From baaff76ba638ac37f5b1dcffb27ba9f5a9fff937 Mon Sep 17 00:00:00 2001
From: fengxiang <110431245@qq.com>
Date: Mon, 05 Feb 2018 13:30:16 +0800
Subject: [PATCH] token放在get请求参数中

---
 src/main/java/com/moral/security/config/WebSecurityConfig.java |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/main/java/com/moral/security/config/WebSecurityConfig.java b/src/main/java/com/moral/security/config/WebSecurityConfig.java
index 4f3f2b5..2d1fceb 100644
--- a/src/main/java/com/moral/security/config/WebSecurityConfig.java
+++ b/src/main/java/com/moral/security/config/WebSecurityConfig.java
@@ -18,7 +18,6 @@
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.web.access.channel.ChannelProcessingFilter;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@@ -37,9 +36,10 @@
 @EnableWebSecurity
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
     public static final String AUTHENTICATION_HEADER_NAME = "X-Authorization";
+    public static final String AUTHENTICATION_PARAM_NAME = "_token";
     public static final String AUTHENTICATION_URL = "/auth/login";
     public static final String REFRESH_TOKEN_URL = "/auth/token";
-    public static final String API_ROOT_URL = "/*/**";
+    public static final String API_ROOT_URL = "/**/*";
 
     @Autowired
     private RestAuthenticationEntryPoint authenticationEntryPoint;
@@ -112,7 +112,7 @@
                 .authorizeRequests()
                 .antMatchers(API_ROOT_URL).authenticated() // Protected API End-points
             .and()
-                .addFilterBefore(new CustomCorsFilter(), ChannelProcessingFilter.class)
+                .addFilterBefore(new CustomCorsFilter(), UsernamePasswordAuthenticationFilter.class)
                 .addFilterBefore(buildLoginProcessingFilter(AUTHENTICATION_URL), UsernamePasswordAuthenticationFilter.class)
                 .addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(permitAllEndpointList,
                 API_ROOT_URL), UsernamePasswordAuthenticationFilter.class);

--
Gitblit v1.8.0