【功能优化】spring security:antMatchers 替换成 requestMatchers
This commit is contained in:
parent
2ca4f1fb9b
commit
eae97e1b33
|
@ -4,7 +4,7 @@ import cn.iocoder.yudao.framework.web.config.WebProperties;
|
||||||
import org.springframework.core.Ordered;
|
import org.springframework.core.Ordered;
|
||||||
import org.springframework.security.config.Customizer;
|
import org.springframework.security.config.Customizer;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
|
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
|
||||||
|
|
||||||
import javax.annotation.Resource;
|
import javax.annotation.Resource;
|
||||||
|
|
||||||
|
@ -15,7 +15,7 @@ import javax.annotation.Resource;
|
||||||
* @author 芋道源码
|
* @author 芋道源码
|
||||||
*/
|
*/
|
||||||
public abstract class AuthorizeRequestsCustomizer
|
public abstract class AuthorizeRequestsCustomizer
|
||||||
implements Customizer<ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry>, Ordered {
|
implements Customizer<AuthorizeHttpRequestsConfigurer<HttpSecurity>.AuthorizationManagerRequestMatcherRegistry>, Ordered {
|
||||||
|
|
||||||
@Resource
|
@Resource
|
||||||
private WebProperties webProperties;
|
private WebProperties webProperties;
|
||||||
|
|
|
@ -126,22 +126,23 @@ public class YudaoWebSecurityConfigurerAdapter {
|
||||||
// 设置每个请求的权限
|
// 设置每个请求的权限
|
||||||
httpSecurity
|
httpSecurity
|
||||||
// ①:全局共享规则
|
// ①:全局共享规则
|
||||||
.authorizeRequests()
|
.authorizeHttpRequests(c -> c
|
||||||
// 1.1 静态资源,可匿名访问
|
// 1.1 静态资源,可匿名访问
|
||||||
.antMatchers(HttpMethod.GET, "/*.html", "/**/*.html", "/**/*.css", "/**/*.js").permitAll()
|
.requestMatchers(HttpMethod.GET, "/*.html", "/*.html", "/*.css", "/*.js").permitAll()
|
||||||
// 1.2 设置 @PermitAll 无需认证
|
// 1.2 设置 @PermitAll 无需认证
|
||||||
.antMatchers(HttpMethod.GET, permitAllUrls.get(HttpMethod.GET).toArray(new String[0])).permitAll()
|
.requestMatchers(HttpMethod.GET, permitAllUrls.get(HttpMethod.GET).toArray(new String[0])).permitAll()
|
||||||
.antMatchers(HttpMethod.POST, permitAllUrls.get(HttpMethod.POST).toArray(new String[0])).permitAll()
|
.requestMatchers(HttpMethod.POST, permitAllUrls.get(HttpMethod.POST).toArray(new String[0])).permitAll()
|
||||||
.antMatchers(HttpMethod.PUT, permitAllUrls.get(HttpMethod.PUT).toArray(new String[0])).permitAll()
|
.requestMatchers(HttpMethod.PUT, permitAllUrls.get(HttpMethod.PUT).toArray(new String[0])).permitAll()
|
||||||
.antMatchers(HttpMethod.DELETE, permitAllUrls.get(HttpMethod.DELETE).toArray(new String[0])).permitAll()
|
.requestMatchers(HttpMethod.DELETE, permitAllUrls.get(HttpMethod.DELETE).toArray(new String[0])).permitAll()
|
||||||
// 1.3 基于 yudao.security.permit-all-urls 无需认证
|
.requestMatchers(HttpMethod.HEAD, permitAllUrls.get(HttpMethod.HEAD).toArray(new String[0])).permitAll()
|
||||||
.antMatchers(securityProperties.getPermitAllUrls().toArray(new String[0])).permitAll()
|
.requestMatchers(HttpMethod.PATCH, permitAllUrls.get(HttpMethod.PATCH).toArray(new String[0])).permitAll()
|
||||||
|
// 1.3 基于 yudao.security.permit-all-urls 无需认证
|
||||||
|
.requestMatchers(securityProperties.getPermitAllUrls().toArray(new String[0])).permitAll()
|
||||||
|
)
|
||||||
// ②:每个项目的自定义规则
|
// ②:每个项目的自定义规则
|
||||||
.and().authorizeRequests(registry -> // 下面,循环设置自定义规则
|
.authorizeHttpRequests(c -> authorizeRequestsCustomizers.forEach(customizer -> customizer.customize(c)))
|
||||||
authorizeRequestsCustomizers.forEach(customizer -> customizer.customize(registry)))
|
|
||||||
// ③:兜底规则,必须认证
|
// ③:兜底规则,必须认证
|
||||||
.authorizeRequests()
|
.authorizeHttpRequests(c -> c.anyRequest().authenticated());
|
||||||
.anyRequest().authenticated();
|
|
||||||
|
|
||||||
// 添加 Token Filter
|
// 添加 Token Filter
|
||||||
httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
|
httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
|
||||||
|
|
|
@ -4,6 +4,7 @@ import cn.iocoder.yudao.framework.security.config.AuthorizeRequestsCustomizer;
|
||||||
import cn.iocoder.yudao.framework.websocket.config.WebSocketProperties;
|
import cn.iocoder.yudao.framework.websocket.config.WebSocketProperties;
