From bcac70b2abaf61ee3429cfcd8ed0b0d5b3c656b2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=96=AF=E7=8B=82=E7=9A=84=E7=8B=AE=E5=AD=90li?=
 <15040126243@163.com>
Date: Sun, 26 Sep 2021 17:02:08 +0800
Subject: [PATCH] =?UTF-8?q?update=20=E6=89=A9=E5=B1=95=20security=20?=
 =?UTF-8?q?=E9=85=8D=E7=BD=AE=E5=B1=9E=E6=80=A7?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ruoyi-admin/src/main/resources/application.yml         |  5 +++++
 .../com/ruoyi/framework/config/SecurityConfig.java     |  3 ++-
 .../config/properties/SecurityProperties.java          | 10 ++++++++++
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/ruoyi-admin/src/main/resources/application.yml b/ruoyi-admin/src/main/resources/application.yml
index 9f649edb0..6a7b7d007 100644
--- a/ruoyi-admin/src/main/resources/application.yml
+++ b/ruoyi-admin/src/main/resources/application.yml
@@ -108,6 +108,9 @@ token:
 
 # security配置
 security:
+  # 登出路径
+  logout-url: /logout
+  # 匿名路径
   anonymous:
     - /login
     - /register
@@ -122,6 +125,8 @@ security:
     # actuator 监控配置
     - /actuator
     - /actuator/**
+  # 用户放行
+  permit-all:
 
 # 重复提交
 repeat-submit:
diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java
index 855be657c..229704f1b 100644
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java
@@ -109,11 +109,12 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
                         "/**/*.js"
                 ).permitAll()
                 .antMatchers(securityProperties.getAnonymous()).anonymous()
+                .antMatchers(securityProperties.getPermitAll()).permitAll()
                 // 除上面外的所有请求全部需要鉴权认证
                 .anyRequest().authenticated()
                 .and()
                 .headers().frameOptions().disable();
-        httpSecurity.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);
+        httpSecurity.logout().logoutUrl(securityProperties.getLogoutUrl()).logoutSuccessHandler(logoutSuccessHandler);
         // 添加JWT filter
         httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
         // 添加CORS filter
diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/properties/SecurityProperties.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/properties/SecurityProperties.java
index 33414cedb..c83ffccbe 100644
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/properties/SecurityProperties.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/properties/SecurityProperties.java
@@ -14,9 +14,19 @@ import org.springframework.stereotype.Component;
 @ConfigurationProperties(prefix = "security")
 public class SecurityProperties {
 
+    /**
+     * 退出登录url
+     */
+    private String logoutUrl;
+
     /**
      * 匿名放行路径
      */
     private String[] anonymous;
 
+    /**
+     * 用户任意访问放行路径
+     */
+    private String[] permitAll;
+
 }