From 01d29e6ec3dc22fc33303b26a70cb92c63872cf5 Mon Sep 17 00:00:00 2001
From: zkh <1650697374@qq.com>
Date: Wed, 21 Jan 2026 12:04:00 +0800
Subject: [PATCH] =?UTF-8?q?feat(security):=20=E6=9B=B4=E6=96=B0=E5=AE=89?=
=?UTF-8?q?=E5=85=A8=E9=85=8D=E7=BD=AE=E5=B9=B6=E5=8D=87=E7=BA=A7=E6=A1=86?=
=?UTF-8?q?=E6=9E=B6=E7=89=88=E6=9C=AC?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
- 将父项目版本从 1.5.7 升级到 1.5.8
- 在 WebSecurityConfig 中注入 SecurityProps 配置
- 修改 CustomAuthenticationEntryPoint 构造函数以接受 securityProps 参数
- 将硬编码的访问令牌持续时间替换为 securityProps 配置值
- 将认证失败响应状态码从 401 更改为 40
- 为 zkh-web 模块添加 spring-boot-starter-aop 依赖
---
pom.xml | 2 +-
zkh-common/pom.xml | 2 +-
zkh-data/pom.xml | 2 +-
zkh-file/pom.xml | 2 +-
zkh-log/pom.xml | 2 +-
zkh-web/pom.xml | 6 +++++-
.../main/java/vip/jcfd/web/config/WebSecurityConfig.java | 9 +++++----
7 files changed, 15 insertions(+), 10 deletions(-)
diff --git a/pom.xml b/pom.xml
index f43e3f3..5b02406 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
vip.jcfd
zkh-framework
- 1.5.7
+ 1.5.8
pom
ZKH Framework
A Java framework for ZKH applications
diff --git a/zkh-common/pom.xml b/zkh-common/pom.xml
index e2695bf..afe9fa4 100644
--- a/zkh-common/pom.xml
+++ b/zkh-common/pom.xml
@@ -6,7 +6,7 @@
vip.jcfd
zkh-framework
- 1.5.7
+ 1.5.8
zkh-common
diff --git a/zkh-data/pom.xml b/zkh-data/pom.xml
index 8dd4ef3..8ab8519 100644
--- a/zkh-data/pom.xml
+++ b/zkh-data/pom.xml
@@ -6,7 +6,7 @@
vip.jcfd
zkh-framework
- 1.5.7
+ 1.5.8
zkh-data
diff --git a/zkh-file/pom.xml b/zkh-file/pom.xml
index 764ba44..1de004b 100644
--- a/zkh-file/pom.xml
+++ b/zkh-file/pom.xml
@@ -6,7 +6,7 @@
vip.jcfd
zkh-framework
- 1.5.7
+ 1.5.8
zkh-file
diff --git a/zkh-log/pom.xml b/zkh-log/pom.xml
index ae15e10..4c4c15d 100644
--- a/zkh-log/pom.xml
+++ b/zkh-log/pom.xml
@@ -6,7 +6,7 @@
vip.jcfd
zkh-framework
- 1.5.7
+ 1.5.8
zkh-log
diff --git a/zkh-web/pom.xml b/zkh-web/pom.xml
index 162117f..716aabc 100644
--- a/zkh-web/pom.xml
+++ b/zkh-web/pom.xml
@@ -7,7 +7,7 @@
vip.jcfd
zkh-framework
- 1.5.7
+ 1.5.8
zkh-web
@@ -23,6 +23,10 @@
vip.jcfd
zkh-log
+
+ org.springframework.boot
+ spring-boot-starter-aop
+
org.springframework.boot
spring-boot-starter-web
diff --git a/zkh-web/src/main/java/vip/jcfd/web/config/WebSecurityConfig.java b/zkh-web/src/main/java/vip/jcfd/web/config/WebSecurityConfig.java
index 4e0f6aa..24a682d 100644
--- a/zkh-web/src/main/java/vip/jcfd/web/config/WebSecurityConfig.java
+++ b/zkh-web/src/main/java/vip/jcfd/web/config/WebSecurityConfig.java
@@ -115,7 +115,7 @@ public class WebSecurityConfig {
config.requestMatchers(securityProps.getIgnoreUrls()).permitAll();
config.anyRequest().authenticated();
});
- CustomAuthenticationEntryPoint authenticationEntryPoint = new CustomAuthenticationEntryPoint(objectMapper, tokenRedisStorage);
+ CustomAuthenticationEntryPoint authenticationEntryPoint = new CustomAuthenticationEntryPoint(objectMapper, tokenRedisStorage, securityProps);
http.formLogin(config -> {
config.loginProcessingUrl("/login");
});
@@ -140,7 +140,8 @@ public class WebSecurityConfig {
private record CustomAuthenticationEntryPoint(
ObjectMapper objectMapper,
- TokenRedisStorage tokenRedisStorage) implements AuthenticationEntryPoint, AuthenticationFailureHandler, AuthenticationSuccessHandler {
+ TokenRedisStorage tokenRedisStorage,
+ SecurityProps securityProps) implements AuthenticationEntryPoint, AuthenticationFailureHandler, AuthenticationSuccessHandler {
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
log.warn("访问 {} ,但是认证失败", request.getRequestURI(), authException);
@@ -152,7 +153,7 @@ public class WebSecurityConfig {
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
log.warn("登录失败", exception);
- R