huangyp/dev-assistant
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

开发助手

Browse Source
This commit is contained in:
huangyp 2025-02-13 12:58:18 +08:00
parent 93d36f2653
commit 1f8e6e7265
3 changed files with 17 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
data/database.mv.db
View File

Binary file not shown.

11
dev-assistant-service/src/main/java/com/devassistant/framework/security/SecurityConfiguration.java
View File

@ -12,6 +12,7 @@ import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
@ -39,20 +40,24 @@ public class SecurityConfiguration {
http http
// 禁用 csrf // 禁用 csrf
.csrf(AbstractHttpConfigurer::disable) .csrf(AbstractHttpConfigurer::disable)
.headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin))
// 允许跨域 // 允许跨域
.cors(Customizer.withDefaults()) .cors(Customizer.withDefaults())
// 禁用 form 登录
.formLogin(AbstractHttpConfigurer::disable)
// 禁用 httpBasic 登录 // 禁用 httpBasic 登录
.httpBasic(AbstractHttpConfigurer::disable) .httpBasic(AbstractHttpConfigurer::disable)
// 禁用 logout // 禁用 logout
.logout(AbstractHttpConfigurer::disable) .logout(AbstractHttpConfigurer::disable)
// 禁用 session // 禁用 session
.sessionManagement(s -> s.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) .sessionManagement(s -> s.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
// 异常处理 // 异常处理
.exceptionHandling(e -> e.authenticationEntryPoint(authEntryPoint)) .exceptionHandling(e -> e.authenticationEntryPoint(authEntryPoint))
// 访问控制 // 访问控制
.authorizeHttpRequests(authorize -> authorize.requestMatchers(HttpMethod.OPTIONS, "/**").permitAll().requestMatchers("/error").permitAll().anyRequest().access((authentication, object) -> getAuthorizationDecision(object))); .authorizeHttpRequests(authorize -> authorize
.requestMatchers(HttpMethod.OPTIONS, "/**")
.permitAll().requestMatchers("/error")
.permitAll().requestMatchers("/h2-console/**")
.permitAll().anyRequest().access((authentication, object) -> getAuthorizationDecision(object)));
return http.build(); return http.build();
} }

10
dev-assistant-service/src/main/resources/application.yml
View File

@ -3,7 +3,15 @@ spring:
name: dev-assistant-service name: dev-assistant-service
datasource: datasource:
url: jdbc:h2:file:./data/database url: jdbc:h2:file:./data/database
driver-class-name: org.h2.Driver
username: sa
password: 123456
h2:
console:
enabled: true
path: /h2-console
file: file:
upload-dir: ./data/files upload-dir: ./data/files
password: 0105 password: 0105