package com.iailab.module.infra.framework.security.config; import com.iailab.framework.security.config.AuthorizeRequestsCustomizer; import com.iailab.module.infra.enums.ApiConstants; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer; /** * Infra 模块的 Security 配置 */ @Configuration(proxyBeanMethods = false, value = "infraSecurityConfiguration") public class SecurityConfiguration { @Value("${spring.boot.admin.context-path:''}") private String adminSeverContextPath; @Bean("infraAuthorizeRequestsCustomizer") public AuthorizeRequestsCustomizer authorizeRequestsCustomizer() { return new AuthorizeRequestsCustomizer() { @Override public void customize(ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry registry) { // Swagger 接口文档 registry.antMatchers("/v3/api-docs/**").permitAll() // 元数据 .antMatchers("/swagger-ui.html").permitAll(); // Swagger UI // Spring Boot Actuator 的安全配置 registry.antMatchers("/actuator").anonymous() .antMatchers("/actuator/**").anonymous(); // Druid 监控 registry.antMatchers("/druid/**").anonymous(); // Spring Boot Admin Server 的安全配置 registry.antMatchers(adminSeverContextPath).anonymous() .antMatchers(adminSeverContextPath + "/**").anonymous(); // 文件读取 registry.antMatchers(buildAdminApi("/infra/file/*/get/**")).permitAll(); // TODO iailab:这个每个项目都需要重复配置,得捉摸有没通用的方案 // RPC 服务的安全配置 registry.antMatchers(ApiConstants.PREFIX + "/**").permitAll(); } }; } }