admin/lx-admin-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update security 路径配置抽取到配置文件

Browse Source
This commit is contained in:
疯狂的狮子li 2021-09-26 17:26:45 +08:00
parent 7702175130
commit 6976c7f386
3 changed files with 16 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
ruoyi-admin/src/main/resources/application.yml
View File

@ -124,13 +124,17 @@ sa-token:
# security配置 # security配置
security: security:
# 登出路径 # 排除路径
logout-url: /logout excludes:
# 匿名路径
anonymous:
- /login - /login
- /logout
- /register - /register
- /captchaImage - /captchaImage
# 静态资源
- /*.html
- /**/*.html
- /**/*.css
- /**/*.js
# swagger 文档配置 # swagger 文档配置
- /doc.html - /doc.html
- /swagger-resources/** - /swagger-resources/**
@ -141,8 +145,6 @@ security:
# actuator 监控配置 # actuator 监控配置
- /actuator - /actuator
- /actuator/** - /actuator/**
# 用户放行
permit-all:
# 重复提交 # 重复提交
repeat-submit: repeat-submit:

25
ruoyi-framework/src/main/java/com/ruoyi/framework/config/ResourcesConfig.java
View File

@ -6,6 +6,8 @@ import cn.dev33.satoken.router.SaRouter;
import cn.dev33.satoken.stp.StpUtil; import cn.dev33.satoken.stp.StpUtil;
import com.ruoyi.common.utils.SecurityUtils; import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.StringUtils; import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.framework.config.properties.SecurityProperties;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.CorsConfiguration;
@ -17,7 +19,6 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collections; import java.util.Collections;
import java.util.List;
/** /**
* 通用配置 * 通用配置
@ -27,26 +28,12 @@ import java.util.List;
@Configuration @Configuration
public class ResourcesConfig implements WebMvcConfigurer { public class ResourcesConfig implements WebMvcConfigurer {
@Autowired
private SecurityProperties securityProperties;
// 注册sa-token的拦截器 // 注册sa-token的拦截器
@Override @Override
public void addInterceptors(InterceptorRegistry registry) { public void addInterceptors(InterceptorRegistry registry) {
List<String> urlPath = Arrays.asList(
"/login",
"/logout",
"/register",
"/captchaImage",
"/*.html",
"/**/*.html",
"/**/*.css",
"/**/*.js",
"/doc.html",
"/swagger-resources/**",
"/webjars/**",
"/*/api-docs",
"/druid/**",
"/actuator",
"/actuator/**"
);
// 注册路由拦截器自定义验证规则 // 注册路由拦截器自定义验证规则
registry.addInterceptor(new SaRouteInterceptor((request, response, handler) -> { registry.addInterceptor(new SaRouteInterceptor((request, response, handler) -> {
// 登录验证 -- 排除多个路径 // 登录验证 -- 排除多个路径
@ -54,7 +41,7 @@ public class ResourcesConfig implements WebMvcConfigurer {
//获取所有的 //获取所有的
Collections.singletonList("/**"), Collections.singletonList("/**"),
//排除下不需要拦截的 //排除下不需要拦截的
urlPath, Arrays.asList(securityProperties.getExcludes()),
() -> { () -> {
Long userId = SecurityUtils.getUserId(); Long userId = SecurityUtils.getUserId();
if(StringUtils.isNotNull(userId) ) { if(StringUtils.isNotNull(userId) ) {

13
ruoyi-framework/src/main/java/com/ruoyi/framework/config/properties/SecurityProperties.java
View File

@ -15,18 +15,9 @@ import org.springframework.stereotype.Component;
public class SecurityProperties { public class SecurityProperties {
/** /**
* 退出登录url * 排除路径
*/ */
private String logoutUrl; private String[] excludes;
/**
* 匿名放行路径
*/
private String[] anonymous;
/**
* 用户任意访问放行路径
*/
private String[] permitAll;
} }