From daf06a31b66ea27d49158d30c5877e23e76ac5e1 Mon Sep 17 00:00:00 2001
From: fengxiang <110431245@qq.com>
Date: Fri, 02 Feb 2018 10:24:39 +0800
Subject: [PATCH] 安全跨域设置

---
 src/main/java/com/moral/security/CustomCorsFilter.java                                  |    3 +--
 src/main/java/com/moral/security/auth/login/LoginAwareAuthenticationFailureHandler.java |    4 ++--
 src/main/java/com/moral/security/auth/login/LoginProcessingFilter.java                  |    3 ---
 3 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/src/main/java/com/moral/security/CustomCorsFilter.java b/src/main/java/com/moral/security/CustomCorsFilter.java
index 09723f2..1de04cb 100644
--- a/src/main/java/com/moral/security/CustomCorsFilter.java
+++ b/src/main/java/com/moral/security/CustomCorsFilter.java
@@ -24,8 +24,7 @@
         config.setAllowCredentials(true);
         config.addAllowedOrigin("*");
         config.addAllowedHeader("*");
-        config.addAllowedMethod("*");
-        config.setMaxAge(3600L);
+        config.setMaxAge(36000L);
         config.setAllowedMethods(Arrays.asList("GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS"));
         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
         source.registerCorsConfiguration("/**", config);
diff --git a/src/main/java/com/moral/security/auth/login/LoginAwareAuthenticationFailureHandler.java b/src/main/java/com/moral/security/auth/login/LoginAwareAuthenticationFailureHandler.java
index 60c94ae..8eeec89 100644
--- a/src/main/java/com/moral/security/auth/login/LoginAwareAuthenticationFailureHandler.java
+++ b/src/main/java/com/moral/security/auth/login/LoginAwareAuthenticationFailureHandler.java
@@ -47,7 +47,7 @@
 		} else if (e instanceof AuthMethodNotSupportedException) {
 		    mapper.writeValue(response.getWriter(), ErrorResponse.of(e.getMessage(), ErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED));
 		}
-
-		mapper.writeValue(response.getWriter(), ErrorResponse.of("Authentication failed", ErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED));
+//		mapper.writeValue(response.getWriter(), ErrorResponse.of("Authentication failed", ErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED));
+		mapper.writeValue(response.getWriter(), ErrorResponse.of(e.getMessage(), ErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED));
 	}
 }
diff --git a/src/main/java/com/moral/security/auth/login/LoginProcessingFilter.java b/src/main/java/com/moral/security/auth/login/LoginProcessingFilter.java
index 6f411ea..37d8a76 100644
--- a/src/main/java/com/moral/security/auth/login/LoginProcessingFilter.java
+++ b/src/main/java/com/moral/security/auth/login/LoginProcessingFilter.java
@@ -54,15 +54,12 @@
             }
             throw new AuthMethodNotSupportedException("Authentication method not supported");
         }
-
         LoginRequest loginRequest = objectMapper.readValue(request.getReader(), LoginRequest.class);
-        
         if (StringUtils.isBlank(loginRequest.getUsername())
                 || StringUtils.isBlank(loginRequest.getPassword())
                 || loginRequest.getMode() == null) {
             throw new AuthenticationServiceException("Username or Password not provided");
         }
-
         UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(loginRequest.getUsername(), loginRequest.getPassword());
         // ������������������������������������������������
         token.setDetails(loginRequest.getMode());

--
Gitblit v1.8.0