|  | @@ -29,26 +29,27 @@ public class ResourceServerConfigure extends ResourceServerConfigurerAdapter {
 | 
	
		
			
				|  |  |      @Override
 | 
	
		
			
				|  |  |      public void configure(HttpSecurity http) throws Exception {
 | 
	
		
			
				|  |  |          http
 | 
	
		
			
				|  |  | +                // 添加全局 CORS 配置
 | 
	
		
			
				|  |  |                  //.cors().configurationSource(corsConfigurationSource()).and()
 | 
	
		
			
				|  |  | -                //.cors().and()
 | 
	
		
			
				|  |  | +                .cors().and()
 | 
	
		
			
				|  |  |                  .csrf().disable()
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |                  // 跨域异常处理
 | 
	
		
			
				|  |  | -                // .exceptionHandling()
 | 
	
		
			
				|  |  | -                // .authenticationEntryPoint((request, response, authException) -> {
 | 
	
		
			
				|  |  | -                //     // 手动添加 CORS 头
 | 
	
		
			
				|  |  | -                //     response.setHeader("Access-Control-Allow-Origin", "*");
 | 
	
		
			
				|  |  | -                //     response.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
 | 
	
		
			
				|  |  | -                //     response.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Type");
 | 
	
		
			
				|  |  | -                //
 | 
	
		
			
				|  |  | -                //     // 返回 JSON 格式的错误信息
 | 
	
		
			
				|  |  | -                //     response.setContentType("application/json;charset=UTF-8");
 | 
	
		
			
				|  |  | -                //     response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
 | 
	
		
			
				|  |  | -                //     response.getWriter().write(
 | 
	
		
			
				|  |  | -                //             "{\"code\": 401, \"message\": \"Token 无效或已过期,请重新登录\"}"
 | 
	
		
			
				|  |  | -                //     );
 | 
	
		
			
				|  |  | -                // })
 | 
	
		
			
				|  |  | -                // .and()
 | 
	
		
			
				|  |  | +                .exceptionHandling()
 | 
	
		
			
				|  |  | +                .authenticationEntryPoint((request, response, authException) -> {
 | 
	
		
			
				|  |  | +                    // 手动添加 CORS 头
 | 
	
		
			
				|  |  | +                    response.setHeader("Access-Control-Allow-Origin", "*");
 | 
	
		
			
				|  |  | +                    response.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
 | 
	
		
			
				|  |  | +                    response.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Type");
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +                    // 返回 JSON 格式的错误信息
 | 
	
		
			
				|  |  | +                    response.setContentType("application/json;charset=UTF-8");
 | 
	
		
			
				|  |  | +                    response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
 | 
	
		
			
				|  |  | +                    response.getWriter().write(
 | 
	
		
			
				|  |  | +                            "{\"code\": 401, \"message\": \"Token 无效或已过期,请重新登录\"}"
 | 
	
		
			
				|  |  | +                    );
 | 
	
		
			
				|  |  | +                })
 | 
	
		
			
				|  |  | +                .and()
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |                  .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
 | 
	
		
			
				|  |  |                  .and()
 |