add VersionController

fix disable cors & csrf

Author: xlorne

springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/AutoConfiguration.java

@@ -1,7 +1,6 @@
 package com.codingapi.springboot.security;
 
 import com.codingapi.springboot.security.configurer.HttpSecurityConfigurer;
-import com.codingapi.springboot.security.dto.request.LoginRequest;
 import com.codingapi.springboot.security.filter.*;
 import com.codingapi.springboot.security.handler.ServletExceptionHandler;
 import com.codingapi.springboot.security.jwt.Jwt;
@@ -25,9 +24,6 @@
 import org.springframework.web.servlet.config.annotation.CorsRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
 @Configuration
 @EnableMethodSecurity
 public class AutoConfiguration {
@@ -66,21 +62,20 @@ public HandlerExceptionResolver servletExceptionHandler() {
     @Bean
     @ConditionalOnMissingBean
     public SecurityLoginHandler securityLoginHandler(){
-        return new SecurityLoginHandler() {
-            @Override
-            public void preHandle(HttpServletRequest request, HttpServletResponse response, LoginRequest handler) throws Exception {
+        return (request, response, handler) -> {
 
-            }
         };
     }
 
     @Bean
     @ConditionalOnMissingBean
-    public SecurityFilterChain filterChain(HttpSecurity http, Jwt jwt,SecurityLoginHandler loginHandler, SecurityJwtProperties properties) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http, Jwt jwt,SecurityLoginHandler loginHandler,
+                                           SecurityJwtProperties properties) throws Exception {
         //before add addCorsMappings to enable cors.
         http.cors();
-
-        http.csrf().disable();
+        if(properties.isDisableCsrf() ){
+            http.csrf().disable();
+        }
         http.apply(new HttpSecurityConfigurer(jwt,loginHandler,properties));
         http
                 .exceptionHandling()
@@ -108,7 +103,8 @@ public SecurityFilterChain filterChain(HttpSecurity http, Jwt jwt,SecurityLoginH
 
     @Bean
     @ConditionalOnMissingBean
-    public AuthenticationProvider authenticationProvider(UserDetailsService userDetailsService, PasswordEncoder passwordEncoder) {
+    public AuthenticationProvider authenticationProvider(UserDetailsService userDetailsService,
+                                                         PasswordEncoder passwordEncoder) {
         DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
         provider.setUserDetailsService(userDetailsService);
         provider.setPasswordEncoder(passwordEncoder);
@@ -124,17 +120,20 @@ public Jwt jwt(SecurityJwtProperties properties) {
 
 
     @Bean
-    public WebMvcConfigurer corsConfigurer() {
+    public WebMvcConfigurer corsConfigurer(SecurityJwtProperties securityJwtProperties) {
         return new WebMvcConfigurer() {
             @Override
             public void addCorsMappings(CorsRegistry registry) {
-                registry.addMapping("/**")
-                        .allowedHeaders("*")
-                        .allowedMethods("*")
-                        .exposedHeaders("Authorization", "x-xsrf-token", "Access-Control-Allow-Headers", "Origin", "Accept,X-Requested-With",
-                                "Content-Type", "Access-Control-Request-Method", "Access-Control-Request-Headers")
-                        .maxAge(1800L)
-                        .allowedOrigins("*");
+                if(securityJwtProperties.isDisableCors()) {
+                    registry.addMapping("/**")
+                            .allowedHeaders("*")
+                            .allowedMethods("*")
+                            .exposedHeaders("Authorization", "x-xsrf-token", "Access-Control-Allow-Headers", "Origin",
+                                    "Accept,X-Requested-With", "Content-Type", "Access-Control-Request-Method",
+                                    "Access-Control-Request-Headers")
+                            .maxAge(1800L)
+                            .allowedOrigins("*");
+                }
             }
         };
     }

springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/controller/VersionController.java

@@ -0,0 +1,20 @@
+package com.codingapi.springboot.security.controller;
+
+import lombok.AllArgsConstructor;
+import org.springframework.core.env.Environment;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequestMapping("/open")
+@AllArgsConstructor
+public class VersionController {
+
+    private final Environment env;
+
+    @GetMapping("/version")
+    public String version(){
+        return env.getProperty("application.version","-");
+    }
+}

springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/properties/SecurityJwtProperties.java

@@ -58,6 +58,17 @@ public class SecurityJwtProperties {
      */
     private String ignoreUrls = "/open/**";
 
+    /**
+     * 启用禁用CSRF
+     */
+    private boolean disableCsrf = true;
+
+
+    /**
+     * 启用禁用CORS
+     */
+    private boolean disableCors = true;
+
 
     public String[] getIgnoreUrls() {
         return ignoreUrls.split(",");