Init

src/main/java/com/ycwl/basic/config/WebMvcConfig.java

@@ -0,0 +1,118 @@
+package com.ycwl.basic.config;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.module.SimpleModule;
+import com.ycwl.basic.interceptor.AuthInterceptor;
+import com.ycwl.basic.xss.XssJacksonDeserializer;
+import com.ycwl.basic.xss.XssJacksonSerializer;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.converter.HttpMessageConverter;
+import org.springframework.http.converter.StringHttpMessageConverter;
+import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder;
+import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.web.filter.CorsFilter;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+import java.util.List;
+
+/**
+ * @date 2022年10月14日 11:20
+ */
+@Configuration
+public class WebMvcConfig implements WebMvcConfigurer {
+
+    @Autowired
+    private AuthInterceptor authInterceptor;
+
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        registry.addInterceptor(authInterceptor)
+                // 拦截除指定接口外的所有请求，通过判断 注解 来决定是否需要做登录验证
+                .addPathPatterns("/**")
+                .excludePathPatterns("/swagger-resources/**", "/webjars/**", "/v2/api-docs", "/doc.html/**", "/error", "/csrf", "/");
+    }
+
+    /**
+     * 配置静态资源
+     */
+    @Override
+    public void addResourceHandlers(ResourceHandlerRegistry registry) {
+        registry.addResourceHandler("/static/**").addResourceLocations("classpath:/static/");
+        registry.addResourceHandler("/templates/**").addResourceLocations("classpath:/templates/");
+        /*放行swagger*/
+        registry.addResourceHandler("doc.html").addResourceLocations("classpath:/META-INF/resources/");
+        registry.addResourceHandler("/webjars/**").addResourceLocations("classpath:/META-INF/resources/webjars/");
+    }
+
+    /**
+     * attention:简单跨域就是GET，HEAD和POST请求，但是POST请求的"Content-Type"只能是application/x-www-form-urlencoded, multipart/form-data 或 text/plain
+     * 反之，就是非简单跨域，此跨域有一个预检机制，说直白点，就是会发两次请求，一次OPTIONS请求，一次真正的请求
+     */
+    @Bean
+    public CorsFilter corsFilter() {
+        final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        final CorsConfiguration config = new CorsConfiguration();
+        config.setAllowCredentials(true);
+        // 允许向该服务器提交请求的URI，*表示全部允许，在SpringMVC中，如果设成*，会自动转成当前请求头中的Origin
+        config.addAllowedOrigin("*");
+        // 允许访问的头信息,*表示全部
+        config.addAllowedHeader("*");
+        // 预检请求的缓存时间（秒），即在这个时间段里，对于相同的跨域请求不会再预检了
+        config.setMaxAge(18000L);
+        // 允许提交请求的方法，*表示全部允许
+        config.addAllowedMethod("OPTIONS");
+        config.addAllowedMethod("HEAD");
+        config.addAllowedMethod("GET");
+        config.addAllowedMethod("PUT");
+        config.addAllowedMethod("POST");
+        config.addAllowedMethod("DELETE");
+        config.addAllowedMethod("PATCH");
+        source.registerCorsConfiguration("/**", config);
+        return new CorsFilter(source);
+    }
+
+
+    @Bean
+    public WebMvcConfigurer createConvert() {
+        return new WebMvcConfigurer() {
+            @Override
+            public void extendMessageConverters(List<HttpMessageConverter<?>> converters) {
+                Jackson2ObjectMapperBuilder builder = new Jackson2ObjectMapperBuilder();
+                ObjectMapper mapper = builder.build();
+                /*注入自定义的序列化工具，将RequestBody的参数进行转译后传输*/
+                SimpleModule simpleModule = new SimpleModule();
+                // XSS序列化
+                simpleModule.addSerializer(String.class, new XssJacksonSerializer());
+                simpleModule.addDeserializer(String.class, new XssJacksonDeserializer());
+                mapper.registerModule(simpleModule);
+                converters.add(new MappingJackson2HttpMessageConverter(mapper));
+            }
+        };
+    }
+
+
+    @Autowired
+    private StringHttpMessageConverter stringHttpMessageConverter;
+    @Autowired
+    private MappingJackson2HttpMessageConverter httpMessageConverter;
+    /**
+     * 添加转换器
+     */
+    @Override
+    public void extendMessageConverters(List<HttpMessageConverter<?>> converters) {
+        for (int i = 0; i < converters.size(); i++) {
+            if (converters.get(i) instanceof StringHttpMessageConverter){
+                converters.set(i, stringHttpMessageConverter);
+            }
+            if (converters.get(i) instanceof MappingJackson2HttpMessageConverter) {
+                converters.set(i, httpMessageConverter);
+            }
+        }
+    }
+}