代码拉取完成,页面将自动刷新
OpenAPIPolicyGenerator
CoSecPolicyGeneratorEndpoint
LocalPolicyInitializer
LocalPolicyLoader
me.ahoo.cosid:cosid-bom
版本 v2.5.6
org.springframework.boot:spring-boot-dependencies
版本 v3.1.5
me.ahoo.cocache:cocache-bom
版本 v2.2.2
全面支持 Spring Boot 3
me.ahoo.cosid:cosid-bom
版本 v2.2.5
org.springframework.boot:spring-boot-dependencies
版本 v3.1.2
me.ahoo.cocache:cocache-bom
版本 v2.0.3
MatcherFactoryRegister
支持扫描注册 Spring 容器定义的 ConditionMatcherFactory
/ ActionMatcherFactory
增强 SPIEqConditionMatcher
支持参数 ignoreCase
/user/{id}
)中抽取参数,注入到安全上下文(request.path.var.*
),以供 ConditionMatcher
使用EqConditionMatcher
支持 Spel 表达式语言{
"name": "RequestPathVarTemplate",
"action": "/user/{id}",
"condition": {
"eq": {
"part": "request.path.var.id",
"value": "#{principal.id}"
}
}
}
CompositeActionMatcher
{
"name": "TestComposite",
"effect": "allow",
"action": {
"composite": [
"/user/#{principal.id}/*",
{
"path": {
"method": "POST",
"pattern": [
"/user/#{principal.id}/order/*"
]
}
}
]
}
}
InRoleConditionMatcher
{
"name": "TestInRole",
"effect": "allow",
"action": "*",
"condition": {
"inRole": {
"value": "admin"
}
}
}
GroupedRateLimiterConditionMatcher
支持分组限流。{
"groupedRateLimiter": {
"part": "request.remoteIp",
"permitsPerSecond": 10,
"expireAfterAccessSecond": 1000
}
}
Policy
/ AppPermission
支持顶级 Condition
,降低重复配置{
"id": "manage",
"condition": {
"bool": {
"and": [
{
"authenticated": {}
},
{
"groupedRateLimiter": {
"part": "request.remoteIp",
"permitsPerSecond": 10,
"expireAfterAccessSecond": 1000
}
}
]
}
},
"groups": [
{
"name": "订单管理",
"permissions": [
{
"id": "manage.order.ship",
"name": "发货",
"action": "/order/ship"
},
{
"id": "manage.order.issueInvoice",
"name": "开票",
"action": "/order/issueInvoice"
}
]
}
]
}
v1.18.5
StartsWithConditionMatcher
。 {
"name": "TestStartsWith",
"effect": "allow",
"actions": [
{
"type": "all"
}
],
"condition": {
"type": "starts_with",
"part": "request.attributes.ipRegion",
"pattern": "中国"
}
}
EndsWithConditionMatcher
。 {
"name": "TestEndsWith",
"effect": "allow",
"actions": [
{
"type": "all"
}
],
"condition": {
"type": "ends_with",
"part": "request.attributes.remoteIp",
"pattern": ".168.0.1"
}
}
```
{
"name": "TestContains",
"effect": "allow",
"actions": [
{
"type": "all"
}
],
"condition": {
"type": "contains",
"part": "request.attributes.ipRegion",
"pattern": "上海"
}
}