添加配置

msgpush-framework/msgpush-spring-boot-starter-security/src/main/java/com/njcn/msgpush/framework/operatelog/config/MsgpushOperateLogConfiguration.java

@@ -13,7 +13,7 @@ import org.springframework.context.annotation.Primary;
  *
  * @author HUIHUI
  */
-@EnableLogRecord(tenant = "") // 貌似用不上 tenant 这玩意给个空好啦
+@EnableLogRecord(tenant = "admin") // 貌似用不上 tenant 这玩意给个空好啦
 @AutoConfiguration
 @Slf4j
 public class MsgpushOperateLogConfiguration {

msgpush-framework/msgpush-spring-boot-starter-security/src/main/java/com/njcn/msgpush/framework/security/config/MsgpushWebSecurityConfigurerAdapter.java

@@ -8,7 +8,6 @@ import com.google.common.collect.Multimap;
 import jakarta.annotation.Resource;
 import jakarta.annotation.security.PermitAll;
 import jakarta.servlet.DispatcherType;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.AutoConfiguration;
 import org.springframework.boot.autoconfigure.AutoConfigureOrder;
 import org.springframework.context.ApplicationContext;

msgpush-module-push/msgpush-module-push-api/src/main/java/com/njcn/msgpush/module/push/enums/ApiConstants.java

@@ -0,0 +1,23 @@
+package com.njcn.msgpush.module.push.enums;
+
+import com.njcn.msgpush.framework.common.enums.RpcConstants;
+
+/**
+ * API 相关的枚举
+ *
+ * @author hongawen
+ */
+public class ApiConstants {
+
+    /**
+     * 服务名
+     *
+     * 注意，需要保证和 spring.application.name 保持一致
+     */
+    public static final String NAME = "push-server";
+
+    public static final String PREFIX = RpcConstants.RPC_API_PREFIX +  "/push";
+
+    public static final String VERSION = "1.0.0";
+
+}

msgpush-module-push/msgpush-module-push-server/src/main/java/com/njcn/msgpush/module/push/framework/security/config/SecurityConfiguration.java

@@ -0,0 +1,39 @@
+package com.njcn.msgpush.module.push.framework.security.config;
+
+import com.njcn.msgpush.framework.security.config.AuthorizeRequestsCustomizer;
+import com.njcn.msgpush.module.push.enums.ApiConstants;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
+
+/**
+ * Push 模块的 Security 配置
+ */
+@Configuration(proxyBeanMethods = false, value = "pushSecurityConfiguration")
+public class SecurityConfiguration {
+
+    @Bean("pushAuthorizeRequestsCustomizer")
+    public AuthorizeRequestsCustomizer authorizeRequestsCustomizer() {
+        return new AuthorizeRequestsCustomizer() {
+
+            @Override
+            public void customize(AuthorizeHttpRequestsConfigurer<HttpSecurity>.AuthorizationManagerRequestMatcherRegistry registry) {
+                // Swagger 接口文档
+                registry.requestMatchers("/v3/api-docs/**").permitAll()
+                        .requestMatchers("/webjars/**").permitAll()
+                        .requestMatchers("/swagger-ui").permitAll()
+                        .requestMatchers("/swagger-ui/**").permitAll();
+                // Druid 监控
+                registry.requestMatchers("/druid/**").permitAll();
+                // Spring Boot Actuator 的安全配置
+                registry.requestMatchers("/actuator").permitAll()
+                        .requestMatchers("/actuator/**").permitAll();
+                // RPC 服务的安全配置
+                registry.requestMatchers(ApiConstants.PREFIX + "/**").permitAll();
+            }
+
+        };
+    }
+
+}