feat(framework): API 签名、安全白名单与 Web 配置调整

- 新增 ApiSignatureProperties 配置类 - 调整签名自动配置与 Redis DAO 实现 - 更新安全白名单与 Web 属性配置 - 网关新增安保模块路由配置 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-11 17:35:05 +08:00
parent 0345d0fe39
commit 6e56dcb6a2
7 changed files with 427 additions and 357 deletions
--- a/viewsh-framework/viewsh-spring-boot-starter-security/src/main/java/com/viewsh/framework/security/config/AuthorizeRequestsCustomizer.java
+++ b/viewsh-framework/viewsh-spring-boot-starter-security/src/main/java/com/viewsh/framework/security/config/AuthorizeRequestsCustomizer.java
@@ -1,35 +1,39 @@
-package com.viewsh.framework.security.config;
-
-import com.viewsh.framework.web.config.WebProperties;
-import jakarta.annotation.Resource;
-import org.springframework.core.Ordered;
-import org.springframework.security.config.Customizer;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
-
-/**
- * 自定义的 URL 的安全配置
- * 目的：每个 Maven Module 可以自定义规则！
- *
- * @author 芋道源码
- */
-public abstract class AuthorizeRequestsCustomizer
-        implements Customizer<AuthorizeHttpRequestsConfigurer<HttpSecurity>.AuthorizationManagerRequestMatcherRegistry>, Ordered {
-
-    @Resource
-    private WebProperties webProperties;
-
-    protected String buildAdminApi(String url) {
-        return webProperties.getAdminApi().getPrefix() + url;
-    }
-
-    protected String buildAppApi(String url) {
-        return webProperties.getAppApi().getPrefix() + url;
-    }
-
-    @Override
-    public int getOrder() {
-        return 0;
-    }
-
-}
+package com.viewsh.framework.security.config;
+
+import com.viewsh.framework.web.config.WebProperties;
+import jakarta.annotation.Resource;
+import org.springframework.core.Ordered;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
+
+/**
+ * 自定义的 URL 的安全配置
+ * 目的：每个 Maven Module 可以自定义规则！
+ *
+ * @author 芋道源码
+ */
+public abstract class AuthorizeRequestsCustomizer
+        implements Customizer<AuthorizeHttpRequestsConfigurer<HttpSecurity>.AuthorizationManagerRequestMatcherRegistry>, Ordered {
+
+    @Resource
+    private WebProperties webProperties;
+
+    protected String buildAdminApi(String url) {
+        return webProperties.getAdminApi().getPrefix() + url;
+    }
+
+    protected String buildAppApi(String url) {
+        return webProperties.getAppApi().getPrefix() + url;
+    }
+
+    protected String buildOpenApi(String url) {
+        return webProperties.getOpenApi().getPrefix() + url;
+    }
+
+    @Override
+    public int getOrder() {
+        return 0;
+    }
+
+}