update security 路径配置抽取到配置文件
This commit is contained in:
疯狂的狮子li
parent
8a81f37d22
commit
0f2caf1cb6
@ -106,6 +106,23 @@ token:
|
|||||||
# 令牌有效期(默认30分钟)
|
# 令牌有效期(默认30分钟)
|
||||||
expireTime: 30
|
expireTime: 30
|
||||||
|
|
||||||
|
# security配置
|
||||||
|
security:
|
||||||
|
anonymous:
|
||||||
|
- /login
|
||||||
|
- /register
|
||||||
|
- /captchaImage
|
||||||
|
# swagger 文档配置
|
||||||
|
- /doc.html
|
||||||
|
- /swagger-resources/**
|
||||||
|
- /webjars/**
|
||||||
|
- /*/api-docs
|
||||||
|
# druid 监控配置
|
||||||
|
- /druid/**
|
||||||
|
# actuator 监控配置
|
||||||
|
- /actuator
|
||||||
|
- /actuator/**
|
||||||
|
|
||||||
# 重复提交
|
# 重复提交
|
||||||
repeat-submit:
|
repeat-submit:
|
||||||
# 全局间隔时间(毫秒)
|
# 全局间隔时间(毫秒)
|
||||||
|
|||||||
@ -1,5 +1,6 @@
|
|||||||
package com.ruoyi.framework.config;
|
package com.ruoyi.framework.config;
|
||||||
|
|
||||||
|
import com.ruoyi.framework.config.properties.SecurityProperties;
|
||||||
import com.ruoyi.framework.security.filter.JwtAuthenticationTokenFilter;
|
import com.ruoyi.framework.security.filter.JwtAuthenticationTokenFilter;
|
||||||
import com.ruoyi.framework.security.handle.AuthenticationEntryPointImpl;
|
import com.ruoyi.framework.security.handle.AuthenticationEntryPointImpl;
|
||||||
import com.ruoyi.framework.security.handle.LogoutSuccessHandlerImpl;
|
import com.ruoyi.framework.security.handle.LogoutSuccessHandlerImpl;
|
||||||
@ -56,6 +57,9 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
|
|||||||
@Autowired
|
@Autowired
|
||||||
private CorsFilter corsFilter;
|
private CorsFilter corsFilter;
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
private SecurityProperties securityProperties;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 解决 无法直接注入 AuthenticationManager
|
* 解决 无法直接注入 AuthenticationManager
|
||||||
*
|
*
|
||||||
@ -96,8 +100,6 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
|
|||||||
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
|
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
|
||||||
// 过滤请求
|
// 过滤请求
|
||||||
.authorizeRequests()
|
.authorizeRequests()
|
||||||
// 对于登录login 注册register 验证码captchaImage 允许匿名访问
|
|
||||||
.antMatchers("/login", "/register", "/captchaImage").anonymous()
|
|
||||||
.antMatchers(
|
.antMatchers(
|
||||||
HttpMethod.GET,
|
HttpMethod.GET,
|
||||||
"/",
|
"/",
|
||||||
@ -106,14 +108,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
|
|||||||
"/**/*.css",
|
"/**/*.css",
|
||||||
"/**/*.js"
|
"/**/*.js"
|
||||||
).permitAll()
|
).permitAll()
|
||||||
.antMatchers("/doc.html").anonymous()
|
.antMatchers(securityProperties.getAnonymous()).anonymous()
|
||||||
.antMatchers("/swagger-resources/**").anonymous()
|
|
||||||
.antMatchers("/webjars/**").anonymous()
|
|
||||||
.antMatchers("/*/api-docs").anonymous()
|
|
||||||
.antMatchers("/druid/**").anonymous()
|
|
||||||
// Spring Boot Actuator 的安全配置
|
|
||||||
.antMatchers("/actuator").anonymous()
|
|
||||||
.antMatchers("/actuator/**").anonymous()
|
|
||||||
// 除上面外的所有请求全部需要鉴权认证
|
// 除上面外的所有请求全部需要鉴权认证
|
||||||
.anyRequest().authenticated()
|
.anyRequest().authenticated()
|
||||||
.and()
|
.and()
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user