工业级后台API v2
parent: 1cc13dcf | patch | commit | ignore whitespace
fengxiang
2018-02-02 daf06a31b66ea27d49158d30c5877e23e76ac5e1 
安全跨域设置
3 files modified
10 ■■■■■ changed files
src/main/java/com/moral/security/CustomCorsFilter.java 3 ●●●● patch | view | raw | blame | history
src/main/java/com/moral/security/auth/login/LoginAwareAuthenticationFailureHandler.java 4 ●●●● patch | view | raw | blame | history
src/main/java/com/moral/security/auth/login/LoginProcessingFilter.java 3 ●●●●● patch | view | raw | blame | history 
 src/main/java/com/moral/security/CustomCorsFilter.java


@@ -24,8 +24,7 @@


        config.setAllowCredentials(true);


        config.addAllowedOrigin("*");


        config.addAllowedHeader("*");


        config.addAllowedMethod("*");


        config.setMaxAge(3600L);


        config.setMaxAge(36000L);


        config.setAllowedMethods(Arrays.asList("GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS"));


        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();


        source.registerCorsConfiguration("/**", config);




 src/main/java/com/moral/security/auth/login/LoginAwareAuthenticationFailureHandler.java


@@ -47,7 +47,7 @@


        } else if (e instanceof AuthMethodNotSupportedException) {


            mapper.writeValue(response.getWriter(), ErrorResponse.of(e.getMessage(), ErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED));


        }




        mapper.writeValue(response.getWriter(), ErrorResponse.of("Authentication failed", ErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED));


//        mapper.writeValue(response.getWriter(), ErrorResponse.of("Authentication failed", ErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED));


        mapper.writeValue(response.getWriter(), ErrorResponse.of(e.getMessage(), ErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED));


    }


}




 src/main/java/com/moral/security/auth/login/LoginProcessingFilter.java


@@ -54,15 +54,12 @@


            }


            throw new AuthMethodNotSupportedException("Authentication method not supported");


        }




        LoginRequest loginRequest = objectMapper.readValue(request.getReader(), LoginRequest.class);


        


        if (StringUtils.isBlank(loginRequest.getUsername())


                || StringUtils.isBlank(loginRequest.getPassword())


                || loginRequest.getMode() == null) {


            throw new AuthenticationServiceException("Username or Password not provided");


        }




        UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(loginRequest.getUsername(), loginRequest.getPassword());


        // 此处存储登录方式由客户端发送过来


        token.setDetails(loginRequest.getMode());