diff --git a/pig-auth/src/main/java/com/pig4cloud/pig/auth/config/AuthorizationServerConfiguration.java b/pig-auth/src/main/java/com/pig4cloud/pig/auth/config/AuthorizationServerConfiguration.java index 5b0fa452..6eef4356 100755 --- a/pig-auth/src/main/java/com/pig4cloud/pig/auth/config/AuthorizationServerConfiguration.java +++ b/pig-auth/src/main/java/com/pig4cloud/pig/auth/config/AuthorizationServerConfiguration.java @@ -44,6 +44,7 @@ import org.springframework.security.oauth2.server.authorization.web.authenticati import org.springframework.security.web.DefaultSecurityFilterChain; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.AuthenticationConverter; +import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import java.util.Arrays; @@ -73,9 +74,13 @@ public class AuthorizationServerConfiguration { .authorizationEndpoint(authorizationEndpoint -> authorizationEndpoint// 授权码端点个性化confirm页面 .consentPage(SecurityConstants.CUSTOM_CONSENT_PAGE_URI))); + AntPathRequestMatcher[] requestMatchers = new AntPathRequestMatcher[] { + AntPathRequestMatcher.antMatcher("/token/**"), AntPathRequestMatcher.antMatcher("/actuator/**"), + AntPathRequestMatcher.antMatcher("/css/**"), AntPathRequestMatcher.antMatcher("/error") }; + http.authorizeHttpRequests(authorizeRequests -> { // 自定义接口、端点暴露 - authorizeRequests.requestMatchers("/token/**", "/actuator/**", "/css/**", "/error").permitAll(); + authorizeRequests.requestMatchers(requestMatchers).permitAll(); authorizeRequests.anyRequest().authenticated(); }) .apply(authorizationServerConfigurer.authorizationService(authorizationService)// redis存储token的实现 diff --git a/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigResourceServerConfiguration.java b/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigResourceServerConfiguration.java index 207ce3b1..16d8ebf6 100644 --- a/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigResourceServerConfiguration.java +++ b/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigResourceServerConfiguration.java @@ -16,7 +16,6 @@ package com.pig4cloud.pig.common.security.component; -import cn.hutool.core.util.ArrayUtil; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import org.springframework.context.annotation.Bean; @@ -29,6 +28,7 @@ import org.springframework.security.config.annotation.web.configurers.AbstractHt import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer; import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector; import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.util.matcher.AntPathRequestMatcher; /** * @author lengleng @@ -53,9 +53,13 @@ public class PigResourceServerConfiguration { @Bean @Order(Ordered.HIGHEST_PRECEDENCE) SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { + AntPathRequestMatcher[] requestMatchers = permitAllUrl.getUrls() + .stream() + .map(AntPathRequestMatcher::new) + .toList() + .toArray(new AntPathRequestMatcher[] {}); - http.authorizeHttpRequests(authorizeRequests -> authorizeRequests - .requestMatchers(ArrayUtil.toArray(permitAllUrl.getUrls(), String.class)) + http.authorizeHttpRequests(authorizeRequests -> authorizeRequests.requestMatchers(requestMatchers) .permitAll() .anyRequest() .authenticated())