工业互联网平台
blame | 历史 | 补丁 | 提交 | 提交对比 | 忽略空白
Jay
2024-11-25 ee9f604388a3e77d3f4654e326f3976552e7f532 
 iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/framework/security/config/SecurityConfiguration.java


@@ -1,43 +1,33 @@


package com.iailab.module.data.framework.security.config;




import com.iailab.framework.security.config.AuthorizeRequestsCustomizer;


import com.iailab.module.data.enums.ApiConstants;


import org.springframework.beans.factory.annotation.Value;


import com.iailab.module.system.enums.ApiConstants;


import org.springframework.context.annotation.Bean;


import org.springframework.context.annotation.Configuration;


import org.springframework.security.config.annotation.web.builders.HttpSecurity;


import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;




/**


 * data 模块的 Security 配置


 * System 模块的 Security 配置


 */


@Configuration(proxyBeanMethods = false, value = "dataSecurityConfiguration")


@Configuration(proxyBeanMethods = false, value = "systemSecurityConfiguration")


public class SecurityConfiguration {




    @Value("${spring.boot.admin.context-path:''}")


    private String adminSeverContextPath;




    @Bean("infraAuthorizeRequestsCustomizer")


    @Bean("systemAuthorizeRequestsCustomizer")


    public AuthorizeRequestsCustomizer authorizeRequestsCustomizer() {


        return new AuthorizeRequestsCustomizer() {




            @Override


            public void customize(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) {


                // TODO iailab:这个每个项目都需要重复配置,得捉摸有没通用的方案


                // Swagger 接口文档


                registry.antMatchers("/v3/api-docs/**").permitAll() // 元数据


                        .antMatchers("/swagger-ui.html").permitAll(); // Swagger UI


                // Druid 监控


                registry.antMatchers("/druid/**").anonymous();


                // Spring Boot Actuator 的安全配置


                registry.antMatchers("/actuator").anonymous()


                        .antMatchers("/actuator/**").anonymous();


                // Druid 监控


                registry.antMatchers("/druid/**").anonymous();


                // Spring Boot Admin Server 的安全配置


                registry.antMatchers(adminSeverContextPath).anonymous()


                        .antMatchers(adminSeverContextPath + "/**").anonymous();


                // 文件读取


                registry.antMatchers(buildAdminApi("/data/point/**")).permitAll();




                // TODO iailab:这个每个项目都需要重复配置,得捉摸有没通用的方案


                // RPC 服务的安全配置


                registry.antMatchers(ApiConstants.PREFIX + "/**").permitAll();


            }