白名单路径

e6164e98 · xignzi006 · 71f62bb3 · e6164e98
--- a/ibzpay-provider/ibzpay-provider-api/src/main/java/cn/ibizlab/api/config/apiSecurityConfig.java
+++ b/ibzpay-provider/ibzpay-provider-api/src/main/java/cn/ibizlab/api/config/apiSecurityConfig.java
@@ -3,6 +3,7 @@ package cn.ibizlab.api.config;
 import cn.ibizlab.util.security.AuthenticationEntryPoint;
 import cn.ibizlab.util.security.AuthorizationTokenFilter;
 import cn.ibizlab.util.service.AuthenticationUserService;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
@@ -55,6 +56,9 @@ public class apiSecurityConfig extends WebSecurityConfigurerAdapter {
    @Value("${ibiz.file.previewpath:ibizutil/preview}")
    private String previewpath;

+    @Value("${ibiz.auth.excludesPattern:}")
+    private String excludesPattern;
+
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
@@ -120,9 +124,16 @@ public class apiSecurityConfig extends WebSecurityConfigurerAdapter {
                .antMatchers("/"+uploadpath).permitAll()
                .antMatchers("/"+previewpath+"/**").permitAll()
                //开放支付接口
-               .antMatchers("/pay/trade/**").permitAll()
-                // 所有请求都需要认证
-                .anyRequest().authenticated()
+               .antMatchers("/pay/trade/**").permitAll();
+
+        if (StringUtils.isNotBlank(excludesPattern)) {
+            for (String excludePattern : excludesPattern.split("\\s*,\\s*")) {
+                authenticationTokenFilter.addExcludePattern(excludePattern);
+                httpSecurity.authorizeRequests().antMatchers(excludePattern).permitAll();
+            }
+        }
+
+        httpSecurity.authorizeRequests().anyRequest().authenticated()
                // 防止iframe 造成跨域
                .and().headers().frameOptions().disable();