1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<!-- <debug /> -->
<global-method-security pre-post-annotations="enabled" />
<!-- Static resources -->
<http pattern="/version.html" security="none" />
<http pattern="/ping.html" security="none" />
<http entry-point-ref="restAuthenticationEntryPoint"
create-session="stateless">
<!-- https://springcloud.cc/spring-security-zhcn.html -->
<intercept-url pattern="/api/v1/cache/getallcache" access="permitAll" />
<intercept-url pattern="/api/v1/user/login" access="permitAll" />
<intercept-url pattern="/api/**" access="authenticated" />
<intercept-url pattern="/**" access="permitAll" />
<headers>
<frame-options policy="SAMEORIGIN" />
</headers>
<csrf disabled="true" />
<custom-filter position="PRE_AUTH_FILTER" ref="jwtAuthenticationFilter" />
</http>
<b:bean id="jwtAuthenticationFilter" class="pwc.taxtech.atms.security.JwtAuthenticationFilter">
<b:property name="authenticationManager" ref="authenticationManager" />
<b:property name="authenticationSuccessHandler" ref="jwtAuthenticationSuccessHandler" />
</b:bean>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="jwtAuthenticationProvider" />
</authentication-manager>
</b:beans>