[系统架构] 修正跨域的 Credentials 认证问题

80810f3e · Matrix · 4f165541 · 80810f3e · 80810f3e
--- a/dev-user/src/main/java/com/tykj/dev/device/user/config/SecurityConfig.java
+++ b/dev-user/src/main/java/com/tykj/dev/device/user/config/SecurityConfig.java
@@ -12,6 +12,7 @@ import com.tykj.dev.device.user.config.url.UrlFilterInvocationSecurityMetadataSo
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.ObjectPostProcessor;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -92,6 +93,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
        configuration.setAllowedMethods(methodNames);
        configuration.setAllowedHeaders(Arrays.asList("Origin", "X-Requested-With", "Content-Type", "Accept"));
        configuration.setMaxAge(3600L);
+        configuration.setAllowCredentials(true);
        configuration.addExposedHeader("Location");
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
@@ -105,6 +107,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
                .cors()
                .and()
                .authorizeRequests()
+                .antMatchers(HttpMethod.OPTIONS, "/** ").permitAll()
                .withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {
                    @Override
                    public <O extends FilterSecurityInterceptor> O postProcess(O o) {

--- a/dev-user/src/main/java/com/tykj/dev/device/user/config/handler/MyFailHandler.java
+++ b/dev-user/src/main/java/com/tykj/dev/device/user/config/handler/MyFailHandler.java
 package com.tykj.dev.device.user.config.handler;

+import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.stereotype.Component;
@@ -13,10 +14,12 @@ import java.io.IOException;
 * @author zjm
 */
 @Component
+@Slf4j
 public class MyFailHandler implements AuthenticationFailureHandler {

    @Override
    public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
+        log.error("[登录模块] 登录发生异常 : {}", e.toString());
        httpServletResponse.setStatus(200);
        httpServletResponse.setCharacterEncoding("utf-8");
        httpServletResponse.setContentType("application/json");