From ba58eff4be5a612797a2f3ff063ae97d6cfcb908 Mon Sep 17 00:00:00 2001 From: lin <648540858@qq.com> Date: Mon, 21 Apr 2025 15:08:38 +0800 Subject: [PATCH] =?UTF-8?q?=E8=A7=A3=E5=86=B3=E5=90=AF=E5=8A=A8=E6=97=B6?= =?UTF-8?q?=E7=9A=84=E8=AD=A6=E5=91=8A?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../vmp/conf/security/WebSecurityConfig.java | 57 ++++++++----------- 1 file changed, 24 insertions(+), 33 deletions(-) diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java index 7c4680146..a02fd5476 100644 --- a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java +++ b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java @@ -11,7 +11,6 @@ import org.springframework.security.authentication.dao.DaoAuthenticationProvider import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; @@ -24,7 +23,6 @@ import org.springframework.web.cors.UrlBasedCorsConfigurationSource; import java.util.ArrayList; import java.util.Arrays; -import java.util.Collections; import java.util.List; /** @@ -58,33 +56,6 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { private JwtAuthenticationFilter jwtAuthenticationFilter; - /** - * 描述: 静态资源放行,这里的放行,是不走 Spring Security 过滤器链 - **/ - @Override - public void configure(WebSecurity web) { - if (userSetting.getInterfaceAuthentication()) { - ArrayList matchers = new ArrayList<>(); - matchers.add("/"); - matchers.add("/#/**"); - matchers.add("/static/**"); - matchers.add("/swagger-ui.html"); - matchers.add("/swagger-ui/"); - matchers.add("/index.html"); - matchers.add("/doc.html"); - matchers.add("/webjars/**"); - matchers.add("/swagger-resources/**"); - matchers.add("/v3/api-docs/**"); - matchers.add("/js/**"); - matchers.add("/api/device/query/snap/**"); - matchers.add("/record_proxy/*/**"); - matchers.add("/api/emit"); - matchers.add("/favicon.ico"); - // 可以直接访问的静态数据 - web.ignoring().antMatchers(matchers.toArray(new String[0])); - } - } - /** * 配置认证方式 * @@ -105,15 +76,35 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { + List defaultExcludes = new ArrayList<>(); + defaultExcludes.add("/"); + defaultExcludes.add("/#/**"); + defaultExcludes.add("/static/**"); - List defaultExcludes = userSetting.getInterfaceAuthenticationExcludes(); + defaultExcludes.add("/swagger-ui.html"); + defaultExcludes.add("/swagger-ui/**"); + defaultExcludes.add("/swagger-resources/**"); + defaultExcludes.add("/doc.html#/**"); + defaultExcludes.add("/v3/api-docs/**"); + + defaultExcludes.add("/index.html"); + defaultExcludes.add("/webjars/**"); + + defaultExcludes.add("/js/**"); + defaultExcludes.add("/api/device/query/snap/**"); + defaultExcludes.add("/record_proxy/*/**"); + defaultExcludes.add("/api/emit"); + defaultExcludes.add("/favicon.ico"); defaultExcludes.add("/api/user/login"); defaultExcludes.add("/index/hook/**"); defaultExcludes.add("/api/device/query/snap/**"); defaultExcludes.add("/index/hook/abl/**"); - defaultExcludes.add("/swagger-ui/**"); - defaultExcludes.add("/doc.html#/**"); -// defaultExcludes.add("/channel/log"); + + + + if (userSetting.getInterfaceAuthentication() && !userSetting.getInterfaceAuthenticationExcludes().isEmpty()) { + defaultExcludes.addAll(userSetting.getInterfaceAuthenticationExcludes()); + } http.headers().contentTypeOptions().disable() .and().cors().configurationSource(configurationSource())