XW-AIOT/wvp-platform
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(aiot): 缩小 Edge 白名单通配范围,限定具体模块

Browse Source 
从 /api/ai/**/edge/** 改为按模块显式列出:
- /api/ai/alert/edge/**  告警上报
- /api/ai/device/edge/** 设备心跳(预留)
避免过宽通配带来的安全隐患。

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
16337
2026-03-02 10:23:04 +08:00
parent 1bbcac4b4d
commit 3a2c480e05
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
View File

@@ -105,7 +105,8 @@ public class WebSecurityConfig {
defaultExcludes.add("/api/ai/roi/snap/callback"); defaultExcludes.add("/api/ai/roi/snap/callback");
defaultExcludes.add("/api/ai/roi/snap/image"); defaultExcludes.add("/api/ai/roi/snap/image");
defaultExcludes.add("/api/ai/camera/get"); defaultExcludes.add("/api/ai/camera/get");
defaultExcludes.add("/api/ai/**/edge/**"); defaultExcludes.add("/api/ai/alert/edge/**");
defaultExcludes.add("/api/ai/device/edge/**");
if (userSetting.getInterfaceAuthentication() && !userSetting.getInterfaceAuthenticationExcludes().isEmpty()) { if (userSetting.getInterfaceAuthentication() && !userSetting.getInterfaceAuthenticationExcludes().isEmpty()) {
defaultExcludes.addAll(userSetting.getInterfaceAuthenticationExcludes()); defaultExcludes.addAll(userSetting.getInterfaceAuthenticationExcludes());