|
|
@@ -109,6 +109,27 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
|
|
|
"/api/v1/mp/sms/sendSmsCode",
|
|
|
"/api/v1/mp/user/wxauth/mobile",
|
|
|
"/api/v1/mp/channel/invite/register",
|
|
|
+ "/common/download**",
|
|
|
+ "/common/download/resource**",
|
|
|
+ "/swagger-ui.html",
|
|
|
+ "/swagger-resources/**",
|
|
|
+ "/webjars/**",
|
|
|
+ "/*/api-docs",
|
|
|
+ "/druid/**",
|
|
|
+ "/service/notify/**"
|
|
|
+ ).anonymous()
|
|
|
+ .antMatchers(
|
|
|
+ HttpMethod.GET,
|
|
|
+ "/",
|
|
|
+ "/*.html",
|
|
|
+ "/**/*.html",
|
|
|
+ "/**/*.css",
|
|
|
+ "/**/*.js",
|
|
|
+ "/profile/**"
|
|
|
+ ).permitAll()
|
|
|
+ // 匹配放行 POST 请求,如果携带了 token 也不会进行拦截
|
|
|
+ .antMatchers(
|
|
|
+ HttpMethod.POST,
|
|
|
"/api/v1/mp/wx/urlschema/generate",
|
|
|
"/api/v1/mp/wx/code/generate",
|
|
|
"/api/v1/mp/user/ticket/queryLuckyNum",
|
|
|
@@ -119,25 +140,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
|
|
|
"/api/v1/mp/user/exchange/goods/detail",
|
|
|
"/api/v1/mp/user/exchange/banner/list",
|
|
|
"/api/v1/mp/user/exchange/category/list",
|
|
|
- "/api/v1/mp/user/exchange/activity/list").anonymous()
|
|
|
- .antMatchers(
|
|
|
- HttpMethod.GET,
|
|
|
- "/",
|
|
|
- "/*.html",
|
|
|
- "/**/*.html",
|
|
|
- "/**/*.css",
|
|
|
- "/**/*.js",
|
|
|
- "/profile/**"
|
|
|
+ "/api/v1/mp/user/exchange/activity/list"
|
|
|
).permitAll()
|
|
|
- .antMatchers("/common/download**").anonymous()
|
|
|
- .antMatchers("/common/download/resource**").anonymous()
|
|
|
- .antMatchers("/swagger-ui.html").anonymous()
|
|
|
- .antMatchers("/swagger-resources/**").anonymous()
|
|
|
- .antMatchers("/webjars/**").anonymous()
|
|
|
- .antMatchers("/*/api-docs").anonymous()
|
|
|
- .antMatchers("/druid/**").anonymous()
|
|
|
- .antMatchers("/service/notify/**").anonymous()
|
|
|
-
|
|
|
// 除上面外的所有请求全部需要鉴权认证
|
|
|
.anyRequest().authenticated()
|
|
|
.and()
|
zhong chunping