管理员充值等功能

src/main/java/com/edgec/browserbackend/BrowserBackendApplication.java

@@ -4,6 +4,7 @@ import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
@@ -13,6 +14,7 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
 
 @SpringBootApplication
+@EnableGlobalMethodSecurity(prePostEnabled = true)
 public class BrowserBackendApplication {
 
     public static void main(String[] args) {

src/main/java/com/edgec/browserbackend/auth/config/ResourceServerConfiguration.java

@@ -19,10 +19,8 @@ public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter
     public void configure(HttpSecurity http) throws Exception {
         http
                 .authorizeRequests()
-                .antMatchers("/user/*")
-                .authenticated()
                 .antMatchers("/oauth/**").permitAll()
-                .antMatchers("/shop/*","/ip/*","/group/*").authenticated()
+                .antMatchers("/shop/*","/ip/*","/group/*","/0xadministrator/*","/user/*").authenticated()
                 .and()
                 //关闭跨站请求防护
                 .csrf().disable();