From f6eecba7ffb1535a2748f3f31ca255e2e0743267 Mon Sep 17 00:00:00 2001
From: dongyukun <1208714201@qq.com>
Date: 星期五, 03 一月 2025 14:00:41 +0800
Subject: [PATCH] Merge remote-tracking branch 'origin/master'
---
iailab-framework/iailab-common-security/src/main/java/com/iailab/framework/security/config/IailabWebSecurityConfigurerAdapter.java | 33 +++++++++++++++------------------
1 files changed, 15 insertions(+), 18 deletions(-)
diff --git a/iailab-framework/iailab-common-security/src/main/java/com/iailab/framework/security/config/IailabWebSecurityConfigurerAdapter.java b/iailab-framework/iailab-common-security/src/main/java/com/iailab/framework/security/config/IailabWebSecurityConfigurerAdapter.java
index cfd671d..4813ecf 100644
--- a/iailab-framework/iailab-common-security/src/main/java/com/iailab/framework/security/config/IailabWebSecurityConfigurerAdapter.java
+++ b/iailab-framework/iailab-common-security/src/main/java/com/iailab/framework/security/config/IailabWebSecurityConfigurerAdapter.java
@@ -126,26 +126,23 @@
// 设置每个请求的权限
httpSecurity
// ①:全局共享规则
- .authorizeRequests()
- // 1.1 静态资源,可匿名访问
- .antMatchers(HttpMethod.GET, "/*.html", "/**/*.html", "/**/*.css", "/**/*.js").permitAll()
- // 1.2 设置 @PermitAll 无需认证
- .antMatchers(HttpMethod.GET, permitAllUrls.get(HttpMethod.GET).toArray(new String[0])).permitAll()
- .antMatchers(HttpMethod.POST, permitAllUrls.get(HttpMethod.POST).toArray(new String[0])).permitAll()
- .antMatchers(HttpMethod.PUT, permitAllUrls.get(HttpMethod.PUT).toArray(new String[0])).permitAll()
- .antMatchers(HttpMethod.DELETE, permitAllUrls.get(HttpMethod.DELETE).toArray(new String[0])).permitAll()
- // 1.3 基于 iailab.security.permit-all-urls 无需认证
- .antMatchers(securityProperties.getPermitAllUrls().toArray(new String[0])).permitAll()
- // 1.4 设置 App API 无需认证
- .antMatchers(buildAppApi("/**")).permitAll()
- // 1.5 验证码captcha 允许匿名访问
- .antMatchers("/captcha/get", "/captcha/check").permitAll()
+ .authorizeHttpRequests(c -> c
+ // 1.1 静态资源,可匿名访问
+ .requestMatchers(HttpMethod.GET, "/*.html", "/*.html", "/*.css", "/*.js").permitAll()
+ // 1.2 设置 @PermitAll 无需认证
+ .requestMatchers(HttpMethod.GET, permitAllUrls.get(HttpMethod.GET).toArray(new String[0])).permitAll()
+ .requestMatchers(HttpMethod.POST, permitAllUrls.get(HttpMethod.POST).toArray(new String[0])).permitAll()
+ .requestMatchers(HttpMethod.PUT, permitAllUrls.get(HttpMethod.PUT).toArray(new String[0])).permitAll()
+ .requestMatchers(HttpMethod.DELETE, permitAllUrls.get(HttpMethod.DELETE).toArray(new String[0])).permitAll()
+ .requestMatchers(HttpMethod.HEAD, permitAllUrls.get(HttpMethod.HEAD).toArray(new String[0])).permitAll()
+ .requestMatchers(HttpMethod.PATCH, permitAllUrls.get(HttpMethod.PATCH).toArray(new String[0])).permitAll()
+ // 1.3 基于 yudao.security.permit-all-urls 无需认证
+ .requestMatchers(securityProperties.getPermitAllUrls().toArray(new String[0])).permitAll()
+ )
// ②:每个项目的自定义规则
- .and().authorizeRequests(registry -> // 下面,循环设置自定义规则
- authorizeRequestsCustomizers.forEach(customizer -> customizer.customize(registry)))
+ .authorizeHttpRequests(c -> authorizeRequestsCustomizers.forEach(customizer -> customizer.customize(c)))
// ③:兜底规则,必须认证
- .authorizeRequests()
- .anyRequest().authenticated();
+ .authorizeHttpRequests(c -> c.anyRequest().authenticated());
// 添加 Token Filter
httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
--
Gitblit v1.9.3