SpringSecurity使用注解实现匿名访问

原文链接：https://blog.csdn.net/qq_28597959/article/details/114094758SpringSecurity实现匿名访问的方式如下，

/**
* spring security配置
* {@link EnableGlobalMethodSecurity } 如果想要启用spring方法级安全时，使用这个注解
*
* @author ruoyi
*/
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.authorizeRequests()
// 对于登录login 验证码captchaImage 允许匿名访问
.antMatchers("/login", "/captchaImage").anonymous();
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
如果有很多个路径都需要匿名访问，那岂不是要在 antMatchers 加很多路径？这样太繁琐

使用注解方式实现匿名访问，步骤如下

先定义一个注解
/**
* Security允许匿名访问
*/
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface AnonymousAccess {
}
1
2
3
4
5
6
7
8
修改 security 配置类
/**
* spring security配置
* {@link EnableGlobalMethodSecurity } 如果想要启用spring方法级安全时，使用这个注解
*
* @author ruoyi
*/
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.authorizeRequests()
// 对于登录login 验证码captchaImage 允许匿名访问
.antMatchers("/login", "/captchaImage").anonymous()
// 所有加 AnonymousAccess 注解的请求都允许匿名访问
.antMatchers(getAnonymousUrls()).anonymous();
}

/**
* 获取标有注解 AnonymousAccess 的访问路径
*/
private String[] getAnonymousUrls() {
// 获取所有的 RequestMapping
Map<RequestMappingInfo, HandlerMethod> handlerMethods = SpringUtils.getBean(RequestMappingHandlerMapping.class).getHandlerMethods();
Set<String> allAnonymousAccess = new HashSet<>();
// 循环 RequestMapping
for (Map.Entry<RequestMappingInfo, HandlerMethod> infoEntry : handlerMethods.entrySet()) {
HandlerMethod value = infoEntry.getValue();
// 获取方法上 AnonymousAccess 类型的注解
AnonymousAccess methodAnnotation = value.getMethodAnnotation(AnonymousAccess.class);
// 如果方法上标注了 AnonymousAccess 注解，就获取该方法的访问全路径
if (methodAnnotation != null) {
allAnonymousAccess.addAll(infoEntry.getKey().getPatternsCondition().getPatterns());
}
}
return allAnonymousAccess.toArray(new String[0]);
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
使用
@RestController
@RequestMapping("/consignment")
public class RmbssDcDepotController extends BaseController {

@Autowired
private IRmbssDcDepotService rmbssDcDepotService;

/**
* 查询所有有效的代储车间
* @AnonymousAccess 允许匿名访问的注解
*/
@AnonymousAccess
@GetMapping("/plantList")
public AjaxResult plantList(RmbssDcDepot rmbssDcDepot) {
return AjaxResult.success(rmbssDcDepotService.selectDcPlantList(rmbssDcDepot));
}
}