Commit 3dfbc843adf2d4b6affd3d1d14684941a09561fb
1 parent
a4328e3d
修复关闭接口鉴权时,处于忽略地址中的接口不可用的问题
Showing
2 changed files
with
17 additions
and
16 deletions
src/main/java/com/genersoft/iot/vmp/conf/security/JwtAuthenticationFilter.java
| ... | ... | @@ -38,7 +38,6 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter { |
| 38 | 38 | return; |
| 39 | 39 | } |
| 40 | 40 | if (!userSetting.isInterfaceAuthentication()) { |
| 41 | - // 构建UsernamePasswordAuthenticationToken,这里密码为null,是因为提供了正确的JWT,实现自动登录 | |
| 42 | 41 | UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(null, null, new ArrayList<>() ); |
| 43 | 42 | SecurityContextHolder.getContext().setAuthentication(token); |
| 44 | 43 | chain.doFilter(request, response); | ... | ... |
src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
| ... | ... | @@ -72,21 +72,23 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { |
| 72 | 72 | **/ |
| 73 | 73 | @Override |
| 74 | 74 | public void configure(WebSecurity web) { |
| 75 | - | |
| 76 | - ArrayList<String> matchers = new ArrayList<>(); | |
| 77 | - matchers.add("/"); | |
| 78 | - matchers.add("/#/**"); | |
| 79 | - matchers.add("/static/**"); | |
| 80 | - matchers.add("/index.html"); | |
| 81 | - matchers.add("/doc.html"); | |
| 82 | - matchers.add("/webjars/**"); | |
| 83 | - matchers.add("/swagger-resources/**"); | |
| 84 | - matchers.add("/v3/api-docs/**"); | |
| 85 | - matchers.add("/js/**"); | |
| 86 | - matchers.add("/api/device/query/snap/**"); | |
| 87 | - matchers.addAll(userSetting.getInterfaceAuthenticationExcludes()); | |
| 88 | - // 可以直接访问的静态数据 | |
| 89 | - web.ignoring().antMatchers(matchers.toArray(new String[0])); | |
| 75 | + if (userSetting.isInterfaceAuthentication()) { | |
| 76 | + ArrayList<String> matchers = new ArrayList<>(); | |
| 77 | + matchers.add("/"); | |
| 78 | + matchers.add("/#/**"); | |
| 79 | + matchers.add("/static/**"); | |
| 80 | + matchers.add("/index.html"); | |
| 81 | + matchers.add("/doc.html"); | |
| 82 | + matchers.add("/webjars/**"); | |
| 83 | + matchers.add("/swagger-resources/**"); | |
| 84 | + matchers.add("/v3/api-docs/**"); | |
| 85 | + matchers.add("/js/**"); | |
| 86 | + matchers.add("/api/device/query/snap/**"); | |
| 87 | + matchers.add("/record_proxy/*/**"); | |
| 88 | + matchers.addAll(userSetting.getInterfaceAuthenticationExcludes()); | |
| 89 | + // 可以直接访问的静态数据 | |
| 90 | + web.ignoring().antMatchers(matchers.toArray(new String[0])); | |
| 91 | + } | |
| 90 | 92 | } |
| 91 | 93 | |
| 92 | 94 | /** | ... | ... |