manager/my-worker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

跨域配置 accessControlAllowOrigin 支持多域名、模糊匹配功能;增加 sessionIdCookieSecure 参数配置

Browse Source
This commit is contained in:
thinkgem
2021-03-11 21:04:50 +08:00
parent 8e0ffb9591
commit 383f81a84b
11 changed files with 19 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
modules/core/src/main/java/com/jeesite/common/shiro/filter/FormAuthenticationFilter.java
View File

@@ -65,9 +65,10 @@ public class FormAuthenticationFilter extends org.apache.shiro.web.filter.authc.
*/ */
public FormAuthenticationFilter() { public FormAuthenticationFilter() {
super(); super();
rememberUserCodeCookie = new SimpleCookie(REMEMBER_USERCODE_PARAM); rememberUserCodeCookie = new SimpleCookie();
rememberUserCodeCookie.setHttpOnly(true); rememberUserCodeCookie.setName(REMEMBER_USERCODE_PARAM);
rememberUserCodeCookie.setMaxAge(Cookie.ONE_YEAR); rememberUserCodeCookie.setPath(Global.getProperty("session.sessionIdCookiePath"));
rememberUserCodeCookie.setSecure(Global.getPropertyToBoolean("session.sessionIdCookieSecure", "false"));
instance = this; instance = this;
} }

5
modules/core/src/main/resources/config/jeesite-core.yml
View File

@@ -371,6 +371,7 @@ shiro:
isAllowExternalSiteIframe: true isAllowExternalSiteIframe: true
# 是否允许跨域访问 CORS如果允许设置允许的域名。当设置'*'号全部域名时accessControlAllowCredentials应该设置为false。 # 是否允许跨域访问 CORS如果允许设置允许的域名。当设置'*'号全部域名时accessControlAllowCredentials应该设置为false。
# v4.2.3 开始支持多个域名和模糊匹配例如http://*.jeesite.com,http://*.jeesite.net
# accessControlAllowOrigin: http://demo.jeesite.com # accessControlAllowOrigin: http://demo.jeesite.com
# accessControlAllowOrigin: '*' # accessControlAllowOrigin: '*'
@@ -454,6 +455,10 @@ session:
# 共享的SessionId的Cookie名称保存到跟路径下第三方应用获取。同一域名下多个项目时需设置共享Cookie的名称。 # 共享的SessionId的Cookie名称保存到跟路径下第三方应用获取。同一域名下多个项目时需设置共享Cookie的名称。
#shareSessionIdCookieName: ${session.sessionIdCookieName} #shareSessionIdCookieName: ${session.sessionIdCookieName}
# 仅在 HTTPS 下通信 Cookie 数据
#session.sessionIdCookieSecure: false
#session.sessionIdCookieHttpOnly: true
# 设置接收SessionId请求参数的名称 # 设置接收SessionId请求参数的名称
sessionIdParamName: __sid sessionIdParamName: __sid

2
modules/core/src/main/resources/views/error/400.html
View File

@@ -50,7 +50,7 @@ else {
</div> </div>
<div class="copyright"> <div class="copyright">
&copy; ${@DateUtils.getYear()} ${@Global.getConfig('productName')} - Powered By <a &copy; ${@DateUtils.getYear()} ${@Global.getConfig('productName')} - Powered By <a
href="http://jeesite.com">JeeSite ${@Global.getProperty('jeesiteVersion')}</a> href="http://jeesite.com" target="_blank">JeeSite ${@Global.getProperty('jeesiteVersion')}</a>
</div> </div>
</div> </div>
<% } %> <% } %>

2
modules/core/src/main/resources/views/error/403.html
View File

@@ -37,7 +37,7 @@ else {
</div> </div>
<div class="copyright"> <div class="copyright">
&copy; ${@DateUtils.getYear()} ${@Global.getConfig('productName')} - Powered By <a &copy; ${@DateUtils.getYear()} ${@Global.getConfig('productName')} - Powered By <a
href="http://jeesite.com">JeeSite ${@Global.getProperty('jeesiteVersion')}</a> href="http://jeesite.com" target="_blank">JeeSite ${@Global.getProperty('jeesiteVersion')}</a>
</div> </div>
</div> </div>
<% } %> <% } %>

2
modules/core/src/main/resources/views/error/404.html
View File

@@ -39,7 +39,7 @@ else {
</div> </div>
<div class="copyright"> <div class="copyright">
&copy; ${@DateUtils.getYear()} ${@Global.getConfig('productName')} - Powered By <a &copy; ${@DateUtils.getYear()} ${@Global.getConfig('productName')} - Powered By <a
href="http://jeesite.com">JeeSite ${@Global.getProperty('jeesiteVersion')}</a> href="http://jeesite.com" target="_blank">JeeSite ${@Global.getProperty('jeesiteVersion')}</a>
</div> </div>
</div> </div>
<% } %> <% } %>

