方法
一、前端
router.js文件添加路由
Vue.use(Router)
export const constantRouterMap = [
{
path: ‘/lims’,
meta: { title: ‘发热量数据页’, noCache: true },
component: () => import(’@/views/lims/heat/index’),
hidden: true
},
]
index.js文件中添加白名单
const whiteList = [’/login’, ‘/tong’, ‘/lims’]// no redirect whitelist
二、后端
1.修改控制器
HeatController.java文件中给方法添加注解
@GetMapping
@Log(“查询发热量接口”)
@ApiOperation(“查询发热量接口”)
//@GetMapping(value = “/heat”)
@AnonymousAccess//注意要添加这个注解
//@PreAuthorize("@el.check(‘heat:list’)")
public ResponseEntity getHeats(HeatQueryCriteria criteria, Pageable pageable){
return new ResponseEntity<>(heatService.queryAll(criteria,pageable),HttpStatus.OK);
//return “Hello World”;
}
不添加@AnonymousAccess这个注解会给前端返回401错误。
注释掉@PreAuthorize("@el.check(‘heat:list’)")。
2.修改配置文件SecurityConfig.javat
在方法configure中添加 .antMatchers("/lims/**").permitAll()开发匿名访问。
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
//httpSecurity.authorizeRequests().anyRequest().permitAll();//免登录访问所有
if(true){
// 搜寻匿名标记 url: @AnonymousAccess
Map<RequestMappingInfo, HandlerMethod> handlerMethodMap = applicationContext.getBean(RequestMappingHandlerMapping.class).getHandlerMethods();
Set<String> anonymousUrls = new HashSet<>();
for (Map.Entry<RequestMappingInfo, HandlerMethod> infoEntry : handlerMethodMap.entrySet()) {
HandlerMethod handlerMethod = infoEntry.getValue();
AnonymousAccess anonymousAccess = handlerMethod.getMethodAnnotation(AnonymousAccess.class);
if (null != anonymousAccess) {
anonymousUrls.addAll(infoEntry.getKey().getPatternsCondition().getPatterns());
}
}
httpSecurity
// 禁用 CSRF
.csrf().disable()
.addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class)
// 授权异常
.exceptionHandling()
.authenticationEntryPoint(authenticationErrorHandler)
.accessDeniedHandler(jwtAccessDeniedHandler)
// 防止iframe 造成跨域
.and()
.headers()
.frameOptions()
.disable()
// 不创建会话
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
// 静态资源等等
.antMatchers(
HttpMethod.GET,
"/*.html",
"/**/*.html",
"/**/*.css",
"/**/*.js",
"/webSocket/**"
).permitAll()
// swagger 文档
.antMatchers("/swagger-ui.html").permitAll()
.antMatchers("/swagger-resources/**").permitAll()
.antMatchers("/webjars/**").permitAll()
.antMatchers("/*/api-docs").permitAll()
// 文件
.antMatchers("/avatar/**").permitAll()
.antMatchers("/file/**").permitAll()
// 阿里巴巴 druid
.antMatchers("/druid/**").permitAll()
// 放行OPTIONS请求
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
// 自定义匿名访问所有url放行 : 允许匿名和带权限以及登录用户访问
.antMatchers(anonymousUrls.toArray(new String[0])).permitAll()
//匿名访问
.antMatchers("/lims/**").permitAll()
// 所有请求都需要认证
//.anyRequest().authenticated()
.and().apply(securityConfigurerAdapter());
}