在com.ruoyi.framework.config中找到SecurityConfig类
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
// 允许匿名访问的URLs
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = httpSecurity.authorizeRequests();
permitAllUrl.getUrls().forEach(url -> registry.antMatchers(url).permitAll());
registry.anyRequest().permitAll(); // 允许所有请求
httpSecurity
.csrf().disable() // 禁用CSRF
.headers().cacheControl().disable().and()
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.headers().frameOptions().disable();
httpSecurity.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);
// 注释或移除JWT过滤器和CORS过滤器
// httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
// httpSecurity.addFilterBefore(corsFilter, JwtAuthenticationTokenFilter.class);
// httpSecurity.addFilterBefore(corsFilter, LogoutFilter.class);
}