root/ludu-cloud
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

修复 bpm 服务 AuthorizeRequestsCustomizer 的 RPC 服务的安全配置有问题

Browse Source
This commit is contained in:
YunaiV 2023-05-21 23:49:46 +08:00
parent 9347e136a4
commit c9a50da6f9
1 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
yudao-module-bpm/yudao-module-bpm-biz/src/main/java/cn/iocoder/yudao/module/bpm/framework/security/config/SecurityConfiguration.java
View File

@ -1,19 +1,18 @@
package cn.iocoder.yudao.module.bpm.framework.security.config; package cn.iocoder.yudao.module.bpm.framework.security.config;
import cn.iocoder.yudao.framework.security.config.AuthorizeRequestsCustomizer; import cn.iocoder.yudao.framework.security.config.AuthorizeRequestsCustomizer;
import cn.iocoder.yudao.module.system.enums.ApiConstants;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer; import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
/** /**
* System 模块的 Security 配置 * Bpm 模块的 Security 配置
*/ */
@Configuration(proxyBeanMethods = false, value = "systemSecurityConfiguration") @Configuration(proxyBeanMethods = false, value = "bpmSecurityConfiguration")
public class SecurityConfiguration { public class SecurityConfiguration {
@Bean("systemAuthorizeRequestsCustomizer") @Bean("bpmAuthorizeRequestsCustomizer")
public AuthorizeRequestsCustomizer authorizeRequestsCustomizer() { public AuthorizeRequestsCustomizer authorizeRequestsCustomizer() {
return new AuthorizeRequestsCustomizer() { return new AuthorizeRequestsCustomizer() {
@ -28,8 +27,6 @@ public class SecurityConfiguration {
// Spring Boot Actuator 的安全配置 // Spring Boot Actuator 的安全配置
registry.antMatchers("/actuator").anonymous() registry.antMatchers("/actuator").anonymous()
.antMatchers("/actuator/**").anonymous(); .antMatchers("/actuator/**").anonymous();
// RPC 服务的安全配置
registry.antMatchers(ApiConstants.PREFIX + "/**").permitAll();
} }
}; };