update 扩展 security 配置属性

ruoyi-admin/src/main/resources/application.yml

@@ -108,6 +108,9 @@ token:
 
 # security配置
 security:
+  # 登出路径
+  logout-url: /logout
+  # 匿名路径
   anonymous:
     - /login
     - /register
@@ -122,6 +125,8 @@ security:
     # actuator 监控配置
     - /actuator
     - /actuator/**
+  # 用户放行
+  permit-all:
 
 # 重复提交
 repeat-submit:

ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java

@@ -109,11 +109,12 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
                         "/**/*.js"
                 ).permitAll()
                 .antMatchers(securityProperties.getAnonymous()).anonymous()
+                .antMatchers(securityProperties.getPermitAll()).permitAll()
                 // 除上面外的所有请求全部需要鉴权认证
                 .anyRequest().authenticated()
                 .and()
                 .headers().frameOptions().disable();
-        httpSecurity.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);
+        httpSecurity.logout().logoutUrl(securityProperties.getLogoutUrl()).logoutSuccessHandler(logoutSuccessHandler);
         // 添加JWT filter
         httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
         // 添加CORS filter

ruoyi-framework/src/main/java/com/ruoyi/framework/config/properties/SecurityProperties.java

@@ -14,9 +14,19 @@ import org.springframework.stereotype.Component;
 @ConfigurationProperties(prefix = "security")
 public class SecurityProperties {
 
+    /**
+     * 退出登录url
+     */
+    private String logoutUrl;
+
     /**
      * 匿名放行路径
      */
     private String[] anonymous;
 
+    /**
+     * 用户任意访问放行路径
+     */
+    private String[] permitAll;
+
 }