多模块重构 12：【新增】Spring Security 新增 AuthorizeRequestsCustomizer 抽象类， 自定义每个 Maven Module 的 URL 的安全配置

http-client.env.json

@@ -4,7 +4,7 @@
     "token": "test1",
     "adminTenentId": "1",
 
-    "userApi": "http://127.0.0.1:48080/app-api",
+    "appApi": "http://127.0.0.1:48080/app-api",
     "appToken": "test1",
     "appTenentId": "1"
   }

yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/AuthorizeRequestsCustomizer.java

@@ -0,0 +1,36 @@
+package cn.iocoder.yudao.framework.security.config;
+
+import cn.iocoder.yudao.framework.web.config.WebProperties;
+import org.springframework.core.Ordered;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
+
+import javax.annotation.Resource;
+
+/**
+ * 自定义的 URL 的安全配置
+ * 目的：每个 Maven Module 可以自定义规则！
+ *
+ * @author 芋道源码
+ */
+public abstract class AuthorizeRequestsCustomizer
+        implements Customizer<ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry>, Ordered {
+
+    @Resource
+    private WebProperties webProperties;
+
+    protected String buildAdminApi(String url) {
+        return webProperties.getAdminApi().getPrefix() + url;
+    }
+
+    protected String buildAppApi(String url) {
+        return webProperties.getAppApi().getPrefix() + url;
+    }
+
+    @Override
+    public int getOrder() {
+        return 0;
+    }
+
+}

yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/YudaoWebSecurityConfigurerAdapter.java

@@ -26,6 +26,8 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
 
 import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
+import java.util.List;
+import java.util.function.Consumer;
 
 /**
  * 自定义的 Spring Security 配置适配器实现
@@ -62,14 +64,22 @@ public class YudaoWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdap
     @Resource
     private JWTAuthenticationTokenFilter authenticationTokenFilter;
 
+//    /**
+//     * 自定义的权限映射 Bean
+//     *
+//     * @see #configure(HttpSecurity)
+//     */
+//    @Resource
+//    private Customizer<ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry>
+//            authorizeRequestsCustomizer;
+
     /**
-     * 自定义的权限映射 Bean
+     * 自定义的权限映射 Bean 们
      *
      * @see #configure(HttpSecurity)
      */
     @Resource
-    private Customizer<ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry>
+    private List<AuthorizeRequestsCustomizer> authorizeRequestsCustomizers;
-            authorizeRequestsCustomizer;
 
     /**
      * 由于 Spring Security 创建 AuthenticationManager 对象时，没声明 @Bean 注解，导致无法被注入
@@ -126,44 +136,31 @@ public class YudaoWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdap
                         StrUtil.equalsAny(request.getRequestURI(), buildAdminApi("/system/logout"),
                                                                    buildAppApi("/member/logout")));
 
