+
+    }
+
+    // 娌℃湁鐧诲綍寮傚父澶勭悊
+    @Component
+    static class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint {
+
+        @Override
+        public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException e) {
+            HttpUtils.responseError(response, Constants.UNAUTHENTICATED_CODE, Constants.UNAUTHENTICATED_MSG,
+                    e.getMessage());
+        }
+
+    }
+
+}

--
Gitblit v1.9.1