Merge pull request #793 from zhouliang815/master

fix portal spring security config init bug

Merge pull request #793 from zhouliang815/master
fix portal spring security config init bug
ce521b2a · Jason Song · GitHub · fbc41783 · ea77e45b · ce521b2a
隐藏空白更改
内联并排

Showing with 2 addition and 3 deletion

apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/AuthConfiguration.java ...rk/apollo/portal/spi/configuration/AuthConfiguration.java +2 -3

未找到文件。
--- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/AuthConfiguration.java
+++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/AuthConfiguration.java
@@ -248,9 +248,8 @@ public class AuthConfiguration {
    protected void configure(HttpSecurity http) throws Exception {
      http.csrf().disable();
      http.headers().frameOptions().sameOrigin();
-      http.authorizeRequests()
-          .antMatchers("/openapi/*").permitAll()
-          .antMatchers("/*").hasAnyRole(USER_ROLE);
+      http.authorizeRequests().antMatchers("/openapi/**", "/vendor/**", "/styles/**", "/scripts/**", "/views/**", "/img/**").permitAll()
+      .antMatchers("/**").hasAnyRole(USER_ROLE);
      http.formLogin().loginPage("/signin").permitAll().failureUrl("/signin?#/error").and().httpBasic();
      http.logout().invalidateHttpSession(true).clearAuthentication(true).logoutSuccessUrl("/signin?#/logout");
      http.exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/signin"));