fix: remove cors by security but use corsConfig

2025-12-21 03:04:26 +08:00
parent 20ad99a6f9
commit 7896fe9ac7
2 changed files with 26 additions and 18 deletions
--- a/src/main/java/icu/sunway/ai_spring_example/Config/SecurityConfig.java
+++ b/src/main/java/icu/sunway/ai_spring_example/Config/SecurityConfig.java
@@ -11,23 +11,21 @@ import org.springframework.security.web.SecurityFilterChain;
@EnableWebSecurity
 public class SecurityConfig {
-    @Bean
+        @Bean
-    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http
+                http
-                // 启用跨域配置
+                                // 禁用默认的登录表单和HTTP基本认证
-                .cors(cors -> cors.configurationSource(
+                                .formLogin(form -> form.disable())
-                        request -> new org.springframework.web.cors.CorsConfiguration().applyPermitDefaultValues()))
+                                .httpBasic(basic -> basic.disable())
-                // 禁用默认的登录表单和HTTP基本认证
+                                // 允许所有请求通过，取消默认登录验证
-                .formLogin(form -> form.disable())
+                                .authorizeHttpRequests((authz) -> authz
-                .httpBasic(basic -> basic.disable())
+                                                .anyRequest().permitAll())
-                // 允许所有请求通过，取消默认登录验证
+                                // 禁用CSRF保护
-                .authorizeHttpRequests((authz) -> authz
+                                .csrf(csrf -> csrf.disable())
-                        .anyRequest().permitAll())
+                                // 设置会话创建策略为无状态
-                // 禁用CSRF保护
+                                .sessionManagement(session -> session
-                .csrf(csrf -> csrf.disable())
+                                                .sessionCreationPolicy(SessionCreationPolicy.STATELESS));
                // 设置会话创建策略为无状态
                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
-        return http.build();
+                return http.build();
-    }
+        }
 }
--- a/src/main/java/icu/sunway/ai_spring_example/Controllers/EaxmpleEntityController.java
+++ b/src/main/java/icu/sunway/ai_spring_example/Controllers/EaxmpleEntityController.java
@@ -7,6 +7,9 @@ import jakarta.annotation.Resource;
 import org.springframework.web.bind.annotation.RequestMapping;
 import icu.sunway.ai_spring_example.Service.IExampleEntityService;
 import org.springframework.web.bind.annotation.PutMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.PathVariable;
@Controller
@RestController
@@ -14,4 +17,11 @@ import icu.sunway.ai_spring_example.Service.IExampleEntityService;
 public class EaxmpleEntityController {
    @Resource
    private IExampleEntityService exampleEntityService;
    @PutMapping("test/{id}")
    public String putMethodName(@PathVariable String id, @RequestBody String entity) {
        // TODO: process PUT request
        return entity;
    }
 }