9 months ago · 423f6cc9da
--- a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/YudaoWebSecurityConfigurerAdapter.java
+++ b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/YudaoWebSecurityConfigurerAdapter.java
@@ -28,11 +28,15 @@ import org.springframework.web.bind.annotation.RequestMethod;
 
				 import org.springframework.web.method.HandlerMethod;
			
 
				 import org.springframework.web.servlet.mvc.method.RequestMappingInfo;
			
 
				 import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
			
 
				+import org.springframework.web.util.pattern.PathPattern;
			
 
				 
			
 
				+import java.util.HashSet;
			
 
				 import java.util.List;
			
 
				 import java.util.Map;
			
 
				 import java.util.Set;
			
 
				 
			
 
				+import static cn.iocoder.yudao.framework.common.util.collection.CollectionUtils.convertList;
			
 
				+
			
 
				 /**
			
 
				  * 自定义的 Spring Security 配置适配器实现
			
 
				  *
			
@@ -163,13 +167,20 @@ public class YudaoWebSecurityConfigurerAdapter {
 
				             if (!handlerMethod.hasMethodAnnotation(PermitAll.class)) {
			
 
				                 continue;
			
 
				             }
			
 
				-            if (entry.getKey().getPatternsCondition() == null) {
			
 
				+            Set<String> urls = new HashSet<>();
			
 
				+            if (entry.getKey().getPatternsCondition() != null) {
			
 
				+                urls.addAll(entry.getKey().getPatternsCondition().getPatterns());
			
 
				+            }
			
 
				+            if (entry.getKey().getPathPatternsCondition() != null) {
			
 
				+                urls.addAll(convertList(entry.getKey().getPathPatternsCondition().getPatterns(), PathPattern::getPatternString));
			
 
				+            }
			
 
				+            if (urls.isEmpty()) {
			
 
				                 continue;
			
 
				             }
			
 
				-            Set<String> urls = entry.getKey().getPatternsCondition().getPatterns();
			
 
				+
			
 
				             // 特殊：使用 @RequestMapping 注解，并且未写 method 属性，此时认为都需要免登录
			
 
				             Set<RequestMethod> methods = entry.getKey().getMethodsCondition().getMethods();
			
 
				-            if (CollUtil.isEmpty(methods)) { //
			
 
				+            if (CollUtil.isEmpty(methods)) {
			
 
				                 result.putAll(HttpMethod.GET, urls);
			
 
				                 result.putAll(HttpMethod.POST, urls);
			
 
				                 result.putAll(HttpMethod.PUT, urls);