From 7b24f406659d6fd8692eda6b21b5b6d95f416e2b Mon Sep 17 00:00:00 2001
From: fengxiang <110431245@qq.com>
Date: Fri, 02 Feb 2018 14:19:39 +0800
Subject: [PATCH] 安全跨域设置

---
 src/main/java/com/moral/security/config/WebSecurityConfig.java |    5 ++---
 1 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/main/java/com/moral/security/config/WebSecurityConfig.java b/src/main/java/com/moral/security/config/WebSecurityConfig.java
index 4f3f2b5..41b91dc 100644
--- a/src/main/java/com/moral/security/config/WebSecurityConfig.java
+++ b/src/main/java/com/moral/security/config/WebSecurityConfig.java
@@ -18,7 +18,6 @@
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.web.access.channel.ChannelProcessingFilter;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@@ -39,7 +38,7 @@
     public static final String AUTHENTICATION_HEADER_NAME = "X-Authorization";
     public static final String AUTHENTICATION_URL = "/auth/login";
     public static final String REFRESH_TOKEN_URL = "/auth/token";
-    public static final String API_ROOT_URL = "/*/**";
+    public static final String API_ROOT_URL = "/**/*";
 
     @Autowired
     private RestAuthenticationEntryPoint authenticationEntryPoint;
@@ -112,7 +111,7 @@
                 .authorizeRequests()
                 .antMatchers(API_ROOT_URL).authenticated() // Protected API End-points
             .and()
-                .addFilterBefore(new CustomCorsFilter(), ChannelProcessingFilter.class)
+                .addFilterBefore(new CustomCorsFilter(), UsernamePasswordAuthenticationFilter.class)
                 .addFilterBefore(buildLoginProcessingFilter(AUTHENTICATION_URL), UsernamePasswordAuthenticationFilter.class)
                 .addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(permitAllEndpointList,
                 API_ROOT_URL), UsernamePasswordAuthenticationFilter.class);

--
Gitblit v1.8.0