🔧 权限属性配置单独放在配置文件中

auth-system/src/main/java/cn/bunny/services/security/config/WebSecurityConfig.java

@@ -1,9 +1,10 @@
 package cn.bunny.services.security.config;
 
+import cn.bunny.services.security.config.property.AuthorityProperty;
 import cn.bunny.services.security.handelr.SecurityAccessDeniedHandler;
 import cn.bunny.services.security.handelr.SecurityAuthenticationEntryPoint;
 import cn.bunny.services.security.service.CustomAuthorizationManagerServiceImpl;
-import jakarta.annotation.Resource;
+import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
@@ -17,23 +18,28 @@ import org.springframework.security.web.util.matcher.RegexRequestMatcher;
 @Configuration
 @EnableWebSecurity
 @EnableMethodSecurity
+@RequiredArgsConstructor
 public class WebSecurityConfig {
 
     // 需要排出的无需验证的请求路径
-    public static String[] annotations = {
+    // public static String[] annotations = {
-            "/", "/ws/**", "/**.html", "/error",
+    //         "/" , "/ws/**" , "/**.html" , "/error" ,
-            "/media.ico", "/favicon.ico", "/webjars/**", "/v3/api-docs/**", "/swagger-ui/**",
+    //         "/media.ico" , "/favicon.ico" , "/webjars/**" , "/v3/api-docs/**" , "/swagger-ui/**" ,
-            "/*/*/login", "/*/local-file/**", "/*/*/public/**",
+    //         "/*/*/login" , "/*/local-file/**" , "/*/*/public/**" ,
-    };
+    // };
+    public static String[] annotations;
 
     // 用户登录之后才能访问，不能与接口名称重复！！！不能与接口名称包含！！！
-    public static String[] userAuths = {"private"};
+    // public static String[] userAuths = {"private"};
+    public static String[] userAuths;
 
-    @Resource
+    private final AuthorityProperty authorityProperty;
-    private CustomAuthorizationManagerServiceImpl customAuthorizationManagerService;
+    private final CustomAuthorizationManagerServiceImpl customAuthorizationManagerService;
 
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
+        annotations = authorityProperty.getAnnotations();
+        userAuths = authorityProperty.getUserAuths();
 
         httpSecurity
                 // 前端段分离不需要---禁用明文验证
@@ -55,7 +61,7 @@ public class WebSecurityConfig {
                 .rememberMe(AbstractHttpConfigurer::disable)
                 .authorizeHttpRequests(authorize -> authorize
                         .requestMatchers(annotations).permitAll()
-                        .requestMatchers(RegexRequestMatcher.regexMatcher(".*\\.(css|js)$")).permitAll()
+                        .requestMatchers(RegexRequestMatcher.regexMatcher(".*\\.(css|js)$" )).permitAll()
                         .anyRequest().access(customAuthorizationManagerService)
                 )
                 .exceptionHandling(exception -> {

auth-system/src/main/java/cn/bunny/services/security/config/property/AuthorityProperty.java

@@ -0,0 +1,20 @@
+package cn.bunny.services.security.config.property;
+
+import lombok.Getter;
+import lombok.Setter;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+@Getter
+@Setter
+@Configuration
+@ConfigurationProperties(prefix = "auth" )
+public class AuthorityProperty {
+
+    /* 需要排出的无需验证的请求路径 */
+    private String[] annotations;
+
+    /* 用户登录之后才能访问，不能与接口名称重复和包含！！！ */
+    private String[] userAuths;
+
+}

auth-system/src/main/resources/application-auth.yml

@@ -0,0 +1,16 @@
+auth:
+  annotations:
+    - /
+    - /ws/**
+    - /**.html
+    - /error
+    - /media.ico
+    - /favicon.ico
+    - /webjars/**
+    - /v3/api-docs/**
+    - /swagger-ui/**
+    - /*/*/login
+    - /*/local-file/**
+    - /*/*/public/**
+  user-auths:
+    - private

auth-system/src/main/resources/application.yml

@@ -6,6 +6,8 @@ server:
 spring:
   profiles:
     active: @profiles.active@
+    include:
+      - auth
   # main:
   #   lazy-initialization: true
   application: