build(biji-houdaun): 优化生产环境配置并调整安全设置
- 修改 pom.xml,使用 spring-boot-maven-plugin 排除生产环境依赖 - 重构 SecurityConfig,简化公共端点配置并移除环境判断逻辑
This commit is contained in:
ikmkj
@@ -189,21 +189,26 @@
|
|||||||
<!-- 生产环境排除Knife4j和springdoc -->
|
<!-- 生产环境排除Knife4j和springdoc -->
|
||||||
<profile>
|
<profile>
|
||||||
<id>prod</id>
|
<id>prod</id>
|
||||||
<dependencies>
|
<build>
|
||||||
<!-- 排除Knife4j API 文档 -->
|
<plugins>
|
||||||
<dependency>
|
<plugin>
|
||||||
<groupId>com.github.xiaoymin</groupId>
|
<groupId>org.springframework.boot</groupId>
|
||||||
<artifactId>knife4j-openapi3-jakarta-spring-boot-starter</artifactId>
|
<artifactId>spring-boot-maven-plugin</artifactId>
|
||||||
<version>${knife4j.version}</version>
|
<configuration>
|
||||||
<scope>provided</scope>
|
<excludes>
|
||||||
</dependency>
|
<exclude>
|
||||||
<dependency>
|
<groupId>com.github.xiaoymin</groupId>
|
||||||
<groupId>org.springdoc</groupId>
|
<artifactId>knife4j-openapi3-jakarta-spring-boot-starter</artifactId>
|
||||||
<artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
|
</exclude>
|
||||||
<version>2.7.0</version>
|
<exclude>
|
||||||
<scope>provided</scope>
|
<groupId>org.springdoc</groupId>
|
||||||
</dependency>
|
<artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
|
||||||
</dependencies>
|
</exclude>
|
||||||
|
</excludes>
|
||||||
|
</configuration>
|
||||||
|
</plugin>
|
||||||
|
</plugins>
|
||||||
|
</build>
|
||||||
</profile>
|
</profile>
|
||||||
</profiles>
|
</profiles>
|
||||||
|
|
||||||
|
|||||||
@@ -8,7 +8,6 @@ import org.springframework.beans.factory.annotation.Autowired;
|
|||||||
import org.springframework.beans.factory.annotation.Value;
|
import org.springframework.beans.factory.annotation.Value;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.core.env.Environment;
|
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||||
@@ -18,8 +17,6 @@ import org.springframework.security.crypto.password.PasswordEncoder;
|
|||||||
import org.springframework.security.web.SecurityFilterChain;
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||||
|
|
||||||
import java.util.Arrays;
|
|
||||||
|
|
||||||
@Configuration
|
@Configuration
|
||||||
@EnableWebSecurity
|
@EnableWebSecurity
|
||||||
public class SecurityConfig {
|
public class SecurityConfig {
|
||||||
@@ -36,9 +33,6 @@ public class SecurityConfig {
|
|||||||
@Autowired
|
@Autowired
|
||||||
private JwtAccessDeniedHandler jwtAccessDeniedHandler;
|
private JwtAccessDeniedHandler jwtAccessDeniedHandler;
|
||||||
|
|
||||||
@Autowired
|
|
||||||
private Environment environment;
|
|
||||||
|
|
||||||
@Value("${jwt.header}")
|
@Value("${jwt.header}")
|
||||||
private String tokenHeader;
|
private String tokenHeader;
|
||||||
|
|
||||||
@@ -54,26 +48,18 @@ public class SecurityConfig {
|
|||||||
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||||
JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter = new JwtAuthenticationTokenFilter(userDetailsService, jwtTokenUtil, tokenHeader, tokenHead);
|
JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter = new JwtAuthenticationTokenFilter(userDetailsService, jwtTokenUtil, tokenHeader, tokenHead);
|
||||||
|
|
||||||
// 检查当前激活的profile中是否包含 "prod"
|
|
||||||
boolean isProd = Arrays.asList(environment.getActiveProfiles()).contains("prod");
|
|
||||||
|
|
||||||
// 根据环境动态设置白名单
|
|
||||||
String[] publicEndpoints = isProd ?
|
|
||||||
new String[]{"/api/user/login", "/api/user/register"} :
|
|
||||||
new String[]{
|
|
||||||
"/doc.html",
|
|
||||||
"/webjars/**",
|
|
||||||
"/v3/api-docs/**",
|
|
||||||
"/api/user/login",
|
|
||||||
"/api/user/register"
|
|
||||||
};
|
|
||||||
|
|
||||||
http
|
http
|
||||||
.csrf(csrf -> csrf.disable())
|
.csrf(csrf -> csrf.disable())
|
||||||
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
||||||
.authorizeHttpRequests(authz -> authz
|
.authorizeHttpRequests(authz -> authz
|
||||||
// 1. 动态允许公共端点
|
// 1. 始终允许的核心公共端点 (登录、注册、API文档)
|
||||||
.requestMatchers(publicEndpoints).permitAll()
|
.requestMatchers(
|
||||||
|
"/doc.html",
|
||||||
|
"/webjars/**",
|
||||||
|
"/v3/api-docs/**",
|
||||||
|
"/api/user/login",
|
||||||
|
"/api/user/register"
|
||||||
|
).permitAll()
|
||||||
|
|
||||||
// 2. 精确允许用于“公开阅读”的 GET 请求
|
// 2. 精确允许用于“公开阅读”的 GET 请求
|
||||||
.requestMatchers(org.springframework.http.HttpMethod.GET,
|
.requestMatchers(org.springframework.http.HttpMethod.GET,
|
||||||
|
|||||||
Reference in New Issue
Block a user