From 3adf3763820162ee86fff86d923850d85b0d79ee Mon Sep 17 00:00:00 2001
From: wangbing <1919101440@qq.com>
Date: Wed, 9 Oct 2019 23:25:33 +0800
Subject: [PATCH] =?UTF-8?q?1=E3=80=81Enum=20=E6=94=B9=20Dict?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../SpringBoot/java/config/SecurityConfig.java   | 16 +++++++---------
 .../SpringBoot/resources/application-dev.ftl     |  6 ++----
 .../SpringBoot/resources/application-prod.ftl    |  4 +---
 3 files changed, 10 insertions(+), 16 deletions(-)

diff --git a/src/main/resources/modules/SpringBoot/java/config/SecurityConfig.java b/src/main/resources/modules/SpringBoot/java/config/SecurityConfig.java
index c51c72b0..81d7ad5d 100644
--- a/src/main/resources/modules/SpringBoot/java/config/SecurityConfig.java
+++ b/src/main/resources/modules/SpringBoot/java/config/SecurityConfig.java
@@ -9,9 +9,9 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.Authentication;
-import ${basePackage}.frame.base.Token;
-import ${basePackage}.frame.utils.CookieUtil;
-import ${basePackage}.frame.utils.LocalData;
+import xyz.wbsite.frame.base.Token;
+import xyz.wbsite.frame.utils.CookieUtil;
+import xyz.wbsite.frame.auth.LocalData;
 import javax.servlet.http.HttpServletRequest;
 
 @Configuration
@@ -20,16 +20,14 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
     @Value("${r"${web.url.auth.excluded}"}")
     private String[] excluded;
-    @Value("${r"${web.url.auth.included}"}")
-    private String[] included;
 
     @Override
     protected void configure(HttpSecurity http) throws Exception {
-        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-                .and()
+        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                 .authorizeRequests()
+                .antMatchers(staticPath).permitAll()
                 .antMatchers(excluded).permitAll()
-                .antMatchers(included).access("@Authorization.hasPermission(request,authentication)")
+                .anyRequest().access("@Authorization.hasPermission(request,authentication)")
                 .and().cors()
                 .and().headers().frameOptions().disable()
                 .and().csrf().disable();
@@ -70,7 +68,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
                     //继承临时Token
                     token1.addResourceSet(LocalData.getTempToken());
                     //管理员特有资源(这边请用正则表达式)
-                    token1.putResource("/admin/.*\\.htm");
+                    token1.putResource(".*\\.htm");
                     LocalData.setToken(token1);
                 }
 
diff --git a/src/main/resources/modules/SpringBoot/resources/application-dev.ftl b/src/main/resources/modules/SpringBoot/resources/application-dev.ftl
index 1062a5c9..9ca654d8 100644
--- a/src/main/resources/modules/SpringBoot/resources/application-dev.ftl
+++ b/src/main/resources/modules/SpringBoot/resources/application-dev.ftl
@@ -2,7 +2,7 @@
 server.port=8080
 server.servlet.context-path=/
 spring.mvc.static-path-pattern=/static/**
-spring.resources.static-locations=classpath:static/
+spring.resources.static-locations=classpath:/META-INF/resources/,classpath:/resources/,classpath:/static/,classpath:/public/,file:/file-upload
 spring.application.name=${projectName?default("SpringBoot")}
 spring.main.banner-mode=CONSOLE
 spring.devtools.restart.enabled=true
@@ -16,10 +16,8 @@ spring.http.encoding.enabled=true
 server.tomcat.uri-encoding=UTF-8
 # 根路径、欢迎页
 web.welcome.page=/index.htm
-# 需要验证授权, 既访问时组装Token
-web.url.auth.included=/**
 # 不需要验证授权, 或该请求有自己的验证机制
-web.url.auth.excluded=/favicon.ico,/static/**,/api,/login.htm
+web.url.auth.excluded=/api,/,/index.htm,/home.htm,/login.htm
 # 日志配置
 logging.path=D://
 logging.levels=DEBUG
diff --git a/src/main/resources/modules/SpringBoot/resources/application-prod.ftl b/src/main/resources/modules/SpringBoot/resources/application-prod.ftl
index d802d0a8..5f409a56 100644
--- a/src/main/resources/modules/SpringBoot/resources/application-prod.ftl
+++ b/src/main/resources/modules/SpringBoot/resources/application-prod.ftl
@@ -2,7 +2,7 @@
 server.port=80
 server.servlet.context-path=/
 spring.mvc.static-path-pattern=/static/**
-spring.resources.static-locations=classpath:static/
+spring.resources.static-locations=classpath:/META-INF/resources/,classpath:/resources/,classpath:/static/,classpath:/public/,file:/file-upload
 spring.application.name=${projectName}
 spring.main.banner-mode=off
 spring.devtools.restart.enabled=false
@@ -16,8 +16,6 @@ spring.http.encoding.enabled=true
 server.tomcat.uri-encoding=UTF-8
 # 根路径、欢迎页
 web.welcome.page=/index.htm
-# 需要验证授权, 既访问时组装Token
-web.url.auth.included=/**
 # 不需要验证授权, 或该请求有自己的验证机制
 web.url.auth.excluded=/favicon.ico,/static/**,/api,/login.htm
 # 日志配置