From 981d8ef21181d85fe8778c9f4c07f2a4cb9d760e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E7=BF=94?= Date: Wed, 3 Jun 2026 11:44:44 +0800 Subject: [PATCH] =?UTF-8?q?feat(security):=20SecurityConfig=20=E8=B7=AF?= =?UTF-8?q?=E5=BE=84=E8=A7=84=E5=88=99=E9=80=82=E9=85=8D=20admin/member=20?= =?UTF-8?q?=E5=89=8D=E7=BC=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - /api/auth/** 拆分为 /api/admin/auth/** 和 /api/member/auth/** - 移除 /** 全放行规则,收紧安全策略 - 诊断路径更新为 /api/admin/diagnostic/** --- .../cn/novalon/gym/manage/sys/config/SecurityConfig.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gym-manage-api/manage-sys/src/main/java/cn/novalon/gym/manage/sys/config/SecurityConfig.java b/gym-manage-api/manage-sys/src/main/java/cn/novalon/gym/manage/sys/config/SecurityConfig.java index b80fd51..1d34159 100644 --- a/gym-manage-api/manage-sys/src/main/java/cn/novalon/gym/manage/sys/config/SecurityConfig.java +++ b/gym-manage-api/manage-sys/src/main/java/cn/novalon/gym/manage/sys/config/SecurityConfig.java @@ -47,10 +47,10 @@ public class SecurityConfig { .addFilterBefore(jwtAuthenticationFilter, SecurityWebFiltersOrder.AUTHENTICATION) .addFilterAfter(operationLogWebFilter, SecurityWebFiltersOrder.AUTHORIZATION) .authorizeExchange(spec -> { - spec.pathMatchers("/api/auth/**").permitAll() + spec.pathMatchers("/api/admin/auth/**").permitAll() + .pathMatchers("/api/member/auth/**").permitAll() .pathMatchers("/api/public/**").permitAll() .pathMatchers("/ws/**").permitAll() - .pathMatchers("/**").permitAll() .pathMatchers("/actuator/**").permitAll(); if (isDevOrTest) { @@ -60,7 +60,7 @@ public class SecurityConfig { .pathMatchers("/v3/api-docs/**").permitAll() .pathMatchers("/swagger-resources/**").permitAll() .pathMatchers("/webjars/**").permitAll() - .pathMatchers("/api/diagnostic/**").permitAll(); + .pathMatchers("/api/admin/diagnostic/**").permitAll(); logger.info("SecurityConfig: Swagger路径和诊断端点已放行"); }