From 68fbc8fef1ba8d77472e6b849c9265fff751ec31 Mon Sep 17 00:00:00 2001 From: 648540858 <648540858@qq.com> Date: Wed, 31 Jan 2024 17:23:47 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E8=B7=A8=E5=9F=9F=E9=85=8D?= =?UTF-8?q?=E7=BD=AE=EF=BC=8C=E9=BB=98=E8=AE=A4=E5=85=81=E8=AE=B8=E5=85=A8?= =?UTF-8?q?=E9=83=A8=E8=B7=A8=E5=9F=9F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../iot/vmp/conf/security/WebSecurityConfig.java | 13 ++++++++++--- src/main/resources/all-application.yml | 2 +- src/main/resources/application-dev.yml | 4 ---- 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java index ee147f14..bbf9eb1b 100644 --- a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java +++ b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java @@ -1,12 +1,12 @@ package com.genersoft.iot.vmp.conf.security; import com.genersoft.iot.vmp.conf.UserSetting; -import org.springframework.core.annotation.Order; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.core.annotation.Order; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; @@ -25,6 +25,7 @@ import org.springframework.web.cors.UrlBasedCorsConfigurationSource; import java.util.ArrayList; import java.util.Arrays; +import java.util.Collections; /** * 配置Spring Security @@ -129,8 +130,14 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { corsConfiguration.setAllowedHeaders(Arrays.asList("*")); corsConfiguration.setAllowedMethods(Arrays.asList("*")); corsConfiguration.setMaxAge(3600L); - corsConfiguration.setAllowCredentials(true); - corsConfiguration.setAllowedOrigins(userSetting.getAllowedOrigins()); + if (userSetting.getAllowedOrigins() != null && !userSetting.getAllowedOrigins().isEmpty()) { + corsConfiguration.setAllowCredentials(true); + corsConfiguration.setAllowedOrigins(userSetting.getAllowedOrigins()); + }else { + corsConfiguration.setAllowCredentials(false); + corsConfiguration.setAllowedOrigins(Collections.singletonList(CorsConfiguration.ALL)); + } + corsConfiguration.setExposedHeaders(Arrays.asList(JwtUtils.getHeader())); UrlBasedCorsConfigurationSource url = new UrlBasedCorsConfigurationSource(); diff --git a/src/main/resources/all-application.yml b/src/main/resources/all-application.yml index 1384bd37..528bd1ae 100644 --- a/src/main/resources/all-application.yml +++ b/src/main/resources/all-application.yml @@ -237,7 +237,7 @@ user-settings: register-again-after-time: 60 # 国标续订方式,true为续订,每次注册在同一个会话里,false为重新注册,每次使用新的会话 register-keep-int-dialog: false - # 跨域配置,配置你访问前端页面的地址即可, 可以配置多个 + # 跨域配置,不配置此项则允许所有跨域请求,配置后则只允许配置的页面的地址请求, 可以配置多个 allowed-origins: - http://localhost:8008 - http://192.168.1.3:8008 diff --git a/src/main/resources/application-dev.yml b/src/main/resources/application-dev.yml index af9bd31e..8f9661bd 100644 --- a/src/main/resources/application-dev.yml +++ b/src/main/resources/application-dev.yml @@ -110,10 +110,6 @@ user-settings: auto-apply-play: true # 设备/通道状态变化时发送消息 device-status-notify: true - # 跨域配置,配置你访问前端页面的地址即可, 可以配置多个 - allowed-origins: - - http://localhost:8080 - - http://127.0.0.1:8080 # [可选] 日志配置, 一般不需要改 logging: config: classpath:logback-spring-local.xml