XuqmGroup-Server/tenant-service/src/main/java/com/xuqm/tenant/config/SecurityConfig.java

package com.xuqm.tenant.config;

import com.xuqm.common.security.JwtAuthFilter;
import com.xuqm.common.security.JwtUtil;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
@EnableWebSecurity
@EnableMethodSecurity
public class SecurityConfig {

    private final JwtUtil jwtUtil;

    public SecurityConfig(JwtUtil jwtUtil) {
        this.jwtUtil = jwtUtil;
    }

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
            .csrf(AbstractHttpConfigurer::disable)
            .sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
            .authorizeHttpRequests(auth -> auth
                .requestMatchers(
                    "/api/auth/**",
                    "/api/sdk/**",
                    "/actuator/health",
                    "/actuator/info"
                ).permitAll()
                .anyRequest().authenticated()
            )
            .addFilterBefore(new JwtAuthFilter(jwtUtil), UsernamePasswordAuthenticationFilter.class);
        return http.build();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
}
chore: initial commit 2026-04-21 22:07:29 +08:00			`package com.xuqm.tenant.config;`

			`import com.xuqm.common.security.JwtAuthFilter;`
			`import com.xuqm.common.security.JwtUtil;`
			`import org.springframework.context.annotation.Bean;`
			`import org.springframework.context.annotation.Configuration;`
			`import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;`
			`import org.springframework.security.config.annotation.web.builders.HttpSecurity;`
			`import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;`
			`import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;`
			`import org.springframework.security.config.http.SessionCreationPolicy;`
			`import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;`
			`import org.springframework.security.crypto.password.PasswordEncoder;`
			`import org.springframework.security.web.SecurityFilterChain;`
			`import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;`

			`@Configuration`
			`@EnableWebSecurity`
			`@EnableMethodSecurity`
			`public class SecurityConfig {`

			`private final JwtUtil jwtUtil;`

			`public SecurityConfig(JwtUtil jwtUtil) {`
			`this.jwtUtil = jwtUtil;`
			`}`

			`@Bean`
			`public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {`
			`http`
			`.csrf(AbstractHttpConfigurer::disable)`
			`.sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))`
			`.authorizeHttpRequests(auth -> auth`
			`.requestMatchers(`
			`"/api/auth/**",`
feat: add demo-service, file-service; SDK remote config endpoint; IM fuzzy search - demo-service (port 8085): auth, user profile, demo-to-IM token bridge - file-service (port 8086): SHA-256 dedup upload, ImageIO thumbnails, 30-day reclaim - tenant-service: GET /api/sdk/config?appId returns imWsUrl/fileServiceUrl/features - im-service: GET /api/im/admin/users/search fuzzy match by userId or nickname Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-25 16:41:10 +08:00			`"/api/sdk/**",`
chore: initial commit 2026-04-21 22:07:29 +08:00			`"/actuator/health",`
			`"/actuator/info"`
			`).permitAll()`
			`.anyRequest().authenticated()`
			`)`
			`.addFilterBefore(new JwtAuthFilter(jwtUtil), UsernamePasswordAuthenticationFilter.class);`
			`return http.build();`
			`}`

			`@Bean`
			`public PasswordEncoder passwordEncoder() {`
			`return new BCryptPasswordEncoder();`
			`}`
			`}`