| | |
|---|
| | | .authorizeHttpRequests(auth -> auth |
|---|
| | | .requestMatchers("/auth/**", "/actuator/**", "/test/**", "/cleanup/**").permitAll() |
|---|
| | | .requestMatchers("/upload/**").permitAll() |
|---|
| | | .requestMatchers("/graphql", "/graphql/**", "/graphiql").permitAll() |
|---|
| | | .requestMatchers("/graphiql/**", "/graphql/**", "/api/graphql/**", "/api/graphiql/**").permitAll() // 允许GraphQL和GraphiQL访问 |
|---|
| | | .requestMatchers("/**/graphql", "/**/graphiql").permitAll() // 更宽泛的GraphQL路径匹配 |
|---|
| | | .anyRequest().authenticated() |
|---|
| | | ) |
|---|
| | | .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class); |
|---|
