对齐 boot 与 cloud 的代码

2023-07-27 13:01:17 +08:00
parent 1475e9a507
commit 0feb865ef0
53 changed files with 413 additions and 237 deletions
--- a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/YudaoWebSecurityConfigurerAdapter.java
+++ b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/YudaoWebSecurityConfigurerAdapter.java
@@ -60,7 +60,7 @@ public class YudaoWebSecurityConfigurerAdapter {
    /**
     * 自定义的权限映射 Bean 们
     *
-     * @see #configure(HttpSecurity)
+     * @see #filterChain(HttpSecurity)
     */
    @Resource
    private List<AuthorizeRequestsCustomizer> authorizeRequestsCustomizers;
@@ -95,7 +95,7 @@ public class YudaoWebSecurityConfigurerAdapter {
     * authenticated       |   用户登录后可访问
     */
    @Bean
-    protected SecurityFilterChain configure(HttpSecurity httpSecurity) throws Exception {
+    protected SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
        // 登出
        httpSecurity
                // 开启跨域
@@ -116,16 +116,16 @@ public class YudaoWebSecurityConfigurerAdapter {
        httpSecurity
                // ①：全局共享规则
                .authorizeRequests()
-                // 静态资源，可匿名访问
+                // 1.1 静态资源，可匿名访问
                .antMatchers(HttpMethod.GET, "/*.html", "/**/*.html", "/**/*.css", "/**/*.js").permitAll()
-                // 设置 @PermitAll 无需认证
+                // 1.2 设置 @PermitAll 无需认证
                .antMatchers(HttpMethod.GET, permitAllUrls.get(HttpMethod.GET).toArray(new String[0])).permitAll()
                .antMatchers(HttpMethod.POST, permitAllUrls.get(HttpMethod.POST).toArray(new String[0])).permitAll()
                .antMatchers(HttpMethod.PUT, permitAllUrls.get(HttpMethod.PUT).toArray(new String[0])).permitAll()
                .antMatchers(HttpMethod.DELETE, permitAllUrls.get(HttpMethod.DELETE).toArray(new String[0])).permitAll()
-                // 基于 yudao.security.permit-all-urls 无需认证
+                // 1.3 基于 yudao.security.permit-all-urls 无需认证
                .antMatchers(securityProperties.getPermitAllUrls().toArray(new String[0])).permitAll()
-                // 设置 App API 无需认证
+                // 1.4 设置 App API 无需认证
                .antMatchers(buildAppApi("/**")).permitAll()
                // ②：每个项目的自定义规则
                .and().authorizeRequests(registry -> // 下面，循环设置自定义规则
@@ -135,7 +135,7 @@ public class YudaoWebSecurityConfigurerAdapter {
                .anyRequest().authenticated()
        ;

-        // 添加 JWT Filter
+        // 添加 Token Filter
        httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
        return httpSecurity.build();
    }