|
||||||
import lombok.RequiredArgsConstructor;
|
import lombok.RequiredArgsConstructor;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
|
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
|
||||||
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
|
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -17,8 +18,8 @@ public class WebSocketAuthorizeRequestsCustomizer extends AuthorizeRequestsCusto
|
||||||
private final WebSocketProperties webSocketProperties;
|
private final WebSocketProperties webSocketProperties;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void customize(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) {
|
public void customize(AuthorizeHttpRequestsConfigurer<HttpSecurity>.AuthorizationManagerRequestMatcherRegistry registry) {
|
||||||
registry.antMatchers(webSocketProperties.getPath()).permitAll();
|
registry.requestMatchers(webSocketProperties.getPath()).permitAll();
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,7 +5,7 @@ import org.springframework.beans.factory.annotation.Value;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
|
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Infra 模块的 Security 配置
|
* Infra 模块的 Security 配置
|
||||||
|
@ -21,22 +21,22 @@ public class SecurityConfiguration {
|
||||||
return new AuthorizeRequestsCustomizer() {
|
return new AuthorizeRequestsCustomizer() {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void customize(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) {
|
public void customize(AuthorizeHttpRequestsConfigurer<HttpSecurity>.AuthorizationManagerRequestMatcherRegistry registry) {
|
||||||
// Swagger 接口文档
|
// Swagger 接口文档
|
||||||
registry.antMatchers("/v3/api-docs/**").permitAll()
|
registry.requestMatchers("/v3/api-docs/**").permitAll()
|
||||||
.antMatchers("/webjars/**").permitAll()
|
.requestMatchers("/webjars/**").permitAll()
|
||||||
.antMatchers("/swagger-ui.html").permitAll()
|
.requestMatchers("/swagger-ui.html").permitAll()
|
||||||
.antMatchers("/swagger-ui/**").permitAll();
|
.requestMatchers("/swagger-ui/**").permitAll();
|
||||||
// Spring Boot Actuator 的安全配置
|
// Spring Boot Actuator 的安全配置
|
||||||
registry.antMatchers("/actuator").anonymous()
|
registry.requestMatchers("/actuator").permitAll()
|
||||||
.antMatchers("/actuator/**").anonymous();
|
.requestMatchers("/actuator/**").permitAll();
|
||||||
// Druid 监控
|
// Druid 监控
|
||||||
registry.antMatchers("/druid/**").anonymous();
|
registry.requestMatchers("/druid/**").permitAll();
|
||||||
// Spring Boot Admin Server 的安全配置
|
// Spring Boot Admin Server 的安全配置
|
||||||
registry.antMatchers(adminSeverContextPath).anonymous()
|
registry.requestMatchers(adminSeverContextPath).permitAll()
|
||||||
.antMatchers(adminSeverContextPath + "/**").anonymous();
|
.requestMatchers(adminSeverContextPath + "/**").permitAll();
|
||||||
// 文件读取
|
// 文件读取
|
||||||
registry.antMatchers(buildAdminApi("/infra/file/*/get/**")).permitAll();
|
registry.requestMatchers(buildAdminApi("/infra/file/*/get/**")).permitAll();
|
||||||
}
|
}
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
|
@ -4,6 +4,7 @@ import cn.iocoder.yudao.framework.security.config.AuthorizeRequestsCustomizer;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
|
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
|
||||||
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
|
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -17,8 +18,8 @@ public class SecurityConfiguration {
|
||||||
return new AuthorizeRequestsCustomizer() {
|
return new AuthorizeRequestsCustomizer() {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void customize(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) {
|
public void customize(AuthorizeHttpRequestsConfigurer<HttpSecurity>.AuthorizationManagerRequestMatcherRegistry registry) {
|
||||||
registry.antMatchers("/jmreport/**").permitAll(); // 积木报表
|
registry.requestMatchers("/jmreport/**").permitAll(); // 积木报表
|
||||||
}
|
}
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in New Issue