{
"Timestamp" : 1619093866976,
"Status" : 403,
"Error" : "Forbidden",
"Message" : "Access Denied",
"Path" : "/role/insert
"}
@ Configuration
@ EnableWebSecurity
Public class JWTSecurityConfig extends WebSecurityConfigurerAdapter {
Private final JWTAuthenticationFilter JWTAuthenticationFilter;
Private final JWTAuthenticationProvider JWTAuthenticationProvider;
Private final WebOptionsFilter WebOptionsFilter;
The @autowired
Public JWTSecurityConfig (JWTAuthenticationFilter JWTAuthenticationFilter, JWTAuthenticationProvider JWTAuthenticationProvider, WebOptionsFilter WebOptionsFilter) {
Enclosing jwtAuthenticationFilter=jwtAuthenticationFilter;
Enclosing jwtAuthenticationProvider=jwtAuthenticationProvider;
Enclosing webOptionsFilter=webOptionsFilter;
}
@ Bean
@ Override
Public the AuthenticationManager authenticationManagerBean () throws the Exception {
Return super. AuthenticationManagerBean ();
}
@ Override
Public void the configure (AuthenticationManagerBuilder auth) {
Auth. AuthenticationProvider (jwtAuthenticationProvider);
}
@ Override
Protected void the configure (HTTP) HttpSecurity throws the Exception {
HTTP. CSRF (). The disable ()//off cross-domain protection
HttpBasic (). The disable ()
FormLogin (). The disable ()
//ReST is stateless, no sessions
SessionManagement (.) sessionCreationPolicy (sessionCreationPolicy STATELESS)
And ()
//return 403 when not authenticated
ExceptionHandling (.) authenticationEntryPoint (new Http403ForbiddenEntryPoint ())
And ()
//cross domain Settings
Cors ()
ConfigurationSource (corsConfigurationSource ());
//Let the child classes set up authorization paths
HTTP. AuthorizeRequests ()
AntMatchers ("/login ", "/login/check", "/login/logout"). The permitAll ()
//swagger request permission
AntMatchers ("/v2/API docs - ", "/swagger - resources/configuration/UI", "/swagger - resources,"
"/swagger - UI. HTML", "/webjars/* *", "/swagger - resources/configuration/security"). The permitAll ()
AntMatchers ("/physical ", "/physical/health", "/info", "/error", "/dump", "/metrics,"
"/env/"," refresh ", "/trace", "/jolokia/","/flyway, "
"/liquibase", "/logfile"). PermitAll ()
AnyRequest (). Authenticated ();
//in front of the security verification add WebFilter
HTTP. AddFilterBefore (webOptionsFilter, FilterSecurityInterceptor. Class);
HTTP. AddFilterBefore (jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter. Class);
}
@ Bean
Public CorsConfigurationSource CorsConfigurationSource () {
CorsConfigurationSource source=new UrlBasedCorsConfigurationSource ();
CorsConfiguration CorsConfiguration=new CorsConfiguration ();
//the same configuration, * said any request as a homologous, if need to specify the IP and port can be changed as "localhost: 8080," multiple ", "space;
CorsConfiguration. AddAllowedOrigin (" * ");
//headers, which allows the header, * can be swapped for a token
CorsConfiguration. AddAllowedHeader (" * ");
//allow the request method POST, GET, etc.
CorsConfiguration. AddAllowedMethod (" * ");
CorsConfiguration. SetAllowCredentials (true);
//configuration allows cross-domain access url
((UrlBasedCorsConfigurationSource) source). RegisterCorsConfiguration ("/* *, "corsConfiguration);
return source;
}
}