lingyunxsh/mqtt_power
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修复bug

Browse Source
This commit is contained in:
lingyunxsh
2025-05-24 09:52:51 +08:00
parent a190900181
commit 589700dd51
8 changed files with 150 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
springboot-init-main/src/main/java/com/yupi/project/config/SecurityConfig.java
View File

@@ -14,6 +14,7 @@ import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import java.util.Arrays;
import java.util.Collections;
/**
* 安全相关配置 (集成CORS)
@@ -46,6 +47,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
.antMatchers(HttpMethod.DELETE, "/user/delete/**").hasAuthority(UserRoleEnum.ADMIN.getValue())
.antMatchers(HttpMethod.POST, "/user/admin/add").hasAuthority(UserRoleEnum.ADMIN.getValue())
.antMatchers(HttpMethod.PUT, "/user/admin/update").hasAuthority(UserRoleEnum.ADMIN.getValue())
// 明确允许 /admin/robot 相关请求
.antMatchers("/admin/robot/**").hasAuthority(UserRoleEnum.ADMIN.getValue())
// 其他所有请求都需要认证
.anyRequest().authenticated()
)
@@ -58,16 +61,22 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
// TODO: 在生产环境请显式指定允许的源,而不是 "*"
configuration.setAllowedOriginPatterns(Arrays.asList("*")); // 允许所有源模式
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS"));
configuration.setAllowedHeaders(Arrays.asList("*")); // 允许所有头
configuration.setAllowCredentials(true); // 允许发送 Cookie
configuration.setMaxAge(3600L); // 预检请求的有效期
// configuration.setExposedHeaders(Arrays.asList("YourCustomHeader")); // 如果需要暴露自定义头
// 允许所有源,更宽松的配置
configuration.setAllowedOriginPatterns(Collections.singletonList("*"));
// 允许所有HTTP方法
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS", "HEAD"));
// 允许所有头
configuration.setAllowedHeaders(Collections.singletonList("*"));
// 允许发送凭证cookies、HTTP认证及客户端SSL证明等
configuration.setAllowCredentials(true);
// 预检请求的有效期,单位为秒
configuration.setMaxAge(3600L);
// 暴露响应头,特别是授权相关的
configuration.setExposedHeaders(Arrays.asList("Authorization", "Set-Cookie", "X-XSRF-TOKEN"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration); // 对所有路径应用配置
// 对所有路径应用配置
source.registerCorsConfiguration("/**", configuration);
return source;
}
}

30
springboot-init-main/src/main/java/com/yupi/project/config/WebMvcConfig.java Normal file
View File

@@ -0,0 +1,30 @@
package com.yupi.project.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
/**
* 全局跨域配置
*/
@Configuration
public class WebMvcConfig implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
// 覆盖所有请求
registry.addMapping("/**")
// 允许发送Cookie
.allowCredentials(true)
// 放行哪些域名(必须用 patterns否则 * 会和 allowCredentials 冲突)
.allowedOriginPatterns("*")
// 放行哪些请求方式
.allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS", "HEAD", "PATCH")
// 放行哪些请求头
.allowedHeaders("*")
// 暴露哪些请求头
.exposedHeaders("Authorization", "Set-Cookie", "X-XSRF-TOKEN")
// 预检请求的有效期,单位为秒
.maxAge(3600);
}
}

4
springboot-init-main/src/main/resources/application.yml
View File

@@ -4,9 +4,9 @@ spring:
# DataSource Config
datasource:
driver-class-name: com.mysql.cj.jdbc.Driver
url: jdbc:mysql://yuyun-us1.stormrain.cn:3306/mqtt_power?useUnicode=true&characterEncoding=utf-8&serverTimezone=Asia/Shanghai
url: jdbc:mysql://yuyun-hk1.stormrain.cn:3306/mqtt_power?useUnicode=true&characterEncoding=utf-8&serverTimezone=Asia/Shanghai
username: root
password: mysql_a4MQ4P
password: mysql_3wdCbm
mvc:
pathmatch:
matching-strategy: ANT_PATH_MATCHER