| | |
|---|
| | | .csrf(csrf -> csrf.disable()) |
|---|
| | | .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) |
|---|
| | | .authorizeHttpRequests(auth -> auth |
|---|
| | | .requestMatchers("/api/auth/**", "/api/actuator/**", "/api/test/**", "/api/cleanup/**").permitAll() |
|---|
| | | .requestMatchers("/api/graphql", "/api/graphql/**", "/api/graphiql").permitAll() |
|---|
| | | .requestMatchers("/graphql", "/graphql/**").permitAll() |
|---|
| | | .requestMatchers("/auth/**", "/actuator/**", "/test/**", "/cleanup/**").permitAll() |
|---|
| | | .requestMatchers("/upload/**").permitAll() |
|---|
| | | .requestMatchers("/graphiql/**", "/graphql/**", "/api/graphql/**", "/api/graphiql/**").permitAll() // 允许GraphQL和GraphiQL访问 |
|---|
| | | .requestMatchers("/**/graphql", "/**/graphiql").permitAll() // 更宽泛的GraphQL路径匹配 |
|---|
| | | .anyRequest().authenticated() |
|---|
| | | ) |
|---|
| | | .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class); |
|---|
