package com.hxzkmonitor.config;
|
|
|
/**
|
* @ClassName Sccc
|
* @Description TODO
|
* @Author zyhh
|
* @date 2024/2/29 14:27
|
* @version: 1.0
|
*/
|
|
import org.springframework.context.annotation.Configuration;
|
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
import org.springframework.web.cors.CorsUtils;
|
|
/**
|
* SpringSecurity配置类
|
*/
|
@Configuration
|
@EnableWebSecurity
|
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)//这个是开启方法级别权限
|
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
|
/**
|
* 授权
|
*
|
* @param http
|
* @throws Exception
|
*/
|
@Override
|
protected void configure(HttpSecurity http) throws Exception {
|
// 开启跨域访问
|
http.cors(); //.disable();
|
// 开启模拟请求,比如API POST测试工具的测试,不开启时,API POST为报403错误
|
http.csrf().disable();
|
|
// iframe 跳转错误处理 Refused to display 'url' in a frame because it set 'X-Frame-Options' to 'deny'
|
http.headers().frameOptions().disable();
|
// 当出现跨域的OPTIONS请求时,发现被拦截,加入下面设置可实现对OPTIONS请求的放行。
|
http.authorizeRequests().
|
requestMatchers(CorsUtils::isPreFlightRequest).
|
permitAll();
|
}
|
}
|
