From 858f515995fd1dca7cf825069ce38c32703298d0 Mon Sep 17 00:00:00 2001
From: peng <peng.com>
Date: 星期五, 07 十一月 2025 14:14:50 +0800
Subject: [PATCH] 报名人员导出

---
 backend/src/main/java/com/rongyichuang/config/SecurityConfig.java |   23 +++++++++++++++++------
 1 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/backend/src/main/java/com/rongyichuang/config/SecurityConfig.java b/backend/src/main/java/com/rongyichuang/config/SecurityConfig.java
index 92af34a..269f959 100644
--- a/backend/src/main/java/com/rongyichuang/config/SecurityConfig.java
+++ b/backend/src/main/java/com/rongyichuang/config/SecurityConfig.java
@@ -14,6 +14,7 @@
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
@@ -48,12 +49,22 @@
             .csrf(csrf -> csrf.disable())
             .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
             .authorizeHttpRequests(auth -> auth
-                // 娉ㄦ剰锛氬簲鐢ㄨ缃簡 context-path=/api锛屼负閬垮厤鍖归厤姝т箟锛岃繖閲屽悓鏃跺尮閰嶅幓闄ゅ拰鍖呭惈 context-path 鐨勮矾寰�
-                .requestMatchers("/auth/**", "/api/auth/**", "/actuator/**", "/test/**", "/cleanup/**").permitAll()
-                .requestMatchers("/api/health/**").permitAll() // 鍏佽鍋ュ悍妫�鏌ョ鐐硅闂�
-                .requestMatchers("/upload/**").permitAll()
-                .requestMatchers("/graphiql/**", "/graphql/**", "/api/graphql/**", "/api/graphiql/**").permitAll() // 鍏佽GraphQL鍜孏raphiQL璁块棶
-                .requestMatchers("/**/graphql", "/**/graphiql").permitAll() // 鏇村娉涚殑GraphQL璺緞鍖归厤
+                .requestMatchers(
+                    new AntPathRequestMatcher("/auth/**"),
+                    new AntPathRequestMatcher("/api/auth/**"),
+                    new AntPathRequestMatcher("/actuator/**"),
+                    new AntPathRequestMatcher("/test/**"),
+                    new AntPathRequestMatcher("/cleanup/**"),
+                    new AntPathRequestMatcher("/api/health/**"),
+                    new AntPathRequestMatcher("/upload/**"),
+                    new AntPathRequestMatcher("/api/upload/**"),
+                    new AntPathRequestMatcher("/graphiql/**"),
+                    new AntPathRequestMatcher("/graphql/**"),
+                    new AntPathRequestMatcher("/api/graphql/**"),
+                    new AntPathRequestMatcher("/api/graphiql/**"),
+                    new AntPathRequestMatcher("/player/export/applications"),
+                    new AntPathRequestMatcher("/api/player/export/applications")
+                ).permitAll()
                 .anyRequest().authenticated()
             )
             .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);

--
Gitblit v1.8.0