From a0d4cdaaf80b12da000dac96cc2298e14c3a2001 Mon Sep 17 00:00:00 2001
From: wangxiang <1827945911@qq.com>
Date: Sun, 6 Aug 2023 21:13:28 +0800
Subject: [PATCH] =?UTF-8?q?chore:=20=E9=85=8D=E7=BD=AEsso=E5=8D=95?=
=?UTF-8?q?=E7=82=B9=E7=99=BB=E9=99=86?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../kicc/auth/config/WebSecurityConfiguration.java | 12 +++++-------
kicc-auth/src/main/resources/templates/ftl/login.ftl | 4 ++--
2 files changed, 7 insertions(+), 9 deletions(-)
diff --git a/kicc-auth/src/main/java/com/cloud/kicc/auth/config/WebSecurityConfiguration.java b/kicc-auth/src/main/java/com/cloud/kicc/auth/config/WebSecurityConfiguration.java
index 6d6e6b37..ffcf0792 100644
--- a/kicc-auth/src/main/java/com/cloud/kicc/auth/config/WebSecurityConfiguration.java
+++ b/kicc-auth/src/main/java/com/cloud/kicc/auth/config/WebSecurityConfiguration.java
@@ -22,14 +22,15 @@ import org.springframework.security.web.authentication.logout.LogoutSuccessHandl
/**
*
- * 认证相关配置
+ * 认证安全相关配置
* 并且设置为主,以及加载优先级为1,防止被微服务工程覆盖
+ * 目前SSO主要还是采用oauth2的token做sso授权中心,不会采用security的session做SSO授权中心,原因需要维护(oauth2的token,security的session)两套登陆方式代码
+ * authorization-code 模式目前只处理第三方系统接入
*
*
* @Author: wangxiang4
- * @Date: 2022/2/16
+ * @Since: 2023/8/6
*/
-
@Primary
@Order(90)
@Configuration
@@ -54,10 +55,7 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
.antMatchers("/token/**")
.permitAll()
.anyRequest()
- .authenticated()
- .and()
- // CRSF禁用,因为不使用session
- .csrf().disable();
+ .authenticated();
}
/**
diff --git a/kicc-auth/src/main/resources/templates/ftl/login.ftl b/kicc-auth/src/main/resources/templates/ftl/login.ftl
index 48973a51..039f1557 100644
--- a/kicc-auth/src/main/resources/templates/ftl/login.ftl
+++ b/kicc-auth/src/main/resources/templates/ftl/login.ftl
@@ -8,7 +8,7 @@
- 长沙康来生物有限公司 统一认证
+ 长沙康来生物有限公司 授权认证
@@ -17,7 +17,7 @@