-        // 设置每个请求的权限 ①：全局共享规则
+        // 设置每个请求的权限
-        httpSecurity.authorizeRequests()
+        httpSecurity
-                    // 登录的接口，可匿名访问
+                // ①：全局共享规则
-                    .antMatchers(buildAdminApi("/system/login"), buildAdminApi("/member/login")).anonymous()
+                .authorizeRequests()
                     // 静态资源，可匿名访问
                     .antMatchers(HttpMethod.GET, "/*.html", "/**/*.html", "/**/*.css", "/**/*.js").permitAll()
-                    // 文件的获取接口，可匿名访问
+                    // 设置 App API 无需认证
-                    .antMatchers(buildAdminApi("/infra/file/get/**")).anonymous()
+                    .antMatchers(buildAppApi("/**")).permitAll()
-                    // Swagger 接口文档
+                // ②：每个项目的自定义规则
-                    .antMatchers("/swagger-ui.html").anonymous()
+                .and().authorizeRequests(registry -> // 下面，循环设置自定义规则
-                    .antMatchers("/swagger-resources/**").anonymous()
+                        authorizeRequestsCustomizers.forEach(customizer -> customizer.customize(registry)))
-                    .antMatchers("/webjars/**").anonymous()
+                // ③：兜底规则，必须认证
-                    .antMatchers("/*/api-docs").anonymous()
+                .authorizeRequests()
-                    // Spring Boot Actuator 的安全配置
+                    .anyRequest().authenticated()
-                    .antMatchers("/actuator").anonymous()
-                    .antMatchers("/actuator/**").anonymous()
-                    // Druid 监控 TODO 芋艿：等对接了 druid admin 后，在调整下。
-                    .antMatchers("/druid/**").anonymous()
-                    // oAuth2 auth2/login/gitee TODO 芋艿：貌似可以删除
-                    .antMatchers(buildAdminApi("/auth2/login/**")).anonymous()
-                    .antMatchers(buildAdminApi("/auth2/authorization/**")).anonymous()
-                    .antMatchers("/api/callback/**").anonymous()
-                // 设置每个请求的权限 ②：每个项目的自定义规则 TODO 芋艿：改造成多个，方便每个模块自定义规则
-                .and().authorizeRequests(authorizeRequestsCustomizer)
-                // 设置每个请求的权限 ③：兜底规则，必须认证
-                .authorizeRequests().anyRequest().authenticated()
         ;
+
         // 添加 JWT Filter
         httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
     }
 
     private String buildAdminApi(String url) {
-        // TODO 芋艿：多模块
         return webProperties.getAdminApi().getPrefix() + url;
     }
 
     private String buildAppApi(String url) {
-        // TODO 芋艿：多模块
         return webProperties.getAppApi().getPrefix() + url;
     }
 

yudao-module-infra/yudao-module-infra-impl/pom.xml

@@ -90,6 +90,17 @@
             <groupId>cn.smallbun.screw</groupId>
             <artifactId>screw-core</artifactId> <!-- 实现数据库文档 -->
         </dependency>
+
+        <!-- 监控相关 -->
+        <dependency>
+            <groupId>cn.iocoder.boot</groupId>
+            <artifactId>yudao-spring-boot-starter-monitor</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>de.codecentric</groupId>
+            <artifactId>spring-boot-admin-starter-server</artifactId> <!-- 实现 Spring Boot Admin Server 服务端 -->
+        </dependency>
     </dependencies>
 
     <build>

yudao-module-infra/yudao-module-infra-impl/src/main/java/cn/iocoder/yudao/module/infra/framework/monitor/config/AdminServerConfiguration.java

@@ -1,4 +1,4 @@
-package cn.iocoder.yudao.server.framework.monitor.config;
+package cn.iocoder.yudao.module.infra.framework.monitor.config;
 
 import de.codecentric.boot.admin.server.config.EnableAdminServer;
 import org.springframework.context.annotation.Configuration;

yudao-module-infra/yudao-module-infra-impl/src/main/java/cn/iocoder/yudao/module/infra/framework/monitor/package-info.java

@@ -1,4 +1,4 @@
 /**
  * 使用 Spring Boot Admin 实现简单的监控平台
  */
-package cn.iocoder.yudao.server.framework.monitor;
+package cn.iocoder.yudao.module.infra.framework.monitor;

yudao-module-infra/yudao-module-infra-impl/src/main/java/cn/iocoder/yudao/module/infra/framework/security/config/InfraSecurityConfiguration.java