2
modules/core/src/main/resources/views/error/500.html
View File

@@ -45,7 +45,7 @@ else {
</div> </div>
<div class="copyright"> <div class="copyright">
&copy; ${@DateUtils.getYear()} ${@Global.getConfig('productName')} - Powered By <a &copy; ${@DateUtils.getYear()} ${@Global.getConfig('productName')} - Powered By <a
href="http://jeesite.com">JeeSite ${@Global.getProperty('jeesiteVersion')}</a> href="http://jeesite.com" target="_blank">JeeSite ${@Global.getProperty('jeesiteVersion')}</a>
</div> </div>
</div> </div>
<% if (@Global.getPropertyToBoolean('error.page.printErrorInfo', 'true') <% if (@Global.getPropertyToBoolean('error.page.printErrorInfo', 'true')

2
modules/core/src/main/resources/views/modules/sys/forgetPwd.html
View File

@@ -95,7 +95,7 @@
<div class="login-copyright"> <div class="login-copyright">
&copy; ${@DateUtils.getYear()} ${@Global.getConfig('productName')} - Powered By <a &copy; ${@DateUtils.getYear()} ${@Global.getConfig('productName')} - Powered By <a
id="loginKey" data-key="${@Global.getConfig('shiro.loginSubmit.secretKey')}" id="loginKey" data-key="${@Global.getConfig('shiro.loginSubmit.secretKey')}"
href="http://jeesite.com" >JeeSite ${@Global.getProperty('jeesiteVersion')}</a> href="http://jeesite.com" target="_blank">JeeSite ${@Global.getProperty('jeesiteVersion')}</a>
</div> </div>
</div> </div>
<% } %> <% } %>

2
modules/core/src/main/resources/views/modules/sys/registerUser.html
View File

@@ -91,7 +91,7 @@
<div class="login-copyright"> <div class="login-copyright">
&copy; ${@DateUtils.getYear()} ${@Global.getConfig('productName')} - Powered By <a &copy; ${@DateUtils.getYear()} ${@Global.getConfig('productName')} - Powered By <a
id="loginKey" data-key="${@Global.getConfig('shiro.loginSubmit.secretKey')}" id="loginKey" data-key="${@Global.getConfig('shiro.loginSubmit.secretKey')}"
href="http://jeesite.com" >JeeSite ${@Global.getProperty('jeesiteVersion')}</a> href="http://jeesite.com" target="_blank">JeeSite ${@Global.getProperty('jeesiteVersion')}</a>
</div> </div>
</div> </div>
<% } %> <% } %>

3
modules/core/src/main/resources/views/modules/sys/sysDesktop.html
View File

@@ -714,7 +714,8 @@
</div> </div>
<footer class="main-footer m0"> <footer class="main-footer m0">
<div class="pull-right hidden-xs">当前版本: ${@Global.getConfig('productVersion')}</div> <div class="pull-right hidden-xs">当前版本: ${@Global.getConfig('productVersion')}</div>
&copy; ${@DateUtils.getYear()} ${@Global.getConfig('productName')} - Powered By <a href="http://jeesite.com">JeeSite</a> &copy; ${@DateUtils.getYear()} ${@Global.getConfig('productName')} - Powered By
<a href="http://jeesite.com" target="_blank">JeeSite</a>
</footer> </footer>
<% } %> <% } %>
<script src="${ctxStatic}/jquery/jquery-ui-sortable-1.12.1.min.js"></script> <script src="${ctxStatic}/jquery/jquery-ui-sortable-1.12.1.min.js"></script>

2
modules/core/src/main/resources/views/modules/sys/sysLogin.html
View File

@@ -98,7 +98,7 @@
<div class="login-copyright"> <div class="login-copyright">
&copy; ${@DateUtils.getYear()} ${@Global.getConfig('productName')} - Powered By <a &copy; ${@DateUtils.getYear()} ${@Global.getConfig('productName')} - Powered By <a
id="loginKey" data-key="${@Global.getConfig('shiro.loginSubmit.secretKey')}" id="loginKey" data-key="${@Global.getConfig('shiro.loginSubmit.secretKey')}"
href="http://jeesite.com" >JeeSite ${@Global.getProperty('jeesiteVersion')}</a> href="http://jeesite.com" target="_blank">JeeSite ${@Global.getProperty('jeesiteVersion')}</a>
</div> </div>
</div> </div>
<% } %> <% } %>

1
web/src/main/resources/config/application.yml
View File

@@ -484,6 +484,7 @@ shiro:
# isAllowExternalSiteIframe: true # isAllowExternalSiteIframe: true
# #
# # 是否允许跨域访问 CORS如果允许设置允许的域名。当设置'*'号全部域名时accessControlAllowCredentials应该设置为false。 # # 是否允许跨域访问 CORS如果允许设置允许的域名。当设置'*'号全部域名时accessControlAllowCredentials应该设置为false。
# # v4.2.3 开始支持多个域名和模糊匹配例如http://*.jeesite.com,http://*.jeesite.net
## accessControlAllowOrigin: http://demo.jeesite.com ## accessControlAllowOrigin: http://demo.jeesite.com
## accessControlAllowOrigin: '*' ## accessControlAllowOrigin: '*'
# #