增加 @PreAuthenticated 注解，实现登陆的拦截

2025-07-14 02:55:07 +08:00 · 2021-09-28 09:18:51 +08:00
parent 0439a5505a
commit 689171c18d
9 changed files with 155 additions and 21 deletions
--- a/yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/framework/security/SecurityConfiguration.java
+++ b/yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/framework/security/SecurityConfiguration.java
@ -0,0 +1,39 @@
+package cn.iocoder.yudao.adminserver.framework.security;
+
+import cn.iocoder.yudao.framework.web.config.WebProperties;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
+
+import javax.annotation.Resource;
+
+@Configuration
+public class SecurityConfiguration {
+
+    @Resource
+    private WebProperties webProperties;
+
+    @Value("${spring.boot.admin.context-path:''}")
+    private String adminSeverContextPath;
+
+    @Bean
+    public Customizer<ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry> authorizeRequestsCustomizer() {
+        return registry -> {
+            // 通用的接口，可匿名访问 TODO 芋艿：需要抽象出去
+            registry.antMatchers(api("/system/captcha/**")).anonymous();
+            // Spring Boot Admin Server 的安全配置 TODO 芋艿：需要抽象出去
+            registry.antMatchers(adminSeverContextPath).anonymous()
+                    .antMatchers(adminSeverContextPath + "/**").anonymous();
+            // 短信回调 API
+            registry.antMatchers(api("/system/sms/callback/**")).anonymous();
+        };
+    }
+
+    private String api(String url) {
+        return webProperties.getApiPrefix() + url;
+    }
+
+}