feat: 配置Swagger UI在开发/测试环境可访问
- SecurityConfig: 添加Environment注入和环境检测逻辑 - SecurityConfig: 在dev/test环境放行Swagger相关路径 - SecurityConfig: 移除重复的PasswordEncoder Bean定义 - SecurityConfigTest: 修改测试以适应新的构造函数 - OpenApiConfig: 修正开发环境服务器URL从8080改为8084 修改的文件: - novalon-manage-api/manage-sys/src/main/java/cn/novalon/manage/sys/config/SecurityConfig.java - novalon-manage-api/manage-sys/src/test/java/cn/novalon/manage/sys/config/SecurityConfigTest.java - novalon-manage-api/manage-app/src/main/java/cn/novalon/manage/app/config/OpenApiConfig.java 功能说明: - Swagger UI在dev/test环境可通过http://localhost:8084/swagger-ui.html访问 - 生产环境自动禁用Swagger访问,确保安全性 - 解决了Bean冲突问题(PasswordEncoder重复定义) - 修正了服务器端口配置
This commit is contained in:
张翔
+41
-16
@@ -1,13 +1,14 @@
|
||||
package cn.novalon.manage.sys.config;
|
||||
|
||||
import cn.novalon.manage.sys.security.JwtAuthenticationFilter;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.core.env.Environment;
|
||||
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
|
||||
import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
|
||||
import org.springframework.security.config.web.server.ServerHttpSecurity;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.web.server.SecurityWebFilterChain;
|
||||
|
||||
/**
|
||||
@@ -20,30 +21,54 @@ import org.springframework.security.web.server.SecurityWebFilterChain;
|
||||
@EnableWebFluxSecurity
|
||||
public class SecurityConfig {
|
||||
|
||||
private static final Logger logger = LoggerFactory.getLogger(SecurityConfig.class);
|
||||
private final JwtAuthenticationFilter jwtAuthenticationFilter;
|
||||
private final Environment environment;
|
||||
|
||||
public SecurityConfig(JwtAuthenticationFilter jwtAuthenticationFilter) {
|
||||
public SecurityConfig(JwtAuthenticationFilter jwtAuthenticationFilter, Environment environment) {
|
||||
this.jwtAuthenticationFilter = jwtAuthenticationFilter;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public PasswordEncoder passwordEncoder() {
|
||||
return new BCryptPasswordEncoder();
|
||||
this.environment = environment;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
|
||||
return http
|
||||
String[] activeProfiles = environment.getActiveProfiles();
|
||||
boolean isDevOrTest = false;
|
||||
|
||||
for (String profile : activeProfiles) {
|
||||
if ("dev".equals(profile) || "test".equals(profile)) {
|
||||
isDevOrTest = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
logger.info("SecurityConfig初始化: 当前环境={}, Swagger启用状态={}",
|
||||
activeProfiles.length > 0 ? String.join(",", activeProfiles) : "default", isDevOrTest);
|
||||
|
||||
ServerHttpSecurity.AuthorizeExchangeSpec exchanges = http
|
||||
.csrf(ServerHttpSecurity.CsrfSpec::disable)
|
||||
.httpBasic(ServerHttpSecurity.HttpBasicSpec::disable)
|
||||
.formLogin(ServerHttpSecurity.FormLoginSpec::disable)
|
||||
.addFilterBefore(jwtAuthenticationFilter, SecurityWebFiltersOrder.AUTHENTICATION)
|
||||
.authorizeExchange(exchanges -> exchanges
|
||||
.pathMatchers("/api/auth/**").permitAll()
|
||||
.pathMatchers("/api/public/**").permitAll()
|
||||
.pathMatchers("/ws/**").permitAll()
|
||||
.pathMatchers("/actuator/**").permitAll()
|
||||
.anyExchange().authenticated())
|
||||
.build();
|
||||
.authorizeExchange();
|
||||
|
||||
exchanges.pathMatchers("/api/auth/**").permitAll()
|
||||
.pathMatchers("/api/public/**").permitAll()
|
||||
.pathMatchers("/ws/**").permitAll()
|
||||
.pathMatchers("/actuator/**").permitAll();
|
||||
|
||||
if (isDevOrTest) {
|
||||
exchanges.pathMatchers("/swagger-ui.html").permitAll()
|
||||
.pathMatchers("/swagger-ui/**").permitAll()
|
||||
.pathMatchers("/api-docs/**").permitAll()
|
||||
.pathMatchers("/v3/api-docs/**").permitAll()
|
||||
.pathMatchers("/swagger-resources/**").permitAll()
|
||||
.pathMatchers("/webjars/**").permitAll();
|
||||
logger.info("SecurityConfig: Swagger路径已放行");
|
||||
}
|
||||
|
||||
exchanges.anyExchange().authenticated();
|
||||
|
||||
return http.build();
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user