diff --git a/pom.xml b/pom.xml
index 79c1c74..34cec30 100644
--- a/pom.xml
+++ b/pom.xml
@@ -102,6 +102,10 @@
3.28.0
+
+ org.springframework.boot
+ spring-boot-starter-security
+
diff --git a/src/main/java/com/yutou/tools/utils/APIFilter.java b/src/main/java/com/yutou/tools/utils/APIFilter.java
index ee00395..3d3510a 100644
--- a/src/main/java/com/yutou/tools/utils/APIFilter.java
+++ b/src/main/java/com/yutou/tools/utils/APIFilter.java
@@ -20,8 +20,8 @@ import java.io.IOException;
import java.util.Enumeration;
import java.util.List;
-@Component
-@WebFilter
+/*@Component
+@WebFilter*/
public class APIFilter implements Filter {
public static boolean isDebug = false;
@Resource
diff --git a/src/main/java/com/yutou/tools/utils/AuthConfig.java b/src/main/java/com/yutou/tools/utils/AuthConfig.java
new file mode 100644
index 0000000..1d45537
--- /dev/null
+++ b/src/main/java/com/yutou/tools/utils/AuthConfig.java
@@ -0,0 +1,66 @@
+package com.yutou.tools.utils;
+
+import com.alibaba.fastjson.JSONObject;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+
+@Configuration
+@EnableWebSecurity
+public class AuthConfig extends WebSecurityConfigurerAdapter {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ //super.configure(http);
+ http.authorizeRequests()
+ .antMatchers("/",
+ "/login/sendCaptcha.do",
+ "/login/login.do",
+ "/login/check.do"
+ )
+ .permitAll()
+ .anyRequest()
+ .authenticated()
+ .and()
+ .formLogin()
+ .loginPage("/index.html")
+ .and()
+ .exceptionHandling().accessDeniedHandler(new AccessDeniedHandler() {
+ @Override
+ public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException e) throws IOException, ServletException {
+ System.out.println("accessDeniedHandler");
+
+ }
+ }).and().exceptionHandling().authenticationEntryPoint(new AuthenticationEntryPoint() {
+ @Override
+ public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
+ System.out.println("无权限");
+ JSONObject json = new JSONObject();
+ json.put("code", 403);
+ json.put("msg", "You have no authority.");
+ httpServletResponse.getWriter().write(json.toJSONString());
+ }
+ })
+ ;
+
+ }
+
+ @Override
+ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+ super.configure(auth);
+ System.out.println("wt?");
+ }
+}
diff --git a/web/html/header.html b/web/html/header.html
index dc45fd3..cde4893 100644
--- a/web/html/header.html
+++ b/web/html/header.html
@@ -59,7 +59,7 @@
if (loginStatus) {
return;
}
- $.post('/login/sendCaptcha.do', function (data) {
+ $.get('/login/sendCaptcha.do', function (data) {
let json = JSON.parse(data);
if (json.code === 1) {
layer.open({