From affe4139290946f97f6ac2852ddae5d6dcecb9ed Mon Sep 17 00:00:00 2001
From: 沈斌 <bluelazysb@hotmail.com>
Date: Tue, 30 Jan 2018 17:31:32 +0800
Subject: [PATCH] updated

---
 src/main/java/com/moral/security/WebSecurityConfiguration.java |   11 ++++++-----
 1 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/main/java/com/moral/security/WebSecurityConfiguration.java b/src/main/java/com/moral/security/WebSecurityConfiguration.java
index 0ff9182..d54621f 100644
--- a/src/main/java/com/moral/security/WebSecurityConfiguration.java
+++ b/src/main/java/com/moral/security/WebSecurityConfiguration.java
@@ -14,6 +14,7 @@
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.password.NoOpPasswordEncoder;
 import org.springframework.security.oauth2.provider.ClientDetailsService;
 import org.springframework.security.oauth2.provider.approval.ApprovalStore;
 import org.springframework.security.oauth2.provider.approval.TokenApprovalStore;
@@ -44,15 +45,15 @@
 				.withUser("bill").password("abc123").roles("ADMIN").and()
 				.withUser("bob").password("abc123").roles("USER");
 
-//		auth.userDetailsService(userDetailsService).passwordEncoder(new Md5PasswordEncoder());
+		auth.userDetailsService(userDetailsService).passwordEncoder(NoOpPasswordEncoder.getInstance());
 	}
 
     @Override
     protected void configure(HttpSecurity http) throws Exception {
-		http
-		.anonymous().disable()
-	  	.authorizeRequests()
-	  	.antMatchers("/oauth/token").permitAll();
+		http.csrf().disable(); //TODO ������������CSRF
+		http.anonymous().disable()
+	  	    .authorizeRequests()
+	  	    .antMatchers("/oauth/token").permitAll();
     }
 
     @Override

--
Gitblit v1.8.0