1

zj

2025-06-18 2ee9dbc37cbe186e98e5ca458033ba517b981d0d

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
package com.yami.trading.security.common.adapter;
 
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.stereotype.Component;
import org.springframework.web.cors.CorsUtils;
 
/**
 * 使用security的防火墙功能，但不使用security的认证授权登录
 * @author 菠萝凤梨
 * @date 2022/3/25 17:33
 */
@Component
public class MallWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.csrf().disable().cors() // We don't need CSRF for token based authentication
                .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and().authorizeRequests().requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
                .and()
                .authorizeRequests().antMatchers(
                "/**").permitAll();
    }
}