Merge pull request #793 from zhouliang815/master

fix portal spring security config init bug

Merge pull request #793 from zhouliang815/master
ce521b2a · Jason Song · GitHub · fbc41783 · ea77e45b · ce521b2a
Commit ce521b2a authored Oct 23, 2017 by Jason Song Committed by GitHub Oct 23, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 3 deletions

AuthConfiguration.java ...rk/apollo/portal/spi/configuration/AuthConfiguration.java +2 -3

No files found.
--- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/AuthConfiguration.java
+++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/AuthConfiguration.java
@@ -248,9 +248,8 @@ public class AuthConfiguration {
    protected void configure(HttpSecurity http) throws Exception {
      http.csrf().disable();
      http.headers().frameOptions().sameOrigin();
-      http.authorizeRequests()
+      http.authorizeRequests().antMatchers("/openapi/**", "/vendor/**", "/styles/**", "/scripts/**", "/views/**", "/img/**").permitAll()
-          .antMatchers("/openapi/*").permitAll()
+      .antMatchers("/**").hasAnyRole(USER_ROLE);
-          .antMatchers("/*").hasAnyRole(USER_ROLE);
      http.formLogin().loginPage("/signin").permitAll().failureUrl("/signin?#/error").and().httpBasic();
      http.logout().invalidateHttpSession(true).clearAuthentication(true).logoutSuccessUrl("/signin?#/logout");
      http.exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/signin"));