4 年之前 · 96a26758a5
--- a/src/main/java/com/example/plantsforyou/security/config/WebSecurityConfig.java
+++ b/src/main/java/com/example/plantsforyou/security/config/WebSecurityConfig.java
@@ -15,6 +15,11 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 
															 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
														
 
															 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
														
 
															 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
														
 
															+import org.springframework.web.cors.CorsConfiguration;
														
 
															+import org.springframework.web.cors.reactive.CorsConfigurationSource;
														
 
															+import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;
														
 
															+
														
 
															+import java.util.Arrays;
														
 
															 import static org.springframework.security.config.http.SessionCreationPolicy.STATELESS;
														
@@ -28,7 +33,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
															     @Override
														
 
															     protected void configure(HttpSecurity http) throws Exception {
														
 
															-        http.csrf().disable();
														
 
															+        http.csrf().disable().csrf();
														
 
															         http.sessionManagement().sessionCreationPolicy(STATELESS);
														
 
															         http.authorizeRequests().antMatchers("/api/v*/registration/**", "/api/v*/users/token/refresh/**").permitAll();
														
 
															         http.authorizeRequests().antMatchers("/api/v*/**").hasAnyAuthority("USER");
														
@@ -36,6 +41,16 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
															         http.addFilterBefore(new CustomAuthorizationFilter(), UsernamePasswordAuthenticationFilter.class);
														
 
															     }
														
 
															+    @Bean
														
 
															+    CorsConfigurationSource corsConfigurationSource() {
														
 
															+        CorsConfiguration configuration = new CorsConfiguration();
														
 
															+        configuration.setAllowedOrigins(Arrays.asList("http://localhost:3000"));
														
 
															+        configuration.setAllowedMethods(Arrays.asList("GET","POST"));
														
 
															+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
														
 
															+        source.registerCorsConfiguration("/**", configuration);
														
 
															+        return source;
														
 
															+    }
														
 
															+
														
 
															     @Bean
														
 
															     @Override
														
 
															     public AuthenticationManager authenticationManagerBean() throws Exception {
														
@@ -43,7 +58,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
															     }
														
 
															     @Override
														
 
															-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
														
 
															+    protected void configure(AuthenticationManagerBuilder auth){
														
 
															         auth.authenticationProvider(daoAuthenticationProvider());
														
 
															     }
														
 
															     @Bean