多模块重构 12：【新增】Spring Security 新增 AuthorizeRequestsCustomizer 抽象类， 自定义每个 Maven Module 的 URL 的安全配置

yudao-module-system/yudao-module-system-impl/src/main/java/cn/iocoder/yudao/module/system/framework/security/config/SystemSecurityConfiguration.java

@@ -0,0 +1,34 @@
+package cn.iocoder.yudao.module.system.framework.security.config;
+
+import cn.iocoder.yudao.framework.security.config.AuthorizeRequestsCustomizer;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
+
+/**
+ * System 模块的 Security 配置
+ */
+@Configuration
+public class SystemSecurityConfiguration {
+
+    @Bean("systemAuthorizeRequestsCustomizer")
+    public AuthorizeRequestsCustomizer authorizeRequestsCustomizer() {
+        return new AuthorizeRequestsCustomizer() {
+
+            @Override
+            public void customize(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) {
+                // 登录的接口，可匿名访问
+                registry.antMatchers(buildAdminApi("/system/login")).anonymous();
+                // 验证码的接口
+                registry.antMatchers(buildAdminApi("/system/captcha/**")).anonymous();
+                // 获得租户编号的接口
+                registry.antMatchers(buildAdminApi("/system/tenant/get-id-by-name")).anonymous();
+                // 短信回调 API
+                registry.antMatchers(buildAdminApi("/system/sms/callback/**")).anonymous();
+            }
+
+        };
+    }
+
+}

yudao-module-system/yudao-module-system-impl/src/main/java/cn/iocoder/yudao/module/system/framework/security/core/package-info.java

@@ -0,0 +1,4 @@
+/**
+ * 占位
+ */
+package cn.iocoder.yudao.module.system.framework.security.core;

yudao-module-system/yudao-module-system-impl/src/main/java/cn/iocoder/yudao/module/system/service/auth/AdminAuthServiceImpl.java

@@ -164,7 +164,7 @@ public class AdminAuthServiceImpl implements AdminAuthService {
         if (user != null) {
             reqDTO.setUserId(user.getId());
         }
-        reqDTO.setUserType(UserTypeEnum.ADMIN.getValue());
+        reqDTO.setUserType(getUserType().getValue());
         reqDTO.setUsername(username);
         reqDTO.setUserAgent(ServletUtils.getUserAgent());
         reqDTO.setUserIp(ServletUtils.getClientIP());

yudao-module-system/yudao-module-system-impl/src/main/java/cn/iocoder/yudao/module/system/service/logger/LoginLogServiceImpl.java

@@ -8,6 +8,7 @@ import cn.iocoder.yudao.module.system.convert.logger.LoginLogConvert;
 import cn.iocoder.yudao.module.system.dal.dataobject.logger.LoginLogDO;
 import cn.iocoder.yudao.module.system.dal.mysql.logger.LoginLogMapper;
 import org.springframework.stereotype.Service;
+import org.springframework.validation.annotation.Validated;
 
 import javax.annotation.Resource;
 import java.util.List;
@@ -16,6 +17,7 @@ import java.util.List;
  * 登录日志 Service 实现
  */
 @Service
+@Validated
 public class LoginLogServiceImpl implements LoginLogService {
 
     @Resource