From 23716984cc6739fc8dcd39c72a95bed9789f47ca Mon Sep 17 00:00:00 2001 From: litianxiang Date: Wed, 22 Apr 2026 15:54:42 +0800 Subject: [PATCH] =?UTF-8?q?=E5=BE=AE=E6=9C=8D=E5=8A=A1=E6=94=B9=E9=80=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../ai/da/common/config/SecurityConfig.java | 23 +++++++++++-------- src/main/resources/application.yml | 18 +++++++-------- 2 files changed, 22 insertions(+), 19 deletions(-) diff --git a/src/main/java/com/ai/da/common/config/SecurityConfig.java b/src/main/java/com/ai/da/common/config/SecurityConfig.java index 461f148c..5b79a7a6 100644 --- a/src/main/java/com/ai/da/common/config/SecurityConfig.java +++ b/src/main/java/com/ai/da/common/config/SecurityConfig.java @@ -7,6 +7,11 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.web.SecurityFilterChain; +/** + * Spring Security 配置。 + * 由于鉴权逻辑已迁移至 Gateway(GlobalAuthWebFilter), + * 后端服务 (aida-back) 默认放行所有请求,仅依赖网关传递的用户信息。 + */ @Configuration @EnableWebSecurity public class SecurityConfig { @@ -14,18 +19,16 @@ public class SecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http + // 禁用 CSRF(微服务通常不需要) .csrf(AbstractHttpConfigurer::disable) + // 允许所有请求,具体鉴权在网关层完成 .authorizeHttpRequests(auth -> auth - .requestMatchers( - "/doc.html", - "/swagger-ui/**", - "/swagger-resources/**", - "/v2/api-docs/**", - "/v3/api-docs/**", - "/webjars/**" - ).permitAll() - .anyRequest().permitAll() // 先全部允许,后续根据业务需要收紧 - ); + .anyRequest().permitAll() + ) + // 禁用默认的表单登录和 HTTP Basic 认证,防止 302 重定向 + .formLogin(AbstractHttpConfigurer::disable) + .httpBasic(AbstractHttpConfigurer::disable); + return http.build(); } } diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index f127fba0..0ffbd62b 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -15,15 +15,15 @@ spring: # ---------- Token 生成参数(由 TokenGenerateUtils 使用) ---------- security: - jwtSecret: ${JWT_SECRET:JWTSECRET} + jwtSecret: JWTSECRET jwtTokenHeader: Authorization jwtTokenPrefix: Bearer- - jwtExpiration: ${JWT_EXPIRATION:8640000000} + jwtExpiration: 8640000000 # ---------- Python 服务 ---------- access: python: - ip: ${PYTHON_HOST:http://18.167.251.121} + ip: http://18.167.251.121 port: 9994 generate_sr_port: 9994 address: http://18.167.251.121:9994 @@ -86,7 +86,7 @@ rabbitmq: # ---------- 第三方服务 ---------- orderList: - link: ${ORDER_LINK:https://develop.aida.com.hk/home/homePage?order=} + link: https://develop.aida.com.hk/home/homePage?order= stripe: webhook: @@ -96,17 +96,17 @@ stripe: google: client: - id: ${GOOGLE_CLIENT_ID:157095842121-kdd1fdf8m8nudvj9sprstb2k2prnf9e4.apps.googleusercontent.com} - secret: ${GOOGLE_CLIENT_SECRET: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} + id: 157095842121-kdd1fdf8m8nudvj9sprstb2k2prnf9e4.apps.googleusercontent.com + secret: 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 redirect: - uri: ${GOOGLE_REDIRECT_URI:https://develop.api.aida.com.hk/api/third/party/auth/google_callback} + uri: https://develop.api.aida.com.hk/api/third/party/auth/google_callback design: callback: - url: ${DESIGN_CALLBACK_URL:https://develop.api.aida.com.hk/api/third/party/receiveDesignResults} + url: https://darkish-copied-sprinkler.ngrok-free.dev/api/third/party/receiveDesignResults redirect: - url: ${REDIRECT_URL:http://18.167.251.121:7788} + url: http://18.167.251.121:7788 global: award: