From 6bc1fe8d211d948d1abd41e35fa789ebe6dfd362 Mon Sep 17 00:00:00 2001
From: EightMonth <eightmonth@qq.com>
Date: Mon, 29 Apr 2024 17:27:25 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D#6150=EF=BC=8C=E5=90=8C?=
 =?UTF-8?q?=E6=97=B6=E4=BF=AE=E5=A4=8Donline=E8=A1=A8=E5=8D=95=E6=97=A0?=
 =?UTF-8?q?=E6=B3=95=E5=8A=A0=E8=BD=BD=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../java/org/apache/shiro/SecurityUtils.java  | 21 +++++++++++++++++++
 .../org/apache/shiro/subject/Subject.java     | 14 +++++++++++++
 .../jeecg/config/security/SecurityConfig.java |  7 ++++++-
 3 files changed, 41 insertions(+), 1 deletion(-)
 create mode 100644 jeecg-boot-base-core/src/main/java/org/apache/shiro/SecurityUtils.java
 create mode 100644 jeecg-boot-base-core/src/main/java/org/apache/shiro/subject/Subject.java

diff --git a/jeecg-boot-base-core/src/main/java/org/apache/shiro/SecurityUtils.java b/jeecg-boot-base-core/src/main/java/org/apache/shiro/SecurityUtils.java
new file mode 100644
index 000000000..dd88d715e
--- /dev/null
+++ b/jeecg-boot-base-core/src/main/java/org/apache/shiro/SecurityUtils.java
@@ -0,0 +1,21 @@
+package org.apache.shiro;
+
+import org.apache.shiro.subject.Subject;
+
+/**
+ * 兼容处理Online功能使用处理，请勿修改
+ * @author eightmonth@qq.com
+ * @date 2024/4/29 14:05
+ */
+public class SecurityUtils {
+
+
+    public static Subject getSubject() {
+        return new Subject() {
+            @Override
+            public Object getPrincipal() {
+                return Subject.super.getPrincipal();
+            }
+        };
+    }
+}
diff --git a/jeecg-boot-base-core/src/main/java/org/apache/shiro/subject/Subject.java b/jeecg-boot-base-core/src/main/java/org/apache/shiro/subject/Subject.java
new file mode 100644
index 000000000..b5c3aaf1e
--- /dev/null
+++ b/jeecg-boot-base-core/src/main/java/org/apache/shiro/subject/Subject.java
@@ -0,0 +1,14 @@
+package org.apache.shiro.subject;
+
+import org.jeecg.config.security.utils.SecureUtil;
+
+/**
+ * 兼容处理Online功能使用处理，请勿修改
+ * @author eightmonth@qq.com
+ * @date 2024/4/29 14:18
+ */
+public interface Subject {
+    default Object getPrincipal() {
+        return SecureUtil.currentUser();
+    }
+}
diff --git a/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/SecurityConfig.java b/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/SecurityConfig.java
index d5e3195e0..450008eac 100644
--- a/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/SecurityConfig.java
+++ b/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/SecurityConfig.java
@@ -24,6 +24,7 @@ import org.springframework.security.config.annotation.method.configuration.Enabl
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
 import org.springframework.security.crypto.password.NoOpPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
@@ -37,6 +38,8 @@ import org.springframework.security.oauth2.server.authorization.settings.Authori
 import org.springframework.security.oauth2.server.authorization.token.*;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
+import org.springframework.security.web.header.writers.frameoptions.RegExpAllowFromStrategy;
+import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;
 import org.springframework.web.cors.CorsConfiguration;
@@ -47,6 +50,7 @@ import java.security.SecureRandom;
 import java.security.interfaces.RSAPrivateKey;
 import java.security.interfaces.RSAPublicKey;
 import java.util.Arrays;
+import java.util.List;
 
 /**
  * spring authorization server核心配置
@@ -78,7 +82,7 @@ public class SecurityConfig {
                 .tokenEndpoint(tokenEndpoint -> tokenEndpoint.accessTokenRequestConverter(new SocialGrantAuthenticationConvert())
                         .authenticationProvider(new SocialGrantAuthenticationProvider(authorizationService, tokenGenerator())))
                 //开启OpenID Connect 1.0（其中oidc为OpenID Connect的缩写）。 访问 /.well-known/openid-configuration即可获取认证信息
-                .oidc(Customizer.withDefaults());	// Enable OpenID Connect 1.0
+                .oidc(Customizer.withDefaults());
         http
                 //将需要认证的请求，重定向到login页面行登录认证。
                 .exceptionHandling((exceptions) -> exceptions
@@ -161,6 +165,7 @@ public class SecurityConfig {
                         .requestMatchers(AntPathRequestMatcher.antMatcher("/error")).permitAll()
                         .anyRequest().authenticated()
                 )
+                .headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable))
                 .cors(cors -> cors
                         .configurationSource(req -> {
                             CorsConfiguration config = new CorsConfiguration();