增加 @PreAuthenticated 注解,实现登陆的拦截

This commit is contained in:
YunaiV
2021-09-28 09:18:51 +08:00
parent 0439a5505a
commit 689171c18d
9 changed files with 155 additions and 21 deletions

View File

@ -0,0 +1,29 @@
package cn.iocoder.yudao.userserver.framework.security;
import cn.iocoder.yudao.framework.web.config.WebProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import javax.annotation.Resource;
@Configuration
public class SecurityConfiguration {
@Resource
private WebProperties webProperties;
@Bean
public Customizer<ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry> authorizeRequestsCustomizer() {
return registry -> {
registry.antMatchers(api("/**")).anonymous(); // 默认 API 都是用户可访问
};
}
private String api(String url) {
return webProperties.getApiPrefix() + url;
}
}

View File

@ -1,6 +1,9 @@
package cn.iocoder.yudao.userserver.modules.infra.controller;
import cn.iocoder.yudao.framework.security.core.annotations.PreAuthenticated;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@ -15,4 +18,11 @@ public class HelloController {
public String hello(String hello) {
return "echo + " + hello;
}
@RequestMapping("/user/info")
@PreAuthenticated
public String xx() {
return "none";
}
}