From 1e795f4b8a96ced50cc67e8fbf10ad8fab903182 Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Mon, 30 Sep 2019 16:06:35 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E5=8C=BF=E5=90=8D=E8=AE=BF?=
 =?UTF-8?q?=E9=97=AE=E6=8E=A7=E5=88=B6=E5=8F=AA=E5=85=81=E8=AE=B8=E5=8C=BF?=
 =?UTF-8?q?=E5=90=8D=E8=AE=BF=E9=97=AE=E7=9A=84=E9=97=AE=E9=A2=98=E3=80=82?=
 =?UTF-8?q?=20next:=20=E5=85=81=E8=AE=B8=20=E5=8C=BF=E5=90=8D=E5=92=8C?=
 =?UTF-8?q?=E5=B8=A6=E6=9D=83=E9=99=90=E4=BB=A5=E5=8F=8A=E7=99=BB=E5=BD=95?=
 =?UTF-8?q?=E7=94=A8=E6=88=B7=E8=AE=BF=E9=97=AE=20done?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../zhengjie/modules/security/config/SecurityConfig.java | 9 ++++-----
 .../security/security/JwtAuthorizationTokenFilter.java   | 6 ------
 2 files changed, 4 insertions(+), 11 deletions(-)

diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/security/config/SecurityConfig.java b/eladmin-system/src/main/java/me/zhengjie/modules/security/config/SecurityConfig.java
index f817826d..8b67382b 100644
--- a/eladmin-system/src/main/java/me/zhengjie/modules/security/config/SecurityConfig.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/security/config/SecurityConfig.java
@@ -92,13 +92,14 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
     @Override
     protected void configure(HttpSecurity httpSecurity) throws Exception {
+
+        // 搜寻 匿名标记 url： PreAuthorize("hasAnyRole('ROLE_ANONYMOUS')") 和 AnonymousAccess
         Map<RequestMappingInfo, HandlerMethod> handlerMethodMap = applicationContext.getBean(RequestMappingHandlerMapping.class).getHandlerMethods();
         Set<String> anonymousUrls = new HashSet<>();
         for (Map.Entry<RequestMappingInfo, HandlerMethod> infoEntry : handlerMethodMap.entrySet()) {
             HandlerMethod handlerMethod = infoEntry.getValue();
             AnonymousAccess anonymousAccess = handlerMethod.getMethodAnnotation(AnonymousAccess.class);
             PreAuthorize preAuthorize = handlerMethod.getMethodAnnotation(PreAuthorize.class);
-            // PreAuthorize("hasAnyRole('ROLE_ANONYMOUS')") 和 AnonymousAccess
             if (null != preAuthorize && preAuthorize.value().contains("ROLE_ANONYMOUS")) {
                 anonymousUrls.addAll(infoEntry.getKey().getPatternsCondition().getPatterns());
             } else if (null != anonymousAccess && null == preAuthorize) {
@@ -140,8 +141,6 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
                 .antMatchers("/*/api-docs").anonymous()
                 // swagger end
 
-                // 接口限流测试
-                .antMatchers("/test/**").anonymous()
                 // 文件
                 .antMatchers("/avatar/**").anonymous()
                 .antMatchers("/file/**").anonymous()
@@ -150,8 +149,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
                 .antMatchers(HttpMethod.OPTIONS, "/**").anonymous()
 
                 .antMatchers("/druid/**").anonymous()
-                // 自定义匿名访问所有url放行
-                .antMatchers(anonymousUrls.toArray(new String[0])).anonymous()
+                // 自定义匿名访问所有url放行 ： 允许 匿名和带权限以及登录用户访问
+                .antMatchers(anonymousUrls.toArray(new String[0])).permitAll()
                 // 所有请求都需要认证
                 .anyRequest().authenticated()
 
diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/security/security/JwtAuthorizationTokenFilter.java b/eladmin-system/src/main/java/me/zhengjie/modules/security/security/JwtAuthorizationTokenFilter.java
index 8ca24fdf..1693bcc1 100644
--- a/eladmin-system/src/main/java/me/zhengjie/modules/security/security/JwtAuthorizationTokenFilter.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/security/security/JwtAuthorizationTokenFilter.java
@@ -5,9 +5,7 @@ import lombok.extern.slf4j.Slf4j;
 import me.zhengjie.modules.security.utils.JwtTokenUtil;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
@@ -63,10 +61,6 @@ public class JwtAuthorizationTokenFilter extends OncePerRequestFilter {
                 authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
                 SecurityContextHolder.getContext().setAuthentication(authentication);
             }
-        } else {
-//            AnonymousAuthenticationToken anonymousAuthenticationToken = new AnonymousAuthenticationToken("anonymous", "anonymousUser", AuthorityUtils.createAuthorityList(new String[]{"ROLE_ANONYMOUS"}));
-//            anonymousAuthenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
-//            SecurityContextHolder.getContext().setAuthentication(anonymousAuthenticationToken);
         }
         chain.doFilter(request, response);
     }