@@ -0,0 +1,45 @@
+package cn.iocoder.yudao.module.infra.framework.security.config;
+
+import cn.iocoder.yudao.framework.security.config.AuthorizeRequestsCustomizer;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
+
+/**
+ * Infra 模块的 Security 配置
+ */
+@Configuration
+public class InfraSecurityConfiguration {
+
+    @Value("${spring.boot.admin.context-path:''}")
+    private String adminSeverContextPath;
+
+    @Bean("infraAuthorizeRequestsCustomizer")
+    public AuthorizeRequestsCustomizer authorizeRequestsCustomizer() {
+        return new AuthorizeRequestsCustomizer() {
+
+            @Override
+            public void customize(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) {
+                // Swagger 接口文档
+                registry.antMatchers("/swagger-ui.html").anonymous()
+                        .antMatchers("/swagger-resources/**").anonymous()
+                        .antMatchers("/webjars/**").anonymous()
+                        .antMatchers("/*/api-docs").anonymous();
+                // Spring Boot Actuator 的安全配置
+                registry.antMatchers("/actuator").anonymous()
+                        .antMatchers("/actuator/**").anonymous();
+                // Druid 监控
+                registry.antMatchers("/druid/**").anonymous();
+                // Spring Boot Admin Server 的安全配置
+                registry.antMatchers(adminSeverContextPath).anonymous()
+                        .antMatchers(adminSeverContextPath + "/**").anonymous();
+                // 文件的获取接口，可匿名访问
+                registry.antMatchers(buildAdminApi("/infra/file/get/**"), buildAppApi("/infra/file/get/**")).anonymous();
+            }
+
+        };
+    }
+
+}

yudao-module-infra/yudao-module-infra-impl/src/main/java/cn/iocoder/yudao/module/infra/framework/security/core/package-info.java

@@ -0,0 +1,4 @@
+/**
+ * 占位
+ */
+package cn.iocoder.yudao.module.infra.framework.security.core;

yudao-module-member/yudao-module-member-impl/src/main/java/cn/iocoder/yudao/module/member/framework/package-info.java

@@ -1,6 +0,0 @@
-/**
- * 属于 yudao-module-member-impl 的封装
- *
- * @author 芋道源码
- */
-package cn.iocoder.yudao.module.member.framework;

yudao-module-member/yudao-module-member-impl/src/main/java/cn/iocoder/yudao/module/member/service/auth/MemberAuthServiceImpl.java

@@ -202,6 +202,7 @@ public class MemberAuthServiceImpl implements MemberAuthService {
         if (user != null) {
             reqDTO.setUserId(user.getId());
         }
+        reqDTO.setUserType(getUserType().getValue());
         reqDTO.setUsername(mobile);
         reqDTO.setUserAgent(ServletUtils.getUserAgent());
         reqDTO.setUserIp(getClientIP());

yudao-module-system/yudao-module-system-api/src/main/java/cn/iocoder/yudao/module/system/api/logger/dto/LoginLogCreateReqDTO.java

@@ -23,7 +23,6 @@ public class LoginLogCreateReqDTO {
     /**
      * 链路追踪编号
      */
-    @NotEmpty(message = "链路追踪编号不能为空")
     private String traceId;
 
     /**

yudao-module-system/yudao-module-system-impl/src/main/java/cn/iocoder/yudao/module/system/framework/security/config/SystemSecurityConfiguration.java

@@ -0,0 +1,34 @@
+package cn.iocoder.yudao.module.system.framework.security.config;
+
+import cn.iocoder.yudao.framework.security.config.AuthorizeRequestsCustomizer;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
+
+/**
+ * System 模块的 Security 配置
+ */
+@Configuration
+public class SystemSecurityConfiguration {
+
+    @Bean("systemAuthorizeRequestsCustomizer")
+    public AuthorizeRequestsCustomizer authorizeRequestsCustomizer() {
+        return new AuthorizeRequestsCustomizer() {
+
+            @Override
+            public void customize(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) {
+                // 登录的接口，可匿名访问
+                registry.antMatchers(buildAdminApi("/system/login")).anonymous();
+                // 验证码的接口
+                registry.antMatchers(buildAdminApi("/system/captcha/**")).anonymous();
+                // 获得租户编号的接口
+                registry.antMatchers(buildAdminApi("/system/tenant/get-id-by-name")).anonymous();
+                // 短信回调 API
+                registry.antMatchers(buildAdminApi("/system/sms/callback/**")).anonymous();
+            }
+
+        };
+    }
+
+}

yudao-module-system/yudao-module-system-impl/src/main/java/cn/iocoder/yudao/module/system/framework/security/core/package-info.java

