gitee/yudao-cloud
1
0
Fork 0
mirror of https://gitee.com/zhijiantianya/yudao-cloud.git synced 2026-03-22 05:07:16 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

【功能优化】spring security:antMatchers 替换成 requestMatchers

Browse Source
This commit is contained in:
YunaiV
2024-10-01 15:22:58 +08:00
parent 058eef0942
commit ad2cc100d2
15 changed files with 136 additions and 127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
yudao-module-mp/yudao-module-mp-biz/src/main/java/cn/iocoder/yudao/module/mp/framework/security/config/SecurityConfiguration.java
View File

@@ -5,33 +5,33 @@ import cn.iocoder.yudao.module.system.enums.ApiConstants;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
/**
* System 模块的 Security 配置
* MP 模块的 Security 配置
*/
@Configuration(proxyBeanMethods = false, value = "systemSecurityConfiguration")
@Configuration(proxyBeanMethods = false, value = "mpSecurityConfiguration")
public class SecurityConfiguration {
@Bean("systemAuthorizeRequestsCustomizer")
@Bean("mpAuthorizeRequestsCustomizer")
public AuthorizeRequestsCustomizer authorizeRequestsCustomizer() {
return new AuthorizeRequestsCustomizer() {
@Override
public void customize(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) {
public void customize(AuthorizeHttpRequestsConfigurer<HttpSecurity>.AuthorizationManagerRequestMatcherRegistry registry) {
// TODO 芋艿:这个每个项目都需要重复配置,得捉摸有没通用的方案
// Swagger 接口文档
registry.antMatchers("/v3/api-docs/**").permitAll()
.antMatchers("/webjars/**").permitAll()
.antMatchers("/swagger-ui").permitAll()
.antMatchers("/swagger-ui/**").permitAll();
registry.requestMatchers("/v3/api-docs/**").permitAll()
.requestMatchers("/webjars/**").permitAll()
.requestMatchers("/swagger-ui").permitAll()
.requestMatchers("/swagger-ui/**").permitAll();
// Druid 监控
registry.antMatchers("/druid/**").anonymous();
registry.requestMatchers("/druid/**").permitAll();
// Spring Boot Actuator 的安全配置
registry.antMatchers("/actuator").anonymous()
.antMatchers("/actuator/**").anonymous();
registry.requestMatchers("/actuator").permitAll()
.requestMatchers("/actuator/**").permitAll();
// RPC 服务的安全配置
registry.antMatchers(ApiConstants.PREFIX + "/**").permitAll();
registry.requestMatchers(ApiConstants.PREFIX + "/**").permitAll();
}
};