feat(security): SecurityConfig 路径规则适配 admin/member 前缀
- /api/auth/** 拆分为 /api/admin/auth/** 和 /api/member/auth/** - 移除 /** 全放行规则,收紧安全策略 - 诊断路径更新为 /api/admin/diagnostic/**
This commit is contained in:
张翔
+3
-3
@@ -47,10 +47,10 @@ public class SecurityConfig {
|
|||||||
.addFilterBefore(jwtAuthenticationFilter, SecurityWebFiltersOrder.AUTHENTICATION)
|
.addFilterBefore(jwtAuthenticationFilter, SecurityWebFiltersOrder.AUTHENTICATION)
|
||||||
.addFilterAfter(operationLogWebFilter, SecurityWebFiltersOrder.AUTHORIZATION)
|
.addFilterAfter(operationLogWebFilter, SecurityWebFiltersOrder.AUTHORIZATION)
|
||||||
.authorizeExchange(spec -> {
|
.authorizeExchange(spec -> {
|
||||||
spec.pathMatchers("/api/auth/**").permitAll()
|
spec.pathMatchers("/api/admin/auth/**").permitAll()
|
||||||
|
.pathMatchers("/api/member/auth/**").permitAll()
|
||||||
.pathMatchers("/api/public/**").permitAll()
|
.pathMatchers("/api/public/**").permitAll()
|
||||||
.pathMatchers("/ws/**").permitAll()
|
.pathMatchers("/ws/**").permitAll()
|
||||||
.pathMatchers("/**").permitAll()
|
|
||||||
.pathMatchers("/actuator/**").permitAll();
|
.pathMatchers("/actuator/**").permitAll();
|
||||||
|
|
||||||
if (isDevOrTest) {
|
if (isDevOrTest) {
|
||||||
@@ -60,7 +60,7 @@ public class SecurityConfig {
|
|||||||
.pathMatchers("/v3/api-docs/**").permitAll()
|
.pathMatchers("/v3/api-docs/**").permitAll()
|
||||||
.pathMatchers("/swagger-resources/**").permitAll()
|
.pathMatchers("/swagger-resources/**").permitAll()
|
||||||
.pathMatchers("/webjars/**").permitAll()
|
.pathMatchers("/webjars/**").permitAll()
|
||||||
.pathMatchers("/api/diagnostic/**").permitAll();
|
.pathMatchers("/api/admin/diagnostic/**").permitAll();
|
||||||
logger.info("SecurityConfig: Swagger路径和诊断端点已放行");
|
logger.info("SecurityConfig: Swagger路径和诊断端点已放行");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user