update security 路径配置抽取到配置文件

4 years ago · 0f2caf1cb6
parent 8a81f37d22
commit 0f2caf1cb6
2 changed files with 22 additions and 10 deletions
--- a/ruoyi-admin/src/main/resources/application.yml
+++ b/ruoyi-admin/src/main/resources/application.yml
@ -106,6 +106,23 @@ token:
  # 令牌有效期（默认30分钟）
  expireTime: 30

+# security配置
+security:
+  anonymous:
+    - /login
+    - /register
+    - /captchaImage
+    # swagger 文档配置
+    - /doc.html
+    - /swagger-resources/**
+    - /webjars/**
+    - /*/api-docs
+    # druid 监控配置
+    - /druid/**
+    # actuator 监控配置
+    - /actuator
+    - /actuator/**
+
 # 重复提交
 repeat-submit:
  # 全局间隔时间(毫秒)
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java
@ -1,5 +1,6 @@
 package com.ruoyi.framework.config;

+import com.ruoyi.framework.config.properties.SecurityProperties;
 import com.ruoyi.framework.security.filter.JwtAuthenticationTokenFilter;
 import com.ruoyi.framework.security.handle.AuthenticationEntryPointImpl;
 import com.ruoyi.framework.security.handle.LogoutSuccessHandlerImpl;
@ -56,6 +57,9 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
    @Autowired
    private CorsFilter corsFilter;

+    @Autowired
+    private SecurityProperties securityProperties;
+
    /**
     * 解决 无法直接注入 AuthenticationManager
     *
@ -96,8 +100,6 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                // 过滤请求
                .authorizeRequests()
-                // 对于登录login 注册register 验证码captchaImage 允许匿名访问
-                .antMatchers("/login", "/register", "/captchaImage").anonymous()
                .antMatchers(
                        HttpMethod.GET,
                        "/",
@ -106,14 +108,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
                        "/**/*.css",
                        "/**/*.js"
                ).permitAll()
-                .antMatchers("/doc.html").anonymous()
-                .antMatchers("/swagger-resources/**").anonymous()
-                .antMatchers("/webjars/**").anonymous()
-                .antMatchers("/*/api-docs").anonymous()
-                .antMatchers("/druid/**").anonymous()
-                // Spring Boot Actuator 的安全配置
-                .antMatchers("/actuator").anonymous()
-                .antMatchers("/actuator/**").anonymous()
+                .antMatchers(securityProperties.getAnonymous()).anonymous()
                // 除上面外的所有请求全部需要鉴权认证
                .anyRequest().authenticated()
                .and()