From 1231caac8d39b68108422f1afb63d63d2356b2f5 Mon Sep 17 00:00:00 2001 From: haoxr <1490493387@qq.com> Date: Fri, 7 Apr 2023 14:32:39 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E6=B7=BB=E5=8A=A0=E7=A6=81=E7=94=A8?= =?UTF-8?q?=E8=AF=B7=E6=B1=82=E8=B7=AF=E5=BE=84=E6=8B=A6=E6=88=AA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../config/OAuth2ClientSecurityConfig.java | 31 +++++++++++++++---- 1 file changed, 25 insertions(+), 6 deletions(-) diff --git a/youlai-gateway/src/main/java/com/youlai/gateway/config/OAuth2ClientSecurityConfig.java b/youlai-gateway/src/main/java/com/youlai/gateway/config/OAuth2ClientSecurityConfig.java index 94f72d41..8df69762 100644 --- a/youlai-gateway/src/main/java/com/youlai/gateway/config/OAuth2ClientSecurityConfig.java +++ b/youlai-gateway/src/main/java/com/youlai/gateway/config/OAuth2ClientSecurityConfig.java @@ -1,6 +1,10 @@ package com.youlai.gateway.config; +import cn.hutool.core.collection.CollectionUtil; +import cn.hutool.core.convert.Convert; +import lombok.Setter; import lombok.extern.slf4j.Slf4j; +import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity; import org.springframework.security.config.web.server.ServerHttpSecurity; @@ -10,6 +14,9 @@ import org.springframework.web.cors.reactive.CorsConfigurationSource; import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource; import org.springframework.web.util.pattern.PathPatternParser; +import java.util.Collections; +import java.util.List; + /** * OAuth Client Security 配置 @@ -17,14 +24,26 @@ import org.springframework.web.util.pattern.PathPatternParser; * @author haoxr * @date 2022/8/28 */ +@ConfigurationProperties(prefix = "security") @EnableWebFluxSecurity @Slf4j public class OAuth2ClientSecurityConfig { + /** + * 禁用访问路径集合 + */ + @Setter + private List forbiddenURIs; + @Bean public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http ) { + if (CollectionUtil.isEmpty(forbiddenURIs)) { + forbiddenURIs = Collections.EMPTY_LIST; + } + http.authorizeExchange() + .pathMatchers(Convert.toStrArray(forbiddenURIs)).denyAll() // 放行交由资源服务器进行认证鉴权 .anyExchange().permitAll() .and() @@ -35,19 +54,19 @@ public class OAuth2ClientSecurityConfig { @Bean public CorsConfigurationSource corsConfigurationSource() { - UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource (new PathPatternParser()); + UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(new PathPatternParser()); CorsConfiguration corsConfig = new CorsConfiguration(); // 允许所有请求方法 - corsConfig.addAllowedMethod ("*"); + corsConfig.addAllowedMethod("*"); // 允许所有域,当请求头 - corsConfig.addAllowedOriginPattern ("*"); + corsConfig.addAllowedOriginPattern("*"); // 允许全部请求头 - corsConfig.addAllowedHeader ("*"); + corsConfig.addAllowedHeader("*"); // 允许携带 Authorization 头 - corsConfig.setAllowCredentials (true); + corsConfig.setAllowCredentials(true); // 允许全部请求路径 - source.registerCorsConfiguration ("/**", corsConfig); + source.registerCorsConfiguration("/**", corsConfig); return source; } -- GitLab