526f3cf944
- demo-service (port 8085): auth, user profile, demo-to-IM token bridge - file-service (port 8086): SHA-256 dedup upload, ImageIO thumbnails, 30-day reclaim - tenant-service: GET /api/sdk/config?appId returns imWsUrl/fileServiceUrl/features - im-service: GET /api/im/admin/users/search fuzzy match by userId or nickname Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
51 行
1.9 KiB
Java
51 行
1.9 KiB
Java
package com.xuqm.tenant.config;
|
|
|
|
import com.xuqm.common.security.JwtAuthFilter;
|
|
import com.xuqm.common.security.JwtUtil;
|
|
import org.springframework.context.annotation.Bean;
|
|
import org.springframework.context.annotation.Configuration;
|
|
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
|
import org.springframework.security.config.http.SessionCreationPolicy;
|
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
|
import org.springframework.security.web.SecurityFilterChain;
|
|
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
|
|
|
@Configuration
|
|
@EnableWebSecurity
|
|
@EnableMethodSecurity
|
|
public class SecurityConfig {
|
|
|
|
private final JwtUtil jwtUtil;
|
|
|
|
public SecurityConfig(JwtUtil jwtUtil) {
|
|
this.jwtUtil = jwtUtil;
|
|
}
|
|
|
|
@Bean
|
|
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
|
http
|
|
.csrf(AbstractHttpConfigurer::disable)
|
|
.sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
|
.authorizeHttpRequests(auth -> auth
|
|
.requestMatchers(
|
|
"/api/auth/**",
|
|
"/api/sdk/**",
|
|
"/actuator/health",
|
|
"/actuator/info"
|
|
).permitAll()
|
|
.anyRequest().authenticated()
|
|
)
|
|
.addFilterBefore(new JwtAuthFilter(jwtUtil), UsernamePasswordAuthenticationFilter.class);
|
|
return http.build();
|
|
}
|
|
|
|
@Bean
|
|
public PasswordEncoder passwordEncoder() {
|
|
return new BCryptPasswordEncoder();
|
|
}
|
|
}
|
