@attack666
2021-03-10T15:34:48.000000Z
字数 2619
阅读 548
前端找到登陆接口并修改为目前的接口
目录 | 说明 |
---|---|
config\dev.env.js | 连接后端接口 |
src\api\login.js | 发起请求的接口 |
src\utils\request.js | 前端登陆工具的封装 |
beauty-o2o-api/.../api/controller/AccountController.java | 旧的后端登陆接口 |
后端目前没有account/info接口,因此后台管理页面仍然无法正常登入
后端原来的管理员表是t_sys_user。新的用户表是tb_sys_user,但是里面并没有数据。
后端原本使用roles字段来确定登陆后台的角色,但是目前的管理员表并没有此字段
/**
* Created on 2021/3/7. * * @author liuxd2017@163.com
*/@EnableWebSecurity
public class Security extends WebSecurityConfigurerAdapter {
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private SysUserService sysUserService;
@Bean
public AuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
authenticationProvider.setUserDetailsService(sysUserService);
authenticationProvider.setPasswordEncoder(passwordEncoder);
return authenticationProvider;
}
/**
* 认证
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authenticationProvider());
auth.eraseCredentials(false);
}
/**
* 授权
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
// 禁止隧道 // 禁止跨域 // 禁止头部
http.csrf().disable();
http.headers().disable();
http.cors().configurationSource(CorsConfigurationSource());
http.addFilterAt(new JwtAuthenticationFilter(authenticationManager()), UsernamePasswordAuthenticationFilter.class);
http.authorizeRequests()
.antMatchers("/xhr/v1/users/login",
"/xhr/v1/users/create",
"/xhr/v1/users/needLogin",
"/v2/api-docs",
"/configuration/ui",
"/swagger-resources/**",
"/configuration/security",
"/swagger-ui.html",
"/webjars/**")
.permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/xhr/v1/users/needLogin")
.loginProcessingUrl("/xhr/v1/users/login")
.and()
.addFilter(new JwtAuthorizationFilter(authenticationManager(), sysUserService))
// 前后端分离是 STATELESS,故 session 使用该策略
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
private CorsConfigurationSource CorsConfigurationSource() {
CorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.addAllowedOrigin("http://localhost:9528"); //同源配置,*表示任何请求都视为同源,若需指定ip和端口可以改为如“localhost:8080”,多个以“,”分隔;
corsConfiguration.addAllowedHeader("*");//header,允许哪些header,本案中使用的是token,此处可将*替换为token;
corsConfiguration.addAllowedMethod("*"); //允许的请求方法,PSOT、GET等
corsConfiguration.setAllowCredentials(true);
((UrlBasedCorsConfigurationSource) source).registerCorsConfiguration("/**",corsConfiguration); //配置允许跨域访问的url
return source;
}
}