1. 【新增】接口支持通过 @PermitAll 注解，允许匿名（未登录）进行访问

2. 【新增】`yudao.security.permit-all-urls` 配置项，允许匿名（未登录）进行访问
2025-07-25 00:15:06 +08:00 · 2022-07-06 21:45:25 +08:00
parent 15ee097a8b
commit d9c2da7c91
17 changed files with 102 additions and 86 deletions
--- a/yudao-module-infra/yudao-module-infra-biz/src/main/java/cn/iocoder/yudao/module/infra/controller/admin/file/FileController.java
+++ b/yudao-module-infra/yudao-module-infra-biz/src/main/java/cn/iocoder/yudao/module/infra/controller/admin/file/FileController.java
@ -22,6 +22,7 @@ import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;

 import javax.annotation.Resource;
+import javax.annotation.security.PermitAll;
 import javax.servlet.http.HttpServletResponse;
 import javax.validation.Valid;

@ -59,6 +60,7 @@ public class FileController {
    }

    @GetMapping("/{configId}/get/{path}")
+    @PermitAll
    @ApiOperation("下载文件")
    @ApiImplicitParams({
            @ApiImplicitParam(name = "configId", value = "配置编号",  required = true, dataTypeClass = Long.class),
--- a/yudao-module-infra/yudao-module-infra-biz/src/main/java/cn/iocoder/yudao/module/infra/framework/security/config/SecurityConfiguration.java
+++ b/yudao-module-infra/yudao-module-infra-biz/src/main/java/cn/iocoder/yudao/module/infra/framework/security/config/SecurityConfiguration.java
@ -35,8 +35,6 @@ public class SecurityConfiguration {
                // Spring Boot Admin Server 的安全配置
                registry.antMatchers(adminSeverContextPath).anonymous()
                        .antMatchers(adminSeverContextPath + "/**").anonymous();
-                // 文件的获取接口，可匿名访问
-                registry.antMatchers(buildAdminApi("/infra/file/*/get/**"), buildAppApi("/infra/file/get/**")).permitAll();
            }

        };