| | |
| | | import org.springframework.context.annotation.Bean; |
| | | import org.springframework.context.annotation.Configuration; |
| | | import org.springframework.security.config.annotation.web.builders.HttpSecurity; |
| | | import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer; |
| | | import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer; |
| | | |
| | | /** |
| | | * Infra 模块的 Security 配置 |
| | |
| | | return new AuthorizeRequestsCustomizer() { |
| | | |
| | | @Override |
| | | public void customize(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) { |
| | | public void customize(AuthorizeHttpRequestsConfigurer<HttpSecurity>.AuthorizationManagerRequestMatcherRegistry registry) { |
| | | // Swagger 接口文档 |
| | | registry.antMatchers("/v3/api-docs/**").permitAll() // 元数据 |
| | | .antMatchers("/swagger-ui.html").permitAll(); // Swagger UI |
| | | registry.requestMatchers("/v3/api-docs/**").permitAll() |
| | | .requestMatchers("/webjars/**").permitAll() |
| | | .requestMatchers("/swagger-ui").permitAll() |
| | | .requestMatchers("/swagger-ui/**").permitAll(); |
| | | // Spring Boot Actuator 的安全配置 |
| | | registry.antMatchers("/actuator").anonymous() |
| | | .antMatchers("/actuator/**").anonymous(); |
| | | registry.requestMatchers("/actuator").permitAll() |
| | | .requestMatchers("/actuator/**").permitAll(); |
| | | // Druid 监控 |
| | | registry.antMatchers("/druid/**").anonymous(); |
| | | registry.requestMatchers("/druid/**").permitAll(); |
| | | // Spring Boot Admin Server 的安全配置 |
| | | registry.antMatchers(adminSeverContextPath).anonymous() |
| | | .antMatchers(adminSeverContextPath + "/**").anonymous(); |
| | | registry.requestMatchers(adminSeverContextPath).permitAll() |
| | | .requestMatchers(adminSeverContextPath + "/**").permitAll(); |
| | | // 文件读取 |
| | | registry.antMatchers(buildAdminApi("/infra/file/*/get/**")).permitAll(); |
| | | registry.requestMatchers(buildAdminApi("/infra/file/*/get/**")).permitAll(); |
| | | |
| | | // TODO iailab:这个每个项目都需要重复配置,得捉摸有没通用的方案 |
| | | // RPC 服务的安全配置 |
| | | registry.antMatchers(ApiConstants.PREFIX + "/**").permitAll(); |
| | | registry.requestMatchers(ApiConstants.PREFIX + "/**").permitAll(); |
| | | } |
| | | |
| | | }; |