Commit 6c8923225a45f9abf8574627c0576797c7da7500
1 parent
7429b0f9
refactor(mod): widen permitAll stub to /api/mod/** REQ-MOD-002
Showing
1 changed file
with
1 additions
and
2 deletions
backend/src/main/java/com/xly/erp/common/security/SecurityConfig.java
| ... | ... | @@ -3,7 +3,6 @@ package com.xly.erp.common.security; |
| 3 | 3 | import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication; |
| 4 | 4 | import org.springframework.context.annotation.Bean; |
| 5 | 5 | import org.springframework.context.annotation.Configuration; |
| 6 | -import org.springframework.http.HttpMethod; | |
| 7 | 6 | import org.springframework.security.config.annotation.web.builders.HttpSecurity; |
| 8 | 7 | import org.springframework.security.config.http.SessionCreationPolicy; |
| 9 | 8 | import org.springframework.security.web.SecurityFilterChain; |
| ... | ... | @@ -25,7 +24,7 @@ public class SecurityConfig { |
| 25 | 24 | .sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) |
| 26 | 25 | .authorizeHttpRequests(auth -> auth |
| 27 | 26 | // REQ-MOD-001 stub: see USR-004 follow-up — 角色硬校验在 USR-004 完成后回填为 hasAuthority('SUPER_ADMIN') |
| 28 | - .requestMatchers(HttpMethod.POST, "/api/mod/modules").permitAll() | |
| 27 | + .requestMatchers("/api/mod/**").permitAll() | |
| 29 | 28 | .anyRequest().authenticated() |
| 30 | 29 | ) |
| 31 | 30 | .addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class); | ... | ... |