update 扩展 security 配置属性

疯狂的狮子li

2021-09-26 bcac70b2abaf61ee3429cfcd8ed0b0d5b3c656b2

update 扩展 security 配置属性

 ruoyi-admin/src/main/resources/application.yml

@@ -108,6 +108,9 @@

# security配置
security:
  # 登出路径
  logout-url: /logout
  # 匿名路径
  anonymous:
    - /login
    - /register
@@ -122,6 +125,8 @@
    # actuator 监控配置
    - /actuator
    - /actuator/**
  # 用户放行
  permit-all:

# 重复提交
repeat-submit:

 ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java

@@ -109,11 +109,12 @@
                        "/**/*.js"
                ).permitAll()
                .antMatchers(securityProperties.getAnonymous()).anonymous()
                .antMatchers(securityProperties.getPermitAll()).permitAll()
                // 除上面外的所有请求全部需要鉴权认证
                .anyRequest().authenticated()
                .and()
                .headers().frameOptions().disable();
        httpSecurity.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);
        httpSecurity.logout().logoutUrl(securityProperties.getLogoutUrl()).logoutSuccessHandler(logoutSuccessHandler);
        // 添加JWT filter
        httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
        // 添加CORS filter

 ruoyi-framework/src/main/java/com/ruoyi/framework/config/properties/SecurityProperties.java

@@ -15,8 +15,18 @@
public class SecurityProperties {

    /**
     * 退出登录url
     */
    private String logoutUrl;

    /**
     * 匿名放行路径
     */
    private String[] anonymous;

    /**
     * 用户任意访问放行路径
     */
    private String[] permitAll;

}