From 242fad1691917c4fd82c7f04b6190a7113628e93 Mon Sep 17 00:00:00 2001
From: wayne <wayne8692wayne8692@gmail.com>
Date: 星期五, 11 三月 2022 15:31:04 +0800
Subject: [PATCH] Merge branch 'pollex-dev' into sit

---
 pamapi/src/main/java/com/pollex/pam/config/SecurityConfiguration.java |   16 +++++++++++++---
 1 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/pamapi/src/main/java/com/pollex/pam/config/SecurityConfiguration.java b/pamapi/src/main/java/com/pollex/pam/config/SecurityConfiguration.java
index 2ce5355..a8ee0cf 100644
--- a/pamapi/src/main/java/com/pollex/pam/config/SecurityConfiguration.java
+++ b/pamapi/src/main/java/com/pollex/pam/config/SecurityConfiguration.java
@@ -1,6 +1,6 @@
 package com.pollex.pam.config;
 
-import com.pollex.pam.security.*;
+import com.pollex.pam.business.security.AuthoritiesConstants;
 import com.pollex.pam.security.jwt.*;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Import;
@@ -67,22 +67,32 @@
             .headers()
             .contentSecurityPolicy(jHipsterProperties.getSecurity().getContentSecurityPolicy())
         .and()
-            .permissionsPolicy().policy("camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()")
+            .referrerPolicy(ReferrerPolicyHeaderWriter.ReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN)
+        .and()
+            .featurePolicy("geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; fullscreen 'self'; payment 'none'")
         .and()
             .frameOptions()
             .deny()
         .and()
             .sessionManagement()
-            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+            .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
         .and()
             .authorizeRequests()
             .antMatchers("/api/authenticate").permitAll()
             .antMatchers("/api/register").permitAll()
             .antMatchers("/api/activate").permitAll()
+            .antMatchers("/api/testLogin/**").permitAll()
+            .antMatchers("/api/test/sendMsg/**").permitAll()
+            .antMatchers("/api/otp/**").permitAll()
+            .antMatchers("/api/login/validate/**").permitAll()
+            .antMatchers("/api/eService/authenticate").permitAll()
             .antMatchers("/api/account/reset-password/init").permitAll()
             .antMatchers("/api/account/reset-password/finish").permitAll()
             .antMatchers("/api/consultant/recommend").permitAll()
             .antMatchers("/api/consultant/detail").permitAll()
+            .antMatchers("/api/consultant/fastQuery").permitAll()
+            .antMatchers("/api/consultant/strictQuery").permitAll()
+            .antMatchers("/api/consultant/avatar/**").permitAll()
             .antMatchers("/api/admin/**").hasAuthority(AuthoritiesConstants.ADMIN)
             .antMatchers("/api/**").authenticated()
             .antMatchers("/websocket/**").authenticated()

--
Gitblit v1.8.0