解决只要请求携带access_token，排除鉴权的url依然会被拦截

zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/config/DefaultResourceServerConf.java

@@ -9,6 +9,7 @@ import org.springframework.security.config.annotation.web.configurers.Expression
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
 import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
+import org.springframework.security.oauth2.provider.authentication.TokenExtractor;
 import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler;
 import org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler;
 import org.springframework.security.oauth2.provider.token.TokenStore;
@@ -36,13 +37,17 @@ public class DefaultResourceServerConf extends ResourceServerConfigurerAdapter {
     @Autowired
     private SecurityProperties securityProperties;
 
+    @Resource
+    private TokenExtractor tokenExtractor;
+
     @Override
     public void configure(ResourceServerSecurityConfigurer resources) {
         resources.tokenStore(tokenStore)
                 .stateless(true)
                 .authenticationEntryPoint(authenticationEntryPoint)
                 .expressionHandler(expressionHandler)
-                .accessDeniedHandler(oAuth2AccessDeniedHandler);
+                .accessDeniedHandler(oAuth2AccessDeniedHandler)
+                .tokenExtractor(tokenExtractor);
     }
 
     @Override

zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/service/impl/CustomBearerTokenExtractor.java

+package com.central.oauth2.common.service.impl;
+
+import com.central.oauth2.common.properties.SecurityProperties;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.oauth2.provider.authentication.BearerTokenExtractor;
+import org.springframework.stereotype.Component;
+import org.springframework.util.AntPathMatcher;
+
+import javax.annotation.Resource;
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * 自定义 TokenExtractor
+ *
+ * @author zlt
+ * @version 1.0
+ * @date 2022/6/4
+ * <p>
+ * Blog: https://zlt2000.gitee.io
+ * Github: https://github.com/zlt2000
+ */
+@Component
+public class CustomBearerTokenExtractor extends BearerTokenExtractor {
+    @Resource
+    private SecurityProperties securityProperties;
+
+    private final AntPathMatcher antPathMatcher = new AntPathMatcher();
+
+    /**
+     * 解决只要请求携带access_token，排除鉴权的url依然会被拦截
+     */
+    @Override
+    public Authentication extract(HttpServletRequest request) {
+        //判断当前请求为排除鉴权的url时，直接返回null
+        for (String url : securityProperties.getIgnore().getUrls()) {
+            if (antPathMatcher.match(url, request.getRequestURI())) {
+                return null;
+            }
+        }
+        return super.extract(request);
+    }
+}

zlt-demo/pom.xml

@@ -22,5 +22,7 @@
         <module>sso-demo</module>
         <!-- dubbo集成demo -->
         <module>dubbo-demo</module>
+        <!-- webSocket集成demo -->
+        <module>websocket-demo</module>
     </modules>
 </project>
\ No newline at end of file