新增:忽略记录请求日志url配置
This commit is contained in:
ruying408
@@ -1,5 +1,6 @@
|
||||
package com.cool;
|
||||
|
||||
import com.cool.core.annotation.TokenIgnore;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
@@ -9,6 +10,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
|
||||
public class Welcome {
|
||||
|
||||
@RequestMapping("/")
|
||||
@TokenIgnore
|
||||
public String welcome() {
|
||||
return "welcome";
|
||||
}
|
||||
|
||||
@@ -1,19 +1,22 @@
|
||||
package com.cool.core.security;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import lombok.Data;
|
||||
import org.springframework.boot.context.properties.ConfigurationProperties;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* 忽略token地址配置
|
||||
* 忽略地址配置
|
||||
*/
|
||||
@Data
|
||||
@Configuration
|
||||
@ConfigurationProperties(prefix = "ignored")
|
||||
public class IgnoredUrlsProperties {
|
||||
// 忽略权限列表
|
||||
private List<String> urls = new ArrayList<>();
|
||||
|
||||
// 忽略后台校验权限列表
|
||||
private List<String> adminAuthUrls = new ArrayList<>();
|
||||
|
||||
// 忽略记录请求日志列表
|
||||
private List<String> logUrls = new ArrayList<>();
|
||||
}
|
||||
|
||||
@@ -2,10 +2,16 @@ package com.cool.core.security;
|
||||
|
||||
import com.cool.core.annotation.TokenIgnore;
|
||||
import com.cool.modules.base.security.JwtAuthenticationTokenFilter;
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.core.annotation.AnnotatedElementUtils;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.AuthenticationProvider;
|
||||
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
|
||||
@@ -13,7 +19,7 @@ import org.springframework.security.config.annotation.authentication.configurati
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
|
||||
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FrameOptionsConfig;
|
||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
@@ -21,18 +27,11 @@ import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||
import org.springframework.util.DigestUtils;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.core.annotation.AnnotatedElementUtils;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.web.method.HandlerMethod;
|
||||
import org.springframework.web.servlet.mvc.method.RequestMappingInfo;
|
||||
import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
|
||||
import org.springframework.web.util.pattern.PathPattern;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
@EnableWebSecurity
|
||||
@Configuration
|
||||
@Slf4j
|
||||
@@ -60,11 +59,11 @@ public class JwtSecurityConfig {
|
||||
.authorizeHttpRequests(
|
||||
conf -> {
|
||||
conf.requestMatchers(
|
||||
ignoredUrlsProperties.getUrls().toArray(String[]::new))
|
||||
ignoredUrlsProperties.getAdminAuthUrls().toArray(String[]::new))
|
||||
.permitAll();
|
||||
conf.requestMatchers("/admin/**").authenticated();
|
||||
})
|
||||
.headers(config -> config.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable))
|
||||
.headers(config -> config.frameOptions(FrameOptionsConfig::disable))
|
||||
// 允许网页iframe
|
||||
.csrf(AbstractHttpConfigurer::disable)
|
||||
.sessionManagement(conf -> conf.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
||||
@@ -93,7 +92,7 @@ public class JwtSecurityConfig {
|
||||
}
|
||||
// 遍历 tokenIgnoreCtr.value()
|
||||
for (String path : tokenIgnoreCtr.value()) {
|
||||
ignoredUrlsProperties.getUrls().add(String.join("/", urls) + "/" + path);
|
||||
ignoredUrlsProperties.getAdminAuthUrls().add(String.join("/", urls) + "/" + path);
|
||||
}
|
||||
handlerCtr.add(handlerMethod.getBeanType().getName());
|
||||
});
|
||||
@@ -112,7 +111,7 @@ public class JwtSecurityConfig {
|
||||
for (PathPattern path : requestMappingInfo.getPathPatternsCondition().getPatterns()) {
|
||||
url.append(path);
|
||||
}
|
||||
ignoredUrlsProperties.getUrls().add(url.toString());
|
||||
ignoredUrlsProperties.getAdminAuthUrls().add(url.toString());
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
@@ -1,5 +1,8 @@
|
||||
package com.cool.core.security;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.security.access.AccessDecisionManager;
|
||||
@@ -11,10 +14,6 @@ import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.web.FilterInvocation;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* 权限管理决断器 判断用户拥有的权限或角色是否有资源访问权限
