diff --git a/biji-houdaun/pom.xml b/biji-houdaun/pom.xml index ed6d158..159e8f4 100644 --- a/biji-houdaun/pom.xml +++ b/biji-houdaun/pom.xml @@ -189,21 +189,26 @@ prod - - - - com.github.xiaoymin - knife4j-openapi3-jakarta-spring-boot-starter - ${knife4j.version} - provided - - - org.springdoc - springdoc-openapi-starter-webmvc-ui - 2.7.0 - provided - - + + + + org.springframework.boot + spring-boot-maven-plugin + + + + com.github.xiaoymin + knife4j-openapi3-jakarta-spring-boot-starter + + + org.springdoc + springdoc-openapi-starter-webmvc-ui + + + + + + diff --git a/biji-houdaun/src/main/java/com/test/bijihoudaun/config/SecurityConfig.java b/biji-houdaun/src/main/java/com/test/bijihoudaun/config/SecurityConfig.java index df7957a..4291759 100644 --- a/biji-houdaun/src/main/java/com/test/bijihoudaun/config/SecurityConfig.java +++ b/biji-houdaun/src/main/java/com/test/bijihoudaun/config/SecurityConfig.java @@ -8,7 +8,6 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.core.env.Environment; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.http.SessionCreationPolicy; @@ -18,8 +17,6 @@ import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; -import java.util.Arrays; - @Configuration @EnableWebSecurity public class SecurityConfig { @@ -36,9 +33,6 @@ public class SecurityConfig { @Autowired private JwtAccessDeniedHandler jwtAccessDeniedHandler; - @Autowired - private Environment environment; - @Value("${jwt.header}") private String tokenHeader; @@ -54,26 +48,18 @@ public class SecurityConfig { public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter = new JwtAuthenticationTokenFilter(userDetailsService, jwtTokenUtil, tokenHeader, tokenHead); - // 检查当前激活的profile中是否包含 "prod" - boolean isProd = Arrays.asList(environment.getActiveProfiles()).contains("prod"); - - // 根据环境动态设置白名单 - String[] publicEndpoints = isProd ? - new String[]{"/api/user/login", "/api/user/register"} : - new String[]{ - "/doc.html", - "/webjars/**", - "/v3/api-docs/**", - "/api/user/login", - "/api/user/register" - }; - http .csrf(csrf -> csrf.disable()) .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) .authorizeHttpRequests(authz -> authz - // 1. 动态允许公共端点 - .requestMatchers(publicEndpoints).permitAll() + // 1. 始终允许的核心公共端点 (登录、注册、API文档) + .requestMatchers( + "/doc.html", + "/webjars/**", + "/v3/api-docs/**", + "/api/user/login", + "/api/user/register" + ).permitAll() // 2. 精确允许用于“公开阅读”的 GET 请求 .requestMatchers(org.springframework.http.HttpMethod.GET,