From 7b7d07dcb2244a82f69b57d6e68c396780667cde Mon Sep 17 00:00:00 2001
From: yutou <zhanglizhenwei@aiyinli.cn>
Date: Fri, 9 Jul 2021 17:54:30 +0800
Subject: [PATCH] update

---
 pom.xml                                       |  4 ++
 .../java/com/yutou/tools/utils/APIFilter.java |  4 +-
 .../com/yutou/tools/utils/AuthConfig.java     | 66 +++++++++++++++++++
 web/html/header.html                          |  2 +-
 4 files changed, 73 insertions(+), 3 deletions(-)
 create mode 100644 src/main/java/com/yutou/tools/utils/AuthConfig.java

diff --git a/pom.xml b/pom.xml
index 79c1c74..34cec30 100644
--- a/pom.xml
+++ b/pom.xml
@@ -102,6 +102,10 @@
             <version>3.28.0</version>
         </dependency>
 
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
     </dependencies>
 
     <build>
diff --git a/src/main/java/com/yutou/tools/utils/APIFilter.java b/src/main/java/com/yutou/tools/utils/APIFilter.java
index ee00395..3d3510a 100644
--- a/src/main/java/com/yutou/tools/utils/APIFilter.java
+++ b/src/main/java/com/yutou/tools/utils/APIFilter.java
@@ -20,8 +20,8 @@ import java.io.IOException;
 import java.util.Enumeration;
 import java.util.List;
 
-@Component
-@WebFilter
+/*@Component
+@WebFilter*/
 public class APIFilter implements Filter {
     public static boolean isDebug = false;
     @Resource
diff --git a/src/main/java/com/yutou/tools/utils/AuthConfig.java b/src/main/java/com/yutou/tools/utils/AuthConfig.java
new file mode 100644
index 0000000..1d45537
--- /dev/null
+++ b/src/main/java/com/yutou/tools/utils/AuthConfig.java
@@ -0,0 +1,66 @@
+package com.yutou.tools.utils;
+
+import com.alibaba.fastjson.JSONObject;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+
+@Configuration
+@EnableWebSecurity
+public class AuthConfig extends WebSecurityConfigurerAdapter {
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        //super.configure(http);
+        http.authorizeRequests()
+                .antMatchers("/",
+                        "/login/sendCaptcha.do",
+                        "/login/login.do",
+                        "/login/check.do"
+                )
+                .permitAll()
+                .anyRequest()
+                .authenticated()
+                .and()
+                .formLogin()
+                .loginPage("/index.html")
+                .and()
+                .exceptionHandling().accessDeniedHandler(new AccessDeniedHandler() {
+            @Override
+            public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException e) throws IOException, ServletException {
+                System.out.println("accessDeniedHandler");
+
+            }
+        }).and().exceptionHandling().authenticationEntryPoint(new AuthenticationEntryPoint() {
+            @Override
+            public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
+                System.out.println("无权限");
+                JSONObject json = new JSONObject();
+                json.put("code", 403);
+                json.put("msg", "You have no authority.");
+                httpServletResponse.getWriter().write(json.toJSONString());
+            }
+        })
+        ;
+
+    }
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        super.configure(auth);
+        System.out.println("wt？");
+    }
+}
diff --git a/web/html/header.html b/web/html/header.html
index dc45fd3..cde4893 100644
--- a/web/html/header.html
+++ b/web/html/header.html
@@ -59,7 +59,7 @@
         if (loginStatus) {
             return;
         }
-        $.post('/login/sendCaptcha.do', function (data) {
+        $.get('/login/sendCaptcha.do', function (data) {
             let json = JSON.parse(data);
             if (json.code === 1) {
                 layer.open({