优化授权认证配置，授权服务器关闭basic认证

zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/properties/PermitProperties.java

@@ -18,7 +18,6 @@ public class PermitProperties {
      * 监控中心和swagger需要访问的url
      */
     private static final String[] ENDPOINTS = {
-            "/oauth/**",
             "/actuator/**",
             "/*/v2/api-docs",
             "/swagger/api-docs",

zlt-gateway/zuul-gateway/src/main/resources/application.yml

@@ -34,17 +34,17 @@ zlt:
     ignore:
       # 忽略认证的地址
       httpUrls: >
-        /api-uaa/**,
+        /api-uaa/oauth/**,
+        /api-uaa/validata/**,
+        /api-uaa/css/**,
+        /api-uaa/images/**,
+        /api-uaa/js/**,
         /api-user/users-anon/**,
         /login.html,
         /user/login
       # 配置只认证登录，登录后所有角色都能访问的url
       menusPaths: /api-user/menus/current
     auth:
-      # 配置必需认证的url
-      httpUrls: >
-        /api-uaa/clients/**,
-        /api-uaa/tokens/**
       #是否开启url级别权限
       urlEnabled: false
       renew:

zlt-uaa/src/main/java/com/central/oauth/config/SecurityConfig.java

@@ -78,9 +78,9 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http.authorizeRequests()
-                    .antMatchers( securityProperties.getIgnore().getUrls())
+					.anyRequest()
+					//授权服务器关闭basic认证
                     .permitAll()
-                    .anyRequest().authenticated()
                     .and()
                 .formLogin()
                     .loginPage(SecurityConstants.LOGIN_PAGE)

zlt-uaa/src/main/resources/application.yml

@@ -25,16 +25,6 @@ zlt:
     version: 1.0
     base-package: com.central.oauth.controller
   security:
-    ignore:
-      # 忽略认证的地址
-      httpUrls: >
-        /validata/**,
-        /clients/**,
-        /tokens/**,
-        /login.html,
-        /css/**,
-        /images/**,
-        /js/**
     code:
       # 忽略验证码的应用编号
       ignoreClientCode: app
\ No newline at end of file