工业互联网平台
查看 | 历史 | 提交 | 提交对比
houzhongyi
2024-07-11 e7c1260db32209a078a962aaa0ad5492c35774fb
提交 | 用户 | 时间
e7c126 1 package com.iailab.module.bpm.framework.security.config;
H 2
3 import com.iailab.framework.security.config.AuthorizeRequestsCustomizer;
4 import org.springframework.context.annotation.Bean;
5 import org.springframework.context.annotation.Configuration;
6 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
7 import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
8
9 /**
10  * Bpm 模块的 Security 配置
11  */
12 @Configuration(proxyBeanMethods = false, value = "bpmSecurityConfiguration")
13 public class SecurityConfiguration {
14
15     @Bean("bpmAuthorizeRequestsCustomizer")
16     public AuthorizeRequestsCustomizer authorizeRequestsCustomizer() {
17         return new AuthorizeRequestsCustomizer() {
18
19             @Override
20             public void customize(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) {
21                 // TODO iailab:这个每个项目都需要重复配置,得捉摸有没通用的方案
22                 // Swagger 接口文档
23                 registry.antMatchers("/v3/api-docs/**").permitAll() // 元数据
24                         .antMatchers("/swagger-ui.html").permitAll(); // Swagger UI
25                 // Druid 监控
26                 registry.antMatchers("/druid/**").anonymous();
27                 // Spring Boot Actuator 的安全配置
28                 registry.antMatchers("/actuator").anonymous()
29                         .antMatchers("/actuator/**").anonymous();
30             }
31
32         };
33     }
34
35 }