From daf06a31b66ea27d49158d30c5877e23e76ac5e1 Mon Sep 17 00:00:00 2001 From: fengxiang <110431245@qq.com> Date: Fri, 02 Feb 2018 10:24:39 +0800 Subject: [PATCH] 安全跨域设置 --- src/main/java/com/moral/security/CustomCorsFilter.java | 3 +-- src/main/java/com/moral/security/auth/login/LoginAwareAuthenticationFailureHandler.java | 4 ++-- src/main/java/com/moral/security/auth/login/LoginProcessingFilter.java | 3 --- 3 files changed, 3 insertions(+), 7 deletions(-) diff --git a/src/main/java/com/moral/security/CustomCorsFilter.java b/src/main/java/com/moral/security/CustomCorsFilter.java index 09723f2..1de04cb 100644 --- a/src/main/java/com/moral/security/CustomCorsFilter.java +++ b/src/main/java/com/moral/security/CustomCorsFilter.java @@ -24,8 +24,7 @@ config.setAllowCredentials(true); config.addAllowedOrigin("*"); config.addAllowedHeader("*"); - config.addAllowedMethod("*"); - config.setMaxAge(3600L); + config.setMaxAge(36000L); config.setAllowedMethods(Arrays.asList("GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS")); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", config); diff --git a/src/main/java/com/moral/security/auth/login/LoginAwareAuthenticationFailureHandler.java b/src/main/java/com/moral/security/auth/login/LoginAwareAuthenticationFailureHandler.java index 60c94ae..8eeec89 100644 --- a/src/main/java/com/moral/security/auth/login/LoginAwareAuthenticationFailureHandler.java +++ b/src/main/java/com/moral/security/auth/login/LoginAwareAuthenticationFailureHandler.java @@ -47,7 +47,7 @@ } else if (e instanceof AuthMethodNotSupportedException) { mapper.writeValue(response.getWriter(), ErrorResponse.of(e.getMessage(), ErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED)); } - - mapper.writeValue(response.getWriter(), ErrorResponse.of("Authentication failed", ErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED)); +// mapper.writeValue(response.getWriter(), ErrorResponse.of("Authentication failed", ErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED)); + mapper.writeValue(response.getWriter(), ErrorResponse.of(e.getMessage(), ErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED)); } } diff --git a/src/main/java/com/moral/security/auth/login/LoginProcessingFilter.java b/src/main/java/com/moral/security/auth/login/LoginProcessingFilter.java index 6f411ea..37d8a76 100644 --- a/src/main/java/com/moral/security/auth/login/LoginProcessingFilter.java +++ b/src/main/java/com/moral/security/auth/login/LoginProcessingFilter.java @@ -54,15 +54,12 @@ } throw new AuthMethodNotSupportedException("Authentication method not supported"); } - LoginRequest loginRequest = objectMapper.readValue(request.getReader(), LoginRequest.class); - if (StringUtils.isBlank(loginRequest.getUsername()) || StringUtils.isBlank(loginRequest.getPassword()) || loginRequest.getMode() == null) { throw new AuthenticationServiceException("Username or Password not provided"); } - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(loginRequest.getUsername(), loginRequest.getPassword()); // ������������������������������������������������ token.setDetails(loginRequest.getMode()); -- Gitblit v1.8.0