From 398b499eabb40d203bccd46ad13f8c85adddec8a Mon Sep 17 00:00:00 2001
From: liukai <zhizhufan@foxmail.com>
Date: Mon, 29 Jun 2020 19:19:08 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E9=9D=99=E6=80=81?=
 =?UTF-8?q?=E8=B5=84=E6=BA=90=E4=B8=8D=E8=BF=9B=E8=A1=8C=E6=9D=83=E9=99=90?=
 =?UTF-8?q?=E9=AA=8C=E8=AF=81=E7=9A=84=E9=85=8D=E7=BD=AE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../java/com/pearadmin/security/SecurityConfig.java    | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/pear-modules/pear-security/src/main/java/com/pearadmin/security/SecurityConfig.java b/pear-modules/pear-security/src/main/java/com/pearadmin/security/SecurityConfig.java
index 3add9584..dfd8c4f8 100644
--- a/pear-modules/pear-security/src/main/java/com/pearadmin/security/SecurityConfig.java
+++ b/pear-modules/pear-security/src/main/java/com/pearadmin/security/SecurityConfig.java
@@ -9,6 +9,7 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@@ -81,8 +82,6 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
      @Override
      protected void configure(HttpSecurity http) throws Exception {
         http.authorizeRequests()
-                // 不进行权限验证的请求或资源 (从配置文件中读取)
-                .antMatchers(SecurityConstants.ANT_MATCHERS.split(",")).permitAll()
                 // 其他的需要登录后才能访问
                 .anyRequest().authenticated()
                 .and()
@@ -111,4 +110,11 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
                 .csrf().disable();
          http.headers().frameOptions().disable();
      }
+
+    @Override
+    public void configure(WebSecurity web) {
+        // 不进行权限验证的请求或资源 (从配置文件中读取)
+        web.ignoring().antMatchers(SecurityConstants.ANT_MATCHERS.split(","));
+    }
+
 }
-- 
Gitee