修改springboot-vue前后端分离系统权限限制免登录访问

方法

一、前端

router.js文件添加路由
Vue.use(Router)

export const constantRouterMap = [
{
path: ‘/lims’,
meta: { title: ‘发热量数据页’, noCache: true },
component: () => import(’@/views/lims/heat/index’),
hidden: true
},
]
index.js文件中添加白名单
const whiteList = [’/login’, ‘/tong’, ‘/lims’]// no redirect whitelist

二、后端

1.修改控制器

HeatController.java文件中给方法添加注解

@GetMapping
@Log(“查询发热量接口”)
@ApiOperation(“查询发热量接口”)
//@GetMapping(value = “/heat”)
@AnonymousAccess//注意要添加这个注解
//@PreAuthorize("@el.check(‘heat:list’)")
public ResponseEntity getHeats(HeatQueryCriteria criteria, Pageable pageable){
return new ResponseEntity<>(heatService.queryAll(criteria,pageable),HttpStatus.OK);
//return “Hello World”;
}
不添加@AnonymousAccess这个注解会给前端返回401错误。
注释掉@PreAuthorize("@el.check(‘heat:list’)")。

2.修改配置文件SecurityConfig.javat

在方法configure中添加 .antMatchers("/lims/**").permitAll()开发匿名访问。

@Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        //httpSecurity.authorizeRequests().anyRequest().permitAll();//免登录访问所有
        if(true){
        // 搜寻匿名标记 url： @AnonymousAccess
        Map<RequestMappingInfo, HandlerMethod> handlerMethodMap = applicationContext.getBean(RequestMappingHandlerMapping.class).getHandlerMethods();
        Set<String> anonymousUrls = new HashSet<>();
        for (Map.Entry<RequestMappingInfo, HandlerMethod> infoEntry : handlerMethodMap.entrySet()) {
            HandlerMethod handlerMethod = infoEntry.getValue();
            AnonymousAccess anonymousAccess = handlerMethod.getMethodAnnotation(AnonymousAccess.class);
            if (null != anonymousAccess) {
                anonymousUrls.addAll(infoEntry.getKey().getPatternsCondition().getPatterns());
            }
        }
        httpSecurity
                // 禁用 CSRF
                .csrf().disable()
                .addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class)
                // 授权异常
                .exceptionHandling()
                .authenticationEntryPoint(authenticationErrorHandler)
                .accessDeniedHandler(jwtAccessDeniedHandler)

                // 防止iframe 造成跨域
                .and()
                .headers()
                .frameOptions()
                .disable()

                // 不创建会话
                .and()
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)

                .and()
                .authorizeRequests()
                // 静态资源等等
                .antMatchers(
                        HttpMethod.GET,
                        "/*.html",
                        "/**/*.html",
                        "/**/*.css",
                        "/**/*.js",
                        "/webSocket/**"
                ).permitAll()
                // swagger 文档
                .antMatchers("/swagger-ui.html").permitAll()
                .antMatchers("/swagger-resources/**").permitAll()
                .antMatchers("/webjars/**").permitAll()
                .antMatchers("/*/api-docs").permitAll()
                // 文件
                .antMatchers("/avatar/**").permitAll()
                .antMatchers("/file/**").permitAll()
                // 阿里巴巴 druid
                .antMatchers("/druid/**").permitAll()
                // 放行OPTIONS请求
                .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
                // 自定义匿名访问所有url放行 ： 允许匿名和带权限以及登录用户访问
                .antMatchers(anonymousUrls.toArray(new String[0])).permitAll()
                //匿名访问
                .antMatchers("/lims/**").permitAll()
                // 所有请求都需要认证
                //.anyRequest().authenticated()
                .and().apply(securityConfigurerAdapter());
    }

总结