修复 bpm 服务 AuthorizeRequestsCustomizer 的 RPC 服务的安全配置有问题

2023-05-21 23:49:46 +08:00 · 2023-05-21 23:49:46 +08:00 · c9a50da6f9
commit c9a50da6f9
parent 9347e136a4
1 changed files with 3 additions and 6 deletions
--- a/yudao-module-bpm/yudao-module-bpm-biz/src/main/java/cn/iocoder/yudao/module/bpm/framework/security/config/SecurityConfiguration.java
+++ b/yudao-module-bpm/yudao-module-bpm-biz/src/main/java/cn/iocoder/yudao/module/bpm/framework/security/config/SecurityConfiguration.java
@ -1,19 +1,18 @@
 package cn.iocoder.yudao.module.bpm.framework.security.config;

 import cn.iocoder.yudao.framework.security.config.AuthorizeRequestsCustomizer;
-import cn.iocoder.yudao.module.system.enums.ApiConstants;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;

 /**
- * System 模块的 Security 配置
+ * Bpm 模块的 Security 配置
 */
-@Configuration(proxyBeanMethods = false, value = "systemSecurityConfiguration")
+@Configuration(proxyBeanMethods = false, value = "bpmSecurityConfiguration")
 public class SecurityConfiguration {

-    @Bean("systemAuthorizeRequestsCustomizer")
+    @Bean("bpmAuthorizeRequestsCustomizer")
    public AuthorizeRequestsCustomizer authorizeRequestsCustomizer() {
        return new AuthorizeRequestsCustomizer() {

@ -28,8 +27,6 @@ public class SecurityConfiguration {
                // Spring Boot Actuator 的安全配置
                registry.antMatchers("/actuator").anonymous()
                        .antMatchers("/actuator/**").anonymous();
-                // RPC 服务的安全配置
-                registry.antMatchers(ApiConstants.PREFIX + "/**").permitAll();
            }

        };