Shikong/wvp-gb28181-project
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

优化跨域配置,默认允许全部跨域

Browse Source
This commit is contained in:
648540858 2024-01-31 17:23:47 +08:00
parent ab34cb37f3
commit 68fbc8fef1
3 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
View File

@ -1,12 +1,12 @@
package com.genersoft.iot.vmp.conf.security;
import com.genersoft.iot.vmp.conf.UserSetting;
import org.springframework.core.annotation.Order;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
@ -25,6 +25,7 @@ import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
/**
* 配置Spring Security
@ -129,8 +130,14 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
corsConfiguration.setAllowedHeaders(Arrays.asList("*"));
corsConfiguration.setAllowedMethods(Arrays.asList("*"));
corsConfiguration.setMaxAge(3600L);
corsConfiguration.setAllowCredentials(true);
corsConfiguration.setAllowedOrigins(userSetting.getAllowedOrigins());
if (userSetting.getAllowedOrigins() != null && !userSetting.getAllowedOrigins().isEmpty()) {
corsConfiguration.setAllowCredentials(true);
corsConfiguration.setAllowedOrigins(userSetting.getAllowedOrigins());
}else {
corsConfiguration.setAllowCredentials(false);
corsConfiguration.setAllowedOrigins(Collections.singletonList(CorsConfiguration.ALL));
}
corsConfiguration.setExposedHeaders(Arrays.asList(JwtUtils.getHeader()));
UrlBasedCorsConfigurationSource url = new UrlBasedCorsConfigurationSource();

2
src/main/resources/all-application.yml
View File

@ -237,7 +237,7 @@ user-settings:
register-again-after-time: 60
# 国标续订方式true为续订每次注册在同一个会话里false为重新注册每次使用新的会话
register-keep-int-dialog: false
# 跨域配置,配置你访问前端页面的地址即可 可以配置多个
# 跨域配置,不配置此项则允许所有跨域请求,配置后则只允许配置的页面的地址请求 可以配置多个
allowed-origins:
- http://localhost:8008
- http://192.168.1.3:8008

4
src/main/resources/application-dev.yml
View File

@ -110,10 +110,6 @@ user-settings:
auto-apply-play: true
# 设备/通道状态变化时发送消息
device-status-notify: true
# 跨域配置,配置你访问前端页面的地址即可, 可以配置多个
allowed-origins:
- http://localhost:8080
- http://127.0.0.1:8080
# [可选] 日志配置, 一般不需要改
logging:
config: classpath:logback-spring-local.xml