package com.iailab.module.infra.framework.security.config; import com.iailab.framework.security.config.AuthorizeRequestsCustomizer; import com.iailab.module.infra.enums.ApiConstants; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer; /** * Infra 模块的 Security 配置 */ @Configuration(proxyBeanMethods = false, value = "infraSecurityConfiguration") public class SecurityConfiguration { @Value("${spring.boot.admin.context-path:''}") private String adminSeverContextPath; @Bean("infraAuthorizeRequestsCustomizer") public AuthorizeRequestsCustomizer authorizeRequestsCustomizer() { return new AuthorizeRequestsCustomizer() { @Override public void customize(AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry registry) { // Swagger 接口文档 registry.requestMatchers("/v3/api-docs/**").permitAll() .requestMatchers("/webjars/**").permitAll() .requestMatchers("/swagger-ui").permitAll() .requestMatchers("/swagger-ui/**").permitAll(); // Spring Boot Actuator 的安全配置 registry.requestMatchers("/actuator").permitAll() .requestMatchers("/actuator/**").permitAll(); // Druid 监控 registry.requestMatchers("/druid/**").permitAll(); // Spring Boot Admin Server 的安全配置 registry.requestMatchers(adminSeverContextPath).permitAll() .requestMatchers(adminSeverContextPath + "/**").permitAll(); // 文件读取 registry.requestMatchers(buildAdminApi("/infra/file/*/get/**")).permitAll(); // TODO iailab:这个每个项目都需要重复配置,得捉摸有没通用的方案 // RPC 服务的安全配置 registry.requestMatchers(ApiConstants.PREFIX + "/**").permitAll(); } }; } }