tongtong/youlai-boot
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: OpenAPI 接口支持读取 Spring Security 白名单路径并跳过 Authorization 头,优化 Ant 风格路径匹配

Browse Source
This commit is contained in:
Ray.Hao
2025-01-13 18:09:30 +08:00
parent d9e25874ed
commit 6aa9d7b393
3 changed files with 44 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/main/java/com/youlai/boot/config/OpenApiConfig.java
View File

@@ -16,6 +16,7 @@ import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.env.Environment;
import org.springframework.http.HttpHeaders;
import org.springframework.util.AntPathMatcher;
import java.util.stream.Stream;
@@ -82,10 +83,12 @@ public class OpenApiConfig {
if (openApi.getPaths() != null) {
openApi.getPaths().forEach((path, pathItem) -> {
// 忽略认证的请求无需携带Authorization
// 忽略认证的请求无需携带 Authorization
String[] ignoreUrls = securityProperties.getIgnoreUrls();
if (ArrayUtil.isNotEmpty(ignoreUrls)) {
if (Stream.of(ignoreUrls).anyMatch(path::equals)) {
// Ant 匹配忽略的路径不添加Authorization
AntPathMatcher antPathMatcher = new AntPathMatcher();
if (Stream.of(ignoreUrls).anyMatch(ignoreUrl -> antPathMatcher.match(ignoreUrl, path))) {
return;
}
}