From 9767f49a062d9f9edfc1d0cccdf7f561381e10bd Mon Sep 17 00:00:00 2001
From: wanggeng <450292408@qq.com>
Date: Fri, 20 Aug 2021 16:22:10 +0800
Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=E6=94=BE=E8=A1=8C=E8=B7=AF?=
 =?UTF-8?q?=E5=BE=84=E5=A4=9A=E4=BE=8B=E9=85=8D=E7=BD=AE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../base/security/WebSecurityConfig.java      | 43 +++++++++++++------
 1 file changed, 29 insertions(+), 14 deletions(-)

diff --git a/login-base/src/main/java/ink/wgink/login/base/security/WebSecurityConfig.java b/login-base/src/main/java/ink/wgink/login/base/security/WebSecurityConfig.java
index 0f82ba6b..49cd159f 100644
--- a/login-base/src/main/java/ink/wgink/login/base/security/WebSecurityConfig.java
+++ b/login-base/src/main/java/ink/wgink/login/base/security/WebSecurityConfig.java
@@ -7,6 +7,8 @@ import ink.wgink.login.base.security.user.UserSecurityConfig;
 import ink.wgink.login.base.service.user.UserDetailServiceImpl;
 import ink.wgink.login.base.service.user.UserLoginService;
 import ink.wgink.properties.BaseProperties;
+import org.apache.commons.lang3.ArrayUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -33,9 +35,35 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
     private UserLoginService userLoginService;
     @Autowired
     private PasswordEncoder passwordEncoder;
+    /**
+     * 默认放行配置
+     */
+    private String[] defaultAntMatchers = {
+            baseProperties.getLoginUrl(),
+            baseProperties.getLoginProcess(),
+            baseProperties.getLoginFailure(),
+            "/oauth/**",
+            "/oauth_client/**",
+            "/app/**",
+            "/approute/**",
+            "/wechat/**",
+            "/wechat/route/**",
+            "/wechat-miniapp/**",
+            "/route/file/**",
+            "/api/sms/getverificationcode/*",
+            "/api/user/getsignintype/**"
+    };
 
     @Override
     protected void configure(HttpSecurity http) throws Exception {
+        String assetsMatchers = baseProperties.getAssetsMatchers();
+        String[] fullAntMatchers;
+        if (!StringUtils.isBlank(assetsMatchers)) {
+            String[] assetsMatchersArray = baseProperties.getAssetsMatchers().split(",");
+            fullAntMatchers = ArrayUtils.addAll(defaultAntMatchers, assetsMatchers);
+        } else {
+            fullAntMatchers = defaultAntMatchers;
+        }
         LoginFailureHandler loginFailureHandler = new LoginFailureHandler(baseProperties.getLoginFailure());
         http
                 .formLogin()
@@ -52,20 +80,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
                 .disable()
                 .and()
                 .authorizeRequests()
-                .antMatchers(baseProperties.getAssetsMatchers(),
-                        baseProperties.getLoginUrl(),
-                        baseProperties.getLoginProcess(),
-                        baseProperties.getLoginFailure(),
-                        "/oauth/**",
-                        "/oauth_client/**",
-                        "/app/**",
-                        "/approute/**",
-                        "/wechat/**",
-                        "/wechat/route/**",
-                        "/wechat-miniapp/**",
-                        "/route/file/**",
-                        "/api/sms/getverificationcode/*",
-                        "/api/user/getsignintype/**")
+                .antMatchers(fullAntMatchers)
                 .permitAll()
                 .and()
                 .authorizeRequests()