@@ -0,0 +1,4 @@
+/**
+ * 占位
+ */
+package cn.iocoder.yudao.module.system.framework.security.core;

yudao-module-system/yudao-module-system-impl/src/main/java/cn/iocoder/yudao/module/system/service/auth/AdminAuthServiceImpl.java

@@ -164,7 +164,7 @@ public class AdminAuthServiceImpl implements AdminAuthService {
         if (user != null) {
             reqDTO.setUserId(user.getId());
         }
-        reqDTO.setUserType(UserTypeEnum.ADMIN.getValue());
+        reqDTO.setUserType(getUserType().getValue());
         reqDTO.setUsername(username);
         reqDTO.setUserAgent(ServletUtils.getUserAgent());
         reqDTO.setUserIp(ServletUtils.getClientIP());

yudao-module-system/yudao-module-system-impl/src/main/java/cn/iocoder/yudao/module/system/service/logger/LoginLogServiceImpl.java

@@ -8,6 +8,7 @@ import cn.iocoder.yudao.module.system.convert.logger.LoginLogConvert;
 import cn.iocoder.yudao.module.system.dal.dataobject.logger.LoginLogDO;
 import cn.iocoder.yudao.module.system.dal.mysql.logger.LoginLogMapper;
 import org.springframework.stereotype.Service;
+import org.springframework.validation.annotation.Validated;
 
 import javax.annotation.Resource;
 import java.util.List;
@@ -16,6 +17,7 @@ import java.util.List;
  * 登录日志 Service 实现
  */
 @Service
+@Validated
 public class LoginLogServiceImpl implements LoginLogService {
 
     @Resource

yudao-server/pom.xml

@@ -67,17 +67,6 @@
             <artifactId>yudao-spring-boot-starter-protection</artifactId>
         </dependency>
 
-        <!-- 监控相关 -->
-        <dependency>
-            <groupId>cn.iocoder.boot</groupId>
-            <artifactId>yudao-spring-boot-starter-monitor</artifactId>
-        </dependency>
-
-        <dependency>
-            <groupId>de.codecentric</groupId>
-            <artifactId>spring-boot-admin-starter-server</artifactId> <!-- 实现 Spring Boot Admin Server 服务端 -->
-        </dependency>
-
     </dependencies>
 
     <build>

yudao-server/src/main/java/cn/iocoder/yudao/module/shop/controller/admin/package-info.java

@@ -0,0 +1,4 @@
+/**
+ * 占位
+ */
+package cn.iocoder.yudao.module.shop.controller.admin;

yudao-server/src/main/java/cn/iocoder/yudao/module/shop/controller/app/AppShopOrderController.java

@@ -1,13 +1,13 @@
-package cn.iocoder.yudao.userserver.modules.shop.controller;
+package cn.iocoder.yudao.module.shop.controller.app;
 
-import cn.iocoder.yudao.coreservice.modules.pay.service.notify.vo.PayNotifyOrderReqVO;
-import cn.iocoder.yudao.coreservice.modules.pay.service.notify.vo.PayRefundOrderReqVO;
-import cn.iocoder.yudao.coreservice.modules.pay.service.order.PayOrderCoreService;
-import cn.iocoder.yudao.coreservice.modules.pay.service.order.dto.PayOrderCreateReqDTO;
-import cn.iocoder.yudao.coreservice.modules.pay.util.PaySeqUtils;
 import cn.iocoder.yudao.framework.common.pojo.CommonResult;
 import cn.iocoder.yudao.framework.common.util.date.DateUtils;
-import cn.iocoder.yudao.userserver.modules.shop.controller.vo.ShopOrderCreateRespVO;
+import cn.iocoder.yudao.module.pay.service.notify.vo.PayNotifyOrderReqVO;
+import cn.iocoder.yudao.module.pay.service.notify.vo.PayRefundOrderReqVO;
+import cn.iocoder.yudao.module.pay.service.order.PayOrderService;
+import cn.iocoder.yudao.module.pay.service.order.dto.PayOrderCreateReqDTO;
+import cn.iocoder.yudao.module.pay.util.PaySeqUtils;
+import cn.iocoder.yudao.module.shop.controller.app.vo.AppShopOrderCreateRespVO;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import lombok.extern.slf4j.Slf4j;
@@ -24,20 +24,20 @@ import java.time.Duration;
 import static cn.iocoder.yudao.framework.common.pojo.CommonResult.success;
 import static cn.iocoder.yudao.framework.common.util.servlet.ServletUtils.getClientIP;
 
