| | |
|---|
| | | .csrf(csrf -> csrf.disable()) |
|---|
| | | .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) |
|---|
| | | .authorizeHttpRequests(auth -> auth |
|---|
| | | .requestMatchers("/auth/**", "/actuator/**", "/test/**", "/cleanup/**").permitAll() |
|---|
| | | // 注意:应用设置了 context-path=/api,为避免匹配歧义,这里同时匹配去除和包含 context-path 的路径 |
|---|
| | | .requestMatchers("/auth/**", "/api/auth/**", "/actuator/**", "/test/**", "/cleanup/**").permitAll() |
|---|
| | | .requestMatchers("/api/health/**").permitAll() // 允许健康检查端点访问 |
|---|
| | | .requestMatchers("/upload/**").permitAll() |
|---|
| | | .requestMatchers("/graphiql/**", "/graphql/**", "/api/graphql/**", "/api/graphiql/**").permitAll() // 允许GraphQL和GraphiQL访问 |
|---|
| | | .requestMatchers("/**/graphql", "/**/graphiql").permitAll() // 更宽泛的GraphQL路径匹配 |
|---|
