3 سال پیش · ed66156003
--- a/yami-shop-admin/src/main/java/com/yami/shop/admin/security/ResourceServerConfiguration.java
+++ b/yami-shop-admin/src/main/java/com/yami/shop/admin/security/ResourceServerConfiguration.java
@@ -18,6 +18,7 @@ import org.springframework.security.config.http.SessionCreationPolicy;
 
				 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
			
 
				 import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
			
 
				 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
			
 
				+import org.springframework.web.cors.CorsUtils;
			
 
				 
			
 
				 @Configuration
			
 
				 @EnableResourceServer
			
@@ -32,15 +33,12 @@ public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter
 
				         // @formatter:off
			
 
				         http
			
 
				                 .addFilterBefore(loginAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
			
 
				-                // Since we want the protected resources to be accessible in the UI as well we need
			
 
				-                // session creation to be allowed (it's disabled by default in 2.0.6)
			
 
				-                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
			
 
				-                .and()
			
 
				-                .requestMatchers().anyRequest()
			
 
				-                .and()
			
 
				-                .anonymous()
			
 
				-                .and()
			
 
				-                .authorizeRequests()
			
 
				+                .csrf().disable().cors()
			
 
				+                .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
			
 
				+                .and().authorizeRequests().requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
			
 
				+                .and().requestMatchers().anyRequest()
			
 
				+                .and().anonymous()
			
 
				+                .and().authorizeRequests()
			
 
				                 .antMatchers(
			
 
				                         "/webjars/**",
			
 
				                         "/swagger/**",