-@Api(tags = "商城订单")
+@Api(tags = "用户 APP - 商城订单")
 @RestController
 @RequestMapping("/shop/order")
 @Validated
 @Slf4j
-public class ShopOrderController {
+public class AppShopOrderController {
 
     @Resource
-    private PayOrderCoreService payOrderCoreService;
+    private PayOrderService payOrderService;
 
     @PostMapping("/create")
     @ApiOperation("创建商城订单")
 //    @PreAuthenticated // TODO 暂时不加登陆验证，前端暂时没做好
-    public CommonResult<ShopOrderCreateRespVO> create() {
+    public CommonResult<AppShopOrderCreateRespVO> create() {
         // 假装创建商城订单
         Long shopOrderId = System.currentTimeMillis();
 
@@ -50,10 +50,10 @@ public class ShopOrderController {
         reqDTO.setBody("内容：" + shopOrderId);
         reqDTO.setAmount(200); // 单位：分
         reqDTO.setExpireTime(DateUtils.addTime(Duration.ofDays(1)));
-        Long payOrderId = payOrderCoreService.createPayOrder(reqDTO);
+        Long payOrderId = payOrderService.createPayOrder(reqDTO);
 
         // 拼接返回
-        return success(ShopOrderCreateRespVO.builder().id(shopOrderId)
+        return success(AppShopOrderCreateRespVO.builder().id(shopOrderId)
                 .payOrderId(payOrderId).build());
     }
 

yudao-server/src/main/java/cn/iocoder/yudao/module/shop/controller/app/vo/AppShopOrderCreateRespVO.java

@@ -1,4 +1,4 @@
-package cn.iocoder.yudao.userserver.modules.shop.controller.vo;
+package cn.iocoder.yudao.module.shop.controller.app.vo;
 
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
@@ -6,11 +6,11 @@ import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Data;
 
-@ApiModel("商城订单创建 Response VO")
+@ApiModel("用户 APP - 商城订单创建 Response VO")
 @Data
 @Builder
 @AllArgsConstructor
-public class ShopOrderCreateRespVO {
+public class AppShopOrderCreateRespVO {
 
     @ApiModelProperty(value = "商城订单编号", required = true, example = "1024")
     private Long id;

yudao-server/src/main/java/cn/iocoder/yudao/module/shop/package-info.java

@@ -5,4 +5,5 @@
  *
  * 缩写：shop
  */
-package cn.iocoder.yudao.userserver.modules.shop;
+// TODO 芋艿：后续会迁移到 yudao-module-mall-trade 下
+package cn.iocoder.yudao.module.shop;

yudao-server/src/main/java/cn/iocoder/yudao/server/framework/security/SecurityConfiguration.java

@@ -1,50 +0,0 @@
-package cn.iocoder.yudao.server.framework.security;
-
-import cn.iocoder.yudao.framework.web.config.WebProperties;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.Customizer;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
-
-import javax.annotation.Resource;
-
-@Configuration
-public class SecurityConfiguration {
-
-    @Resource
-    private WebProperties webProperties;
-
-    @Value("${spring.boot.admin.context-path:''}")
-    private String adminSeverContextPath;
-
-    @Bean
-    public Customizer<ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry> authorizeRequestsCustomizer() {
-        return registry -> {
-            // 验证码的接口
-            registry.antMatchers(buildAdminApi("/system/captcha/**")).anonymous();
-            // 获得租户编号的接口
-            registry.antMatchers(buildAdminApi("/system/tenant/get-id-by-name")).anonymous();
-            // Spring Boot Admin Server 的安全配置
-            registry.antMatchers(adminSeverContextPath).anonymous()
-                    .antMatchers(adminSeverContextPath + "/**").anonymous();
-            // 短信回调 API
-            registry.antMatchers(buildAdminApi("/system/sms/callback/**")).anonymous();
-
-            // 设置 App API 无需认证
-            registry.antMatchers(buildAppApi("/**")).permitAll();
-        };
-    }
-
-    private String buildAdminApi(String url) {
-        // TODO 芋艿：多模块
-        return webProperties.getAdminApi().getPrefix() + url;
-    }
-
-    private String buildAppApi(String url) {
-        // TODO 芋艿：多模块
-        return webProperties.getAppApi().getPrefix() + url;
-    }
-
-}

