From 177d8ec060fa89e0621b72d77908332b74045973 Mon Sep 17 00:00:00 2001 From: zlt Date: Sat, 27 Jul 2019 22:37:32 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E6=8E=88=E6=9D=83=E8=AE=A4?= =?UTF-8?q?=E8=AF=81=E9=85=8D=E7=BD=AE=EF=BC=8C=E6=8E=88=E6=9D=83=E6=9C=8D?= =?UTF-8?q?=E5=8A=A1=E5=99=A8=E5=85=B3=E9=97=ADbasic=E8=AE=A4=E8=AF=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../oauth2/common/properties/PermitProperties.java | 1 - .../zuul-gateway/src/main/resources/application.yml | 10 +++++----- .../java/com/central/oauth/config/SecurityConfig.java | 4 ++-- zlt-uaa/src/main/resources/application.yml | 10 ---------- 4 files changed, 7 insertions(+), 18 deletions(-) diff --git a/zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/properties/PermitProperties.java b/zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/properties/PermitProperties.java index 76e6d2b..631fbf2 100644 --- a/zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/properties/PermitProperties.java +++ b/zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/properties/PermitProperties.java @@ -18,7 +18,6 @@ public class PermitProperties { * 监控中心和swagger需要访问的url */ private static final String[] ENDPOINTS = { - "/oauth/**", "/actuator/**", "/*/v2/api-docs", "/swagger/api-docs", diff --git a/zlt-gateway/zuul-gateway/src/main/resources/application.yml b/zlt-gateway/zuul-gateway/src/main/resources/application.yml index 777367c..bc29669 100644 --- a/zlt-gateway/zuul-gateway/src/main/resources/application.yml +++ b/zlt-gateway/zuul-gateway/src/main/resources/application.yml @@ -34,17 +34,17 @@ zlt: ignore: # 忽略认证的地址 httpUrls: > - /api-uaa/**, + /api-uaa/oauth/**, + /api-uaa/validata/**, + /api-uaa/css/**, + /api-uaa/images/**, + /api-uaa/js/**, /api-user/users-anon/**, /login.html, /user/login # 配置只认证登录,登录后所有角色都能访问的url menusPaths: /api-user/menus/current auth: - # 配置必需认证的url - httpUrls: > - /api-uaa/clients/**, - /api-uaa/tokens/** #是否开启url级别权限 urlEnabled: false renew: diff --git a/zlt-uaa/src/main/java/com/central/oauth/config/SecurityConfig.java b/zlt-uaa/src/main/java/com/central/oauth/config/SecurityConfig.java index 3d7a0f0..0d411ac 100644 --- a/zlt-uaa/src/main/java/com/central/oauth/config/SecurityConfig.java +++ b/zlt-uaa/src/main/java/com/central/oauth/config/SecurityConfig.java @@ -78,9 +78,9 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() - .antMatchers( securityProperties.getIgnore().getUrls()) + .anyRequest() + //授权服务器关闭basic认证 .permitAll() - .anyRequest().authenticated() .and() .formLogin() .loginPage(SecurityConstants.LOGIN_PAGE) diff --git a/zlt-uaa/src/main/resources/application.yml b/zlt-uaa/src/main/resources/application.yml index e158d70..b839986 100644 --- a/zlt-uaa/src/main/resources/application.yml +++ b/zlt-uaa/src/main/resources/application.yml @@ -25,16 +25,6 @@ zlt: version: 1.0 base-package: com.central.oauth.controller security: - ignore: - # 忽略认证的地址 - httpUrls: > - /validata/**, - /clients/**, - /tokens/**, - /login.html, - /css/**, - /images/**, - /js/** code: # 忽略验证码的应用编号 ignoreClientCode: app \ No newline at end of file -- GitLab