From 9757518476af8f4545a071b019680bd714747e59 Mon Sep 17 00:00:00 2001
From: 沈斌 <bluelazysb@hotmail.com>
Date: Tue, 30 Jan 2018 22:24:21 +0800
Subject: [PATCH] updated

---
 src/main/java/com/moral/security/WebSecurityConfiguration.java |   16 +++++++++-------
 1 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/src/main/java/com/moral/security/WebSecurityConfiguration.java b/src/main/java/com/moral/security/WebSecurityConfiguration.java
index 78b3e36..d54621f 100644
--- a/src/main/java/com/moral/security/WebSecurityConfiguration.java
+++ b/src/main/java/com/moral/security/WebSecurityConfiguration.java
@@ -14,12 +14,14 @@
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.password.NoOpPasswordEncoder;
 import org.springframework.security.oauth2.provider.ClientDetailsService;
 import org.springframework.security.oauth2.provider.approval.ApprovalStore;
 import org.springframework.security.oauth2.provider.approval.TokenApprovalStore;
 import org.springframework.security.oauth2.provider.approval.TokenStoreUserApprovalHandler;
 import org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory;
 import org.springframework.security.oauth2.provider.token.TokenStore;
+import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
 import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;
 
 @Configuration
@@ -43,15 +45,15 @@
 				.withUser("bill").password("abc123").roles("ADMIN").and()
 				.withUser("bob").password("abc123").roles("USER");
 
-//		auth.userDetailsService(userDetailsService).passwordEncoder(new Md5PasswordEncoder());
+		auth.userDetailsService(userDetailsService).passwordEncoder(NoOpPasswordEncoder.getInstance());
 	}
 
     @Override
     protected void configure(HttpSecurity http) throws Exception {
-		http
-		.anonymous().disable()
-	  	.authorizeRequests()
-	  	.antMatchers("/oauth/token").permitAll();
+		http.csrf().disable(); //TODO ������������CSRF
+		http.anonymous().disable()
+	  	    .authorizeRequests()
+	  	    .antMatchers("/oauth/token").permitAll();
     }
 
     @Override
@@ -63,8 +65,8 @@
 
 	@Bean
 	public TokenStore tokenStore() {
-		//return new InMemoryTokenStore();
-		return new RedisTokenStore(redisConnection);
+		return new InMemoryTokenStore();
+		//return new RedisTokenStore(redisConnection);
 	}
 
 	@Bean

--
Gitblit v1.8.0