1. 【新增】接口支持通过 @PermitAll 注解，允许匿名（未登录）进行访问

2. 【新增】`yudao.security.permit-all-urls` 配置项，允许匿名（未登录）进行访问
2025-07-25 00:15:06 +08:00 · 2022-07-06 21:45:25 +08:00
parent 15ee097a8b
commit d9c2da7c91
17 changed files with 102 additions and 86 deletions
--- a/yudao-module-member/yudao-module-member-biz/src/main/java/cn/iocoder/yudao/module/member/controller/app/auth/AppAuthController.java
+++ b/yudao-module-member/yudao-module-member-biz/src/main/java/cn/iocoder/yudao/module/member/controller/app/auth/AppAuthController.java
@ -17,6 +17,7 @@ import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;

 import javax.annotation.Resource;
+import javax.annotation.security.PermitAll;
 import javax.servlet.http.HttpServletRequest;
 import javax.validation.Valid;

@ -43,6 +44,7 @@ public class AppAuthController {
    }

    @PostMapping("/logout")
+    @PermitAll
    @ApiOperation("登出系统")
    public CommonResult<Boolean> logout(HttpServletRequest request) {
        String token = SecurityFrameworkUtils.obtainAuthorization(request, securityProperties.getTokenHeader());
--- a/yudao-module-member/yudao-module-member-biz/src/main/java/cn/iocoder/yudao/module/member/framework/package-info.java
+++ b/yudao-module-member/yudao-module-member-biz/src/main/java/cn/iocoder/yudao/module/member/framework/package-info.java
@ -1,5 +1,5 @@
 /**
- * 属于 system 模块的 framework 封装
+ * 属于 member 模块的 framework 封装
 *
 * @author 芋道源码
 */
--- a/yudao-module-member/yudao-module-member-biz/src/main/java/cn/iocoder/yudao/module/member/framework/security/config/SecurityConfiguration.java
+++ b/yudao-module-member/yudao-module-member-biz/src/main/java/cn/iocoder/yudao/module/member/framework/security/config/SecurityConfiguration.java
@ -1,28 +0,0 @@
-package cn.iocoder.yudao.module.member.framework.security.config;
-
-import cn.iocoder.yudao.framework.security.config.AuthorizeRequestsCustomizer;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
-
-/**
- * Member 模块的 Security 配置
- */
-@Configuration("memberSecurityConfiguration")
-public class SecurityConfiguration {
-
-    @Bean("memberAuthorizeRequestsCustomizer")
-    public AuthorizeRequestsCustomizer authorizeRequestsCustomizer() {
-        return new AuthorizeRequestsCustomizer() {
-
-            @Override
-            public void customize(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) {
-                // 登录的接口
-                registry.antMatchers(buildAdminApi("/member/auth/logout")).permitAll();
-            }
-
-        };
-    }
-
-}
--- a/yudao-module-member/yudao-module-member-biz/src/main/java/cn/iocoder/yudao/module/member/framework/security/core/package-info.java
+++ b/yudao-module-member/yudao-module-member-biz/src/main/java/cn/iocoder/yudao/module/member/framework/security/core/package-info.java
@ -1,4 +0,0 @@
-/**
- * 占位
- */
-package cn.iocoder.yudao.module.member.framework.security.core;