|
|
|
|
@ -9,6 +9,7 @@ import org.springframework.boot.autoconfigure.AutoConfiguration;
|
|
|
|
|
import org.springframework.boot.autoconfigure.AutoConfigureOrder;
|
|
|
|
|
import org.springframework.context.ApplicationContext;
|
|
|
|
|
import org.springframework.context.annotation.Bean;
|
|
|
|
|
import org.springframework.core.env.Environment;
|
|
|
|
|
import org.springframework.http.HttpMethod;
|
|
|
|
|
import org.springframework.security.authentication.AuthenticationManager;
|
|
|
|
|
import org.springframework.security.config.Customizer;
|
|
|
|
|
@ -30,10 +31,12 @@ import org.springframework.web.util.pattern.PathPattern;
|
|
|
|
|
|
|
|
|
|
import javax.annotation.Resource;
|
|
|
|
|
import javax.annotation.security.PermitAll;
|
|
|
|
|
import java.util.Arrays;
|
|
|
|
|
import java.util.HashSet;
|
|
|
|
|
import java.util.List;
|
|
|
|
|
import java.util.Map;
|
|
|
|
|
import java.util.Set;
|
|
|
|
|
import java.util.stream.Collectors;
|
|
|
|
|
|
|
|
|
|
import static cn.iocoder.yudao.framework.common.util.collection.CollectionUtils.convertList;
|
|
|
|
|
|
|
|
|
|
@ -47,10 +50,15 @@ import static cn.iocoder.yudao.framework.common.util.collection.CollectionUtils.
|
|
|
|
|
@EnableMethodSecurity(securedEnabled = true)
|
|
|
|
|
public class YudaoWebSecurityConfigurerAdapter {
|
|
|
|
|
|
|
|
|
|
private static final String INNER_PROFILE = "inner";
|
|
|
|
|
private static final String HOME_INFO_PERMIT_ALL_URL = "/admin-api/home/info/**";
|
|
|
|
|
|
|
|
|
|
@Resource
|
|
|
|
|
private WebProperties webProperties;
|
|
|
|
|
@Resource
|
|
|
|
|
private SecurityProperties securityProperties;
|
|
|
|
|
@Resource
|
|
|
|
|
private Environment environment;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* 认证失败处理类 Bean
|
|
|
|
|
@ -137,7 +145,7 @@ public class YudaoWebSecurityConfigurerAdapter {
|
|
|
|
|
.requestMatchers(HttpMethod.HEAD, permitAllUrls.get(HttpMethod.HEAD).toArray(new String[0])).permitAll()
|
|
|
|
|
.requestMatchers(HttpMethod.PATCH, permitAllUrls.get(HttpMethod.PATCH).toArray(new String[0])).permitAll()
|
|
|
|
|
// 1.3 基于 yudao.security.permit-all-urls 无需认证
|
|
|
|
|
.requestMatchers(securityProperties.getPermitAllUrls().toArray(new String[0])).permitAll()
|
|
|
|
|
.requestMatchers(getPermitAllUrls().toArray(new String[0])).permitAll()
|
|
|
|
|
)
|
|
|
|
|
// ②:每个项目的自定义规则
|
|
|
|
|
.authorizeHttpRequests(c -> authorizeRequestsCustomizers.forEach(customizer -> customizer.customize(c)))
|
|
|
|
|
@ -149,6 +157,19 @@ public class YudaoWebSecurityConfigurerAdapter {
|
|
|
|
|
return httpSecurity.build();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private List<String> getPermitAllUrls() {
|
|
|
|
|
if (isInnerProfile()) {
|
|
|
|
|
return securityProperties.getPermitAllUrls();
|
|
|
|
|
}
|
|
|
|
|
return securityProperties.getPermitAllUrls().stream()
|
|
|
|
|
.filter(url -> !HOME_INFO_PERMIT_ALL_URL.equals(url))
|
|
|
|
|
.collect(Collectors.toList());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private boolean isInnerProfile() {
|
|
|
|
|
return Arrays.asList(environment.getActiveProfiles()).contains(INNER_PROFILE);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private String buildAppApi(String url) {
|
|
|
|
|
return webProperties.getAppApi().getPrefix() + url;
|
|
|
|
|
}
|
|
|
|
|
|