feat(security): 添加对业务接口的匿名访问支持

- 在安全配置中新增 /business/** 路径的匿名访问权限- 扩展了默认允许匿名访问的URL列表 - 确保业务相关接口可以无需认证直接访问
2025-10-10 14:09:25 +08:00
parent 909125c1b0
commit e6886f78bf
1 changed files with 1 additions and 1 deletions
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java
@@ -111,7 +111,7 @@ public class SecurityConfig
            .authorizeHttpRequests((requests) -> {
                permitAllUrl.getUrls().forEach(url -> requests.antMatchers(url).permitAll());
                // 对于登录login 注册register 验证码captchaImage 允许匿名访问
-                requests.antMatchers("/login", "/register", "/captchaImage", "/roller/**","/pdi/**","/pdo/**","/track/**").permitAll()
+                requests.antMatchers("/login", "/register", "/captchaImage", "/roller/**","/pdi/**","/pdo/**","/track/**","/business/**").permitAll()
                    // 静态资源，可匿名访问
                    .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll()
                    .antMatchers("/doc.html","/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/v3/api-docs/**", "/druid/**").permitAll()