开发助手

2025-02-13 12:58:18 +08:00 · 2025-02-13 12:58:18 +08:00 · 1f8e6e7265
commit 1f8e6e7265
parent 93d36f2653
3 changed files with 17 additions and 4 deletions
--- a/data/database.mv.db
+++ b/data/database.mv.db
--- a/dev-assistant-service/src/main/java/com/devassistant/framework/security/SecurityConfiguration.java
+++ b/dev-assistant-service/src/main/java/com/devassistant/framework/security/SecurityConfiguration.java
@ -12,6 +12,7 @@ import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
@ -39,20 +40,24 @@ public class SecurityConfiguration {
        http
                // 禁用 csrf
                .csrf(AbstractHttpConfigurer::disable)
+                .headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin))
                // 允许跨域
                .cors(Customizer.withDefaults())
-                // 禁用 form 登录
-                .formLogin(AbstractHttpConfigurer::disable)
                // 禁用 httpBasic 登录
                .httpBasic(AbstractHttpConfigurer::disable)
                // 禁用 logout
                .logout(AbstractHttpConfigurer::disable)
+
                // 禁用 session
                .sessionManagement(s -> s.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                // 异常处理
                .exceptionHandling(e -> e.authenticationEntryPoint(authEntryPoint))
                // 访问控制
-                .authorizeHttpRequests(authorize -> authorize.requestMatchers(HttpMethod.OPTIONS, "/**").permitAll().requestMatchers("/error").permitAll().anyRequest().access((authentication, object) -> getAuthorizationDecision(object)));
+                .authorizeHttpRequests(authorize -> authorize
+                        .requestMatchers(HttpMethod.OPTIONS, "/**")
+                        .permitAll().requestMatchers("/error")
+                        .permitAll().requestMatchers("/h2-console/**")
+                        .permitAll().anyRequest().access((authentication, object) -> getAuthorizationDecision(object)));

        return http.build();
    }
--- a/dev-assistant-service/src/main/resources/application.yml
+++ b/dev-assistant-service/src/main/resources/application.yml
@ -3,7 +3,15 @@ spring:
    name: dev-assistant-service
  datasource:
    url: jdbc:h2:file:./data/database
+    driver-class-name: org.h2.Driver
+    username: sa
+    password: 123456
+
+  h2:
+    console:
+      enabled: true
+      path: /h2-console

 file:
  upload-dir: ./data/files
-  password: 0105
+  password: 0105