升级2.0.0

2 years ago · 76fe49c425
2 changed files with 14 additions and 2 deletions
--- a/mdp-form-bootstrap/src/main/java/com/mdp/WebSecurityConfig.java
+++ b/mdp-form-bootstrap/src/main/java/com/mdp/WebSecurityConfig.java
@ -6,6 +6,8 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.oauth2.jwt.JwtDecoder;

 /**
 * com.qqkj.WebSecurityConfig
@ -16,6 +18,9 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
@EnableWebSecurity
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

+    @Autowired
+    JwtDecoder jwtDecoder;
+
    @Autowired
    JwtAuthenticationConverter jwtConverter;

@ -37,6 +42,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
        http.oauth2Login();
        http.oauth2ResourceServer().jwt().jwtAuthenticationConverter(jwtConverter);
        http.csrf().disable();
+        http.oauth2ResourceServer().jwt().decoder(jwtDecoder).jwtAuthenticationConverter(jwtConverter);
+        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER);//禁用session
    }

 }
--- a/mdp-form/src/test/java/com/mdp/WebSecurityConfig.java
+++ b/mdp-form/src/test/java/com/mdp/WebSecurityConfig.java
@ -6,6 +6,8 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.oauth2.jwt.JwtDecoder;

 /**
 * com.qqkj.WebSecurityConfig
@ -19,6 +21,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    JwtAuthenticationConverter jwtConverter;

+    @Autowired
+    JwtDecoder jwtDecoder;

    @Override
    public void configure(WebSecurity web) throws Exception {
@ -34,8 +38,9 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().anyRequest().authenticated().and().oauth2Client().and().logout().disable();
        http.formLogin().usernameParameter("userloginid");
-        http.oauth2Login();
-        http.oauth2ResourceServer().jwt().jwtAuthenticationConverter(jwtConverter);
+        //http.oauth2Login();
+        http.oauth2ResourceServer().jwt().decoder(jwtDecoder).jwtAuthenticationConverter(jwtConverter);
+        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER);//禁用session
        http.csrf().disable();
    }