yudao-server/src/main/resources/application.yaml

@@ -20,6 +20,10 @@ spring:
       write-durations-as-timestamps: true # 设置 Duration 的格式，使用时间戳
       fail-on-empty-beans: false # 允许序列化无属性的 Bean
 
+  # 静态资源
+  mvc:
+    static-path-pattern: /static/**
+
   # 工作流 Activiti 配置
   activiti:
     # 1. false: 默认值，activiti启动时，对比数据库表中保存的版本，如果不匹配。将抛出异常

yudao-server/src/main/resources/static/pay_alipay_qr.html

@@ -24,11 +24,11 @@
 <script>
     let shopOrderId = undefined;
     let payOrderId = undefined;
-     let server = 'http://127.0.0.1:28080';
+     let server = 'http://127.0.0.1:48080';
     $(function() {
         // 自动发起商城订单编号
         $.ajax({
-            url: server + "/api/shop/order/create",
+            url: server + "/app-api/shop/order/create",
             method: 'POST',
             success: function( result ) {
                 if (result.code !== 0) {
@@ -46,7 +46,7 @@
     $( "#alipay_wap").on( "click", function() {
         // 提交支付
         $.ajax({
-            url: server + "/api/pay/order/submit",
+            url: server + "/app-api/pay/order/submit",
             method: 'POST',
             dataType: "json",
             contentType: "application/json",

yudao-server/src/main/resources/static/pay_alipay_wap.html

@@ -17,13 +17,13 @@
 
     let shopOrderId = undefined;
     let payOrderId = undefined;
-     let server = 'http://127.0.0.1:28080';
+     let server = 'http://127.0.0.1:48080';
     //let server = 'http://niubi.natapp1.cc';
 
     $(function() {
         // 自动发起商城订单编号
         $.ajax({
-            url: server + "/api/shop/order/create",
+            url: server + "/app-api/shop/order/create",
             method: 'POST',
             success: function( result ) {
                 if (result.code !== 0) {
@@ -41,7 +41,7 @@
     $( "#alipay_wap").on( "click", function() {
         // 提交支付
         $.ajax({
-            url: server + "/api/pay/order/submit",
+            url: server + "/app-api/pay/order/submit",
             method: 'POST',
             dataType: "json",
             contentType: "application/json",

yudao-server/src/main/resources/static/pay_wx_pub.html

@@ -16,7 +16,7 @@
 <script>
     let shopOrderId = undefined;
     let payOrderId = undefined;
-    // let server = 'http://127.0.0.1:28080';
+    // let server = 'http://127.0.0.1:48080';
     let server = 'http://niubi.natapp1.cc';
     // TODO openid
     let openid = "ockUAwIZ-0OeMZl9ogcZ4ILrGba0";
@@ -24,7 +24,7 @@
         // 获得 JsapiTicket
         // 参考 https://developers.weixin.qq.com/doc/offiaccount/OA_Web_Apps/JS-SDK.html 文档
         $.ajax({
-            url: server + "/api/wx/mp/create-jsapi-signature?url=" + document.location.href,
+            url: server + "/app-api/wx/mp/create-jsapi-signature?url=" + document.location.href,
             method: 'POST',
             success: function( result ) {
                 if (result.code !== 0) {
@@ -42,7 +42,7 @@
 
