portal spring security config init bug

imloki · Oct 24, 2017 · ea77e45 · ea77e45
1 parent fbc4178
commit ea77e45
Showing 1 changed file with 2 additions and 3 deletions.
diff --git a/.../src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/AuthConfiguration.java b/.../src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/AuthConfiguration.java
@@ -248,9 +248,8 @@ static class SpringSecurityConfigurer extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) throws Exception {
       http.csrf().disable();
       http.headers().frameOptions().sameOrigin();
-      http.authorizeRequests()
-          .antMatchers("/openapi/*").permitAll()
-          .antMatchers("/*").hasAnyRole(USER_ROLE);
+      http.authorizeRequests().antMatchers("/openapi/**", "/vendor/**", "/styles/**", "/scripts/**", "/views/**", "/img/**").permitAll()
+      .antMatchers("/**").hasAnyRole(USER_ROLE);
       http.formLogin().loginPage("/signin").permitAll().failureUrl("/signin?#/error").and().httpBasic();
       http.logout().invalidateHttpSession(true).clearAuthentication(true).logoutSuccessUrl("/signin?#/logout");
       http.exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/signin"));