From daf06a31b66ea27d49158d30c5877e23e76ac5e1 Mon Sep 17 00:00:00 2001
From: fengxiang <110431245@qq.com>
Date: Fri, 02 Feb 2018 10:24:39 +0800
Subject: [PATCH] 安全跨域设置
---
src/main/java/com/moral/security/CustomCorsFilter.java | 3 +--
src/main/java/com/moral/security/auth/login/LoginAwareAuthenticationFailureHandler.java | 4 ++--
src/main/java/com/moral/security/auth/login/LoginProcessingFilter.java | 3 ---
3 files changed, 3 insertions(+), 7 deletions(-)
diff --git a/src/main/java/com/moral/security/CustomCorsFilter.java b/src/main/java/com/moral/security/CustomCorsFilter.java
index 09723f2..1de04cb 100644
--- a/src/main/java/com/moral/security/CustomCorsFilter.java
+++ b/src/main/java/com/moral/security/CustomCorsFilter.java
@@ -24,8 +24,7 @@
config.setAllowCredentials(true);
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
- config.addAllowedMethod("*");
- config.setMaxAge(3600L);
+ config.setMaxAge(36000L);
config.setAllowedMethods(Arrays.asList("GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", config);
diff --git a/src/main/java/com/moral/security/auth/login/LoginAwareAuthenticationFailureHandler.java b/src/main/java/com/moral/security/auth/login/LoginAwareAuthenticationFailureHandler.java
index 60c94ae..8eeec89 100644
--- a/src/main/java/com/moral/security/auth/login/LoginAwareAuthenticationFailureHandler.java
+++ b/src/main/java/com/moral/security/auth/login/LoginAwareAuthenticationFailureHandler.java
@@ -47,7 +47,7 @@
} else if (e instanceof AuthMethodNotSupportedException) {
mapper.writeValue(response.getWriter(), ErrorResponse.of(e.getMessage(), ErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED));
}
-
- mapper.writeValue(response.getWriter(), ErrorResponse.of("Authentication failed", ErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED));
+// mapper.writeValue(response.getWriter(), ErrorResponse.of("Authentication failed", ErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED));
+ mapper.writeValue(response.getWriter(), ErrorResponse.of(e.getMessage(), ErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED));
}
}
diff --git a/src/main/java/com/moral/security/auth/login/LoginProcessingFilter.java b/src/main/java/com/moral/security/auth/login/LoginProcessingFilter.java
index 6f411ea..37d8a76 100644
--- a/src/main/java/com/moral/security/auth/login/LoginProcessingFilter.java
+++ b/src/main/java/com/moral/security/auth/login/LoginProcessingFilter.java
@@ -54,15 +54,12 @@
}
throw new AuthMethodNotSupportedException("Authentication method not supported");
}
-
LoginRequest loginRequest = objectMapper.readValue(request.getReader(), LoginRequest.class);
-
if (StringUtils.isBlank(loginRequest.getUsername())
|| StringUtils.isBlank(loginRequest.getPassword())
|| loginRequest.getMode() == null) {
throw new AuthenticationServiceException("Username or Password not provided");
}
-
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(loginRequest.getUsername(), loginRequest.getPassword());
// ������������������������������������������������
token.setDetails(loginRequest.getMode());
--
Gitblit v1.8.0