update security 路径配置抽取到配置文件

2021-09-26 17:26:45 +08:00 · 2021-09-26 17:26:45 +08:00 · 6976c7f386
commit 6976c7f386
parent 7702175130
3 changed files with 16 additions and 36 deletions
--- a/ruoyi-admin/src/main/resources/application.yml
+++ b/ruoyi-admin/src/main/resources/application.yml
@ -124,13 +124,17 @@ sa-token:

 # security配置
 security:
-  # 登出路径
-  logout-url: /logout
-  # 匿名路径
-  anonymous:
+  # 排除路径
+  excludes:
    - /login
+    - /logout
    - /register
    - /captchaImage
+    # 静态资源
+    - /*.html
+    - /**/*.html
+    - /**/*.css
+    - /**/*.js
    # swagger 文档配置
    - /doc.html
    - /swagger-resources/**
@ -141,8 +145,6 @@ security:
    # actuator 监控配置
    - /actuator
    - /actuator/**
-  # 用户放行
-  permit-all:

 # 重复提交
 repeat-submit:
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/ResourcesConfig.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/ResourcesConfig.java
@ -6,6 +6,8 @@ import cn.dev33.satoken.router.SaRouter;
 import cn.dev33.satoken.stp.StpUtil;
 import com.ruoyi.common.utils.SecurityUtils;
 import com.ruoyi.common.utils.StringUtils;
+import com.ruoyi.framework.config.properties.SecurityProperties;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.cors.CorsConfiguration;
@ -17,7 +19,6 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

 import java.util.Arrays;
 import java.util.Collections;
-import java.util.List;

 /**
 * 通用配置
@ -27,26 +28,12 @@ import java.util.List;
@Configuration
 public class ResourcesConfig implements WebMvcConfigurer {

+    @Autowired
+    private SecurityProperties securityProperties;
+
    // 注册sa-token的拦截器
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
-        List<String> urlPath = Arrays.asList(
-                "/login",
-                "/logout",
-                "/register",
-                "/captchaImage",
-                "/*.html",
-                "/**/*.html",
-                "/**/*.css",
-                "/**/*.js",
-                "/doc.html",
-                "/swagger-resources/**",
-                "/webjars/**",
-                "/*/api-docs",
-                "/druid/**",
-                "/actuator",
-                "/actuator/**"
-        );
        // 注册路由拦截器，自定义验证规则
        registry.addInterceptor(new SaRouteInterceptor((request, response, handler) -> {
            // 登录验证 -- 排除多个路径
@ -54,7 +41,7 @@ public class ResourcesConfig implements WebMvcConfigurer {
                    //获取所有的
                    Collections.singletonList("/**"),
                    //排除下不需要拦截的
-                    urlPath,
+                    Arrays.asList(securityProperties.getExcludes()),
                    () -> {
                        Long userId = SecurityUtils.getUserId();
                        if(StringUtils.isNotNull(userId) ) {
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/properties/SecurityProperties.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/properties/SecurityProperties.java
@ -15,18 +15,9 @@ import org.springframework.stereotype.Component;
 public class SecurityProperties {

    /**
-     * 退出登录url
+     * 排除路径
     */
-    private String logoutUrl;
+    private String[] excludes;

-    /**
-     * 匿名放行路径
-     */
-    private String[] anonymous;
-
-    /**
-     * 用户任意访问放行路径
-     */
-    private String[] permitAll;

 }