| 123456789101112131415161718192021222324252627282930313233343536373839 |
- package cn.hobbystocks.auc.config;
- import cn.hobbystocks.auc.common.filter.AuthenticationFilter;
- import org.springframework.context.annotation.Bean;
- import org.springframework.context.annotation.Configuration;
- import org.springframework.security.config.annotation.web.builders.HttpSecurity;
- import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
- import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
- import org.springframework.security.config.http.SessionCreationPolicy;
- import org.springframework.security.web.SecurityFilterChain;
- import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
- @Configuration
- @EnableWebSecurity
- public class SecurityConfig {
- private final AuthenticationFilter authenticationFilter;
- private String [] ignoreUrl={"/actuator/**","/api/local/**","/api-docs/*","/doc.html","/webjars/**","/swagger-resources/**","/v3/api-docs/**","/swagger-ui/**"};
- public SecurityConfig(AuthenticationFilter authenticationFilter) {
- this.authenticationFilter = authenticationFilter;
- }
- @Bean
- public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
- http
- .csrf(AbstractHttpConfigurer::disable) // 禁用 CSRF
- .sessionManagement(session -> session
- .sessionCreationPolicy(SessionCreationPolicy.STATELESS)) // 使用无状态会话
- .authorizeHttpRequests(auth -> auth
- .antMatchers(ignoreUrl).permitAll()
- .anyRequest().authenticated() // 其他请求需要身份验证
- )
- .addFilterBefore(authenticationFilter, UsernamePasswordAuthenticationFilter.class); // 添加自定义过滤器
- return http.build();
- }
- }
|