         // 自动发起商城订单编号
         $.ajax({
-            url: server + "/api/shop/order/create",
+            url: server + "/app-api/shop/order/create",
             method: 'POST',
             success: function( result ) {
                 if (result.code !== 0) {
@@ -78,7 +78,7 @@
         // 参考 https://pay.weixin.qq.com/wiki/doc/api/jsapi.php?chapter=7_7&index=6 文档
         // 参考 https://segmentfault.com/a/1190000020704650 文档
         $.ajax({
-            url: server + "/api/pay/order/submit",
+            url: server + "/app-api/pay/order/submit",
             method: 'POST',
             dataType: "json",
             contentType: "application/json",

yudao-server/src/main/resources/static/social-login.html

@@ -14,14 +14,14 @@
 </body>
 <script>
     // let server = 'http://127.0.0.1:28080';
-    let server = 'http://192.168.1.2:28080';
+    let server = 'http://192.168.1.2:48080';
 
 
     // 微信公众号
     $( "#wx_pub").on( "click", function() {
         // 获得授权链接
         $.ajax({
-            url: server + "/api/social-auth-redirect?type=31&redirectUri=" +
+            url: server + "/app-api/social-auth-redirect?type=31&redirectUri=" +
                 encodeURIComponent(server + '/static/social-login2.html'),  //重定向地址
             method: 'GET',
             success: function( result ) {

yudao-server/src/main/resources/static/social-login2.html

@@ -17,8 +17,8 @@
 </div>
 </body>
 <script>
-    // let server = 'http://127.0.0.1:28080';
+    // let server = 'http://127.0.0.1:48080';
-    let server = 'http://192.168.1.2:28080';
+    let server = 'http://192.168.1.2:48080';
 
     let type = 31; //登录类型 微信公众号
 
@@ -38,7 +38,7 @@
 
         // 调用授权登录接口
         $.ajax({
-            url: server + "/api/social-login2",
+            url: server + "/app-api/social-login2",
             method: 'POST',
             data: JSON.stringify(data),
             contentType: "application/json;charset=utf-8",
@@ -60,7 +60,7 @@
             'scene': 1 // 手机号登陆 类型
         }
         $.ajax({
-            url: server + "/api/send-sms-code",
+            url: server + "/app-api/send-sms-code",
             method: 'POST',
             data: JSON.stringify(data),
             contentType: "application/json;charset=utf-8",

yudao-user-server/src/main/resources/application.yaml

@@ -20,9 +20,7 @@ spring:
       write-durations-as-timestamps: true # 设置 Duration 的格式，使用时间戳
       fail-on-empty-beans: false # 允许序列化无属性的 Bean
 
-  # 静态资源
+
-  mvc:
-    static-path-pattern: /static/**
 
 # MyBatis Plus 的配置项
 mybatis-plus:

更新日志.md

@@ -26,6 +26,7 @@ TODO 待统计
 
 *【重构】大模块按照多 Maven Module 的方式拆分，提升可维护性，为后续重构 onemall 提供基础
 *【新增】Spring Security 支持读取多种用户类型，从不同的数据库表，从而实现单项目提供管理后台、用户 APP 的不同 RESTful API 接口
+*【新增】Spring Security 新增 AuthorizeRequestsCustomizer 抽象类， 自定义每个 Maven Module 的 URL 的安全配置
 *【新增】代码生成器支持多 Maven Module 的方式生成代码，支持管理后台、用户 APP 两种场景的 RESTful API 的生成，支持 H2 SQL 脚本的生成
 *【重构】将数据库文档调整到 tool 模块，更加明确
 *【优化】代码生成器的前端展示效果，例如说 Java 包路径合并
@@ -73,6 +74,7 @@ TODO 待统计
 
 * 【修复】biz-data-permission 组件的缓存机制，导致部分 SQL 未进行数据过滤
 * 【修复】codegen 生成代码时，delete 接口补充 dataTypeClass 属性，避免 Swagger 打印 WARN 日志
+* 【修复】Swagger 文档由于写错 `@ApiImplicitParam` 注解的 name 和 dataTypeClass 属性，导致文档生成失败
 
 ### 🔨 Dependency Upgrades