|
||||
*/
|
||||
@@ -31,7 +30,7 @@ public class MyAccessDecisionManager implements AccessDecisionManager {
|
||||
if (configAttributes == null) {
|
||||
return;
|
||||
}
|
||||
List<String> urls = ignoredUrlsProperties.getUrls();
|
||||
List<String> urls = ignoredUrlsProperties.getAdminAuthUrls();
|
||||
String url = ((FilterInvocation) o).getRequestUrl().split("[?]")[0];
|
||||
if (urls.contains(url)) {
|
||||
return;
|
||||
|
||||
@@ -2,15 +2,13 @@ package com.cool.modules.base.entity.sys;
|
||||
|
||||
import com.cool.core.base.BaseEntity;
|
||||
import com.mybatisflex.annotation.Column;
|
||||
import com.tangzc.autotable.annotation.Index;
|
||||
|
||||
import com.tangzc.mybatisflex.autotable.annotation.ColumnDefine;
|
||||
import com.mybatisflex.annotation.Table;
|
||||
import com.tangzc.autotable.annotation.Index;
|
||||
import com.tangzc.mybatisflex.autotable.annotation.ColumnDefine;
|
||||
import java.util.List;
|
||||
import lombok.Getter;
|
||||
import lombok.Setter;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
@Getter
|
||||
@Setter
|
||||
@Table(value = "base_sys_menu", comment = "系统菜单表")
|
||||
@@ -22,7 +20,7 @@ public class BaseSysMenuEntity extends BaseEntity<BaseSysMenuEntity> {
|
||||
@ColumnDefine(comment = "菜单名称")
|
||||
private String name;
|
||||
|
||||
@ColumnDefine(comment = "权限")
|
||||
@ColumnDefine(comment = "权限", type = "text")
|
||||
private String perms;
|
||||
|
||||
@ColumnDefine(comment = "类型 0:目录 1:菜单 2:按钮", type = "tinyint", defaultValue = "0")
|
||||
|
||||
@@ -1,10 +1,12 @@
|
||||
package com.cool.modules.base.service.sys.impl;
|
||||
|
||||
import cn.hutool.core.date.DateUtil;
|
||||
import cn.hutool.core.text.AntPathMatcher;
|
||||
import cn.hutool.core.util.StrUtil;
|
||||
import cn.hutool.json.JSONObject;
|
||||
import cn.hutool.json.JSONUtil;
|
||||
import com.cool.core.base.BaseServiceImpl;
|
||||
import com.cool.core.security.IgnoredUrlsProperties;
|
||||
import com.cool.core.util.IPUtils;
|
||||
import com.cool.modules.base.entity.sys.BaseSysLogEntity;
|
||||
import com.cool.modules.base.entity.sys.BaseSysUserEntity;
|
||||
@@ -35,10 +37,13 @@ public class BaseSysLogServiceImpl extends BaseServiceImpl<BaseSysLogMapper, Bas
|
||||
|
||||
private final CoolSecurityUtil coolSecurityUtil;
|
||||
|
||||
private final IgnoredUrlsProperties ignoredUrlsProperties;
|
||||
|
||||
private final IPUtils ipUtils;
|
||||
|
||||
@Value("${cool.log.maxJsonLength:1024}")
|
||||
private int maxJsonLength;
|
||||
private static final AntPathMatcher antPathMatcher = new AntPathMatcher();
|
||||
|
||||
@Override
|
||||
public Object page(
|
||||
@@ -68,6 +73,10 @@ public class BaseSysLogServiceImpl extends BaseServiceImpl<BaseSysLogMapper, Bas
|
||||
@Override
|
||||
public void record(HttpServletRequest request, JSONObject requestParams) {
|
||||
String requestURI = request.getRequestURI();
|
||||
if (isIgnoreUrl(requestURI)) {
|
||||
// 配置了忽略记录请求日志
|
||||
return;
|
||||
}
|
||||
String ipAddr = ipUtils.getIpAddr(request);
|
||||
JSONObject userInfo = coolSecurityUtil.userInfo(requestParams);
|
||||
|
||||
@@ -87,6 +96,11 @@ public class BaseSysLogServiceImpl extends BaseServiceImpl<BaseSysLogMapper, Bas
|
||||
recordAsync(requestURI, ipAddr, userId, newJSONObject);
|
||||
}
|
||||
|
||||
private boolean isIgnoreUrl(String requestURI) {
|
||||
return ignoredUrlsProperties.getLogUrls().stream()
|
||||
.anyMatch(url -> antPathMatcher.match(url, requestURI));
|
||||
}
|
||||
|
||||
|
||||
@Async
|
||||
public void recordAsync(String requestURI, String ip, Long userId, JSONObject params) {
|
||||
|
||||
@@ -68,9 +68,10 @@ spring:
|
||||
threadPriority: 9
|
||||
threadsInheritContextClassLoaderOfInitializingThread: true
|
||||
|
||||
# 忽略鉴权url
|
||||
# 忽略url
|
||||
ignored:
|
||||
urls:
|
||||
# 忽略后台鉴权url
|
||||
adminAuthUrls:
|
||||
- /
|
||||
- /upload/**
|
||||
- /actuator/**
|
||||
@@ -85,7 +86,11 @@ ignored:
|
||||
- /js/*
|
||||
- /druid/**
|
||||
- /admin/base/open/**
|
||||
|
||||
# 忽略记录请求日志url
|
||||
logUrls:
|
||||
- /*
|
||||
- /css/*
|
||||
- /js/*
|
||||
# 文档
|
||||
springdoc:
|
||||
api-docs:
|
||||
|
||||
Reference in New Issue
Block a user