Added login, logout and getUserinfo (Include ui and server)

2026-04-05 23:11:24 +08:00 · 2023-05-05 20:59:09 +08:00
parent a8dce8f8e0
commit 60b8460e03
32 changed files with 1022 additions and 151 deletions
--- a/Pinnacle/src/main/java/com/cfive/pinnacle/config/SecurityConfig.java
+++ b/Pinnacle/src/main/java/com/cfive/pinnacle/config/SecurityConfig.java
@@ -14,6 +14,11 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import java.util.List;

@Configuration
 public class SecurityConfig {
@@ -42,7 +47,7 @@ public class SecurityConfig {
    }

    @Bean
-    AuthenticationManager authenticationManager(HttpSecurity httpSecurity, PasswordEncoder passwordEncoder) throws Exception {
+    public AuthenticationManager authenticationManager(HttpSecurity httpSecurity, PasswordEncoder passwordEncoder) throws Exception {
        return httpSecurity.getSharedObject(AuthenticationManagerBuilder.class)
                .userDetailsService(userDetailsService)
                .passwordEncoder(passwordEncoder)
@@ -50,22 +55,38 @@ public class SecurityConfig {
                .build();
    }

+    @Bean
+    public CorsConfigurationSource corsConfigurationSource(){
+        CorsConfiguration corsConfiguration = new CorsConfiguration();
+        corsConfiguration.setAllowedMethods(List.of("*"));
+        corsConfiguration.setAllowedHeaders(List.of("*"));
+        corsConfiguration.setMaxAge(3600L);
+        corsConfiguration.setAllowedOrigins(List.of("*"));
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**",corsConfiguration);
+        return source;
+    }
+
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
        return httpSecurity
                //  Disable CSRF
-                .csrf().disable()
+                .csrf()
+                .disable()

                // Do not get SecurityContent by Session
-                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                .sessionManagement()
+                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()

                // Allow anonymous access
                .authorizeHttpRequests()
-                .requestMatchers("/login").anonymous()
+                .requestMatchers("/login")
+                .anonymous()

                // Authentication required
-                .anyRequest().authenticated()
+                .anyRequest()
+                .authenticated()
                .and()

                .logout()
@@ -75,6 +96,10 @@ public class SecurityConfig {
                .authenticationEntryPoint(authenticationEntryPointHandler)
                .and()

+                .cors()
+                .configurationSource(corsConfigurationSource())
+                .and()
+
                .addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class)
                .build();
    }