@Override
protected void configure (HttpSecurity http) throws Exception {
http.cors()
.and()
.headers().frameOptions().disable()
.and()
.authorizeRequests()
.anyRequest().authenticated()
.withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {
@Override
public <O extends FilterSecurityInterceptor> O postProcess (O o) {
o.setSecurityMetadataSource(urlFilterInvocationSecurityMetadataSource);
o.setAccessDecisionManager(urlAccessDecisionManager);
return o;
}
})
.and()
.addFilterAfter(loginAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(mobileAuthenticationProcessingFilter, AbstractPreAuthenticatedProcessingFilter.class)
.csrf().disable()
.formLogin()
.permitAll()
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.exceptionHandling()
.authenticationEntryPoint(loginAuthenticationEntryPoint)
.accessDeniedHandler(urlAccessDeniedHandler);
}
版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。