修复放行漏洞接口——正式环境
This commit is contained in:
@@ -111,15 +111,24 @@ public class SecurityConfig
|
||||
.authorizeHttpRequests((requests) -> {
|
||||
permitAllUrl.getUrls().forEach(url -> requests.antMatchers(url).permitAll());
|
||||
// 对于登录login 注册register 验证码captchaImage 允许匿名访问
|
||||
requests.antMatchers("/login", "/register", "/captchaImage","/app/login","/websocket/**","/ws/**","/speech-recognition","/speech-synthesis",
|
||||
requests.antMatchers("/login", "/register", "/captchaImage","/app/login","/websocket/**","/ws/**","/app/appLogin",
|
||||
"/app/appWxphoneSmsCode","/app/appLoginPhone","/app/sendSmsAgain","/app/idCardLogin","/app/phoneLogin",
|
||||
"/cms/company/listPage","/cms/appUser/noTmlist","/getTjmhToken","/getWwTjmhToken","/getWwTjmHlwToken",
|
||||
"/cms/jobApply/zphApply","/cms/jobApply/zphApplyAgree","/actuator/health").permitAll()
|
||||
// 静态资源,可匿名访问
|
||||
.antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll()
|
||||
// 移动端公用查询,可匿名访问
|
||||
.antMatchers("/app/common/**").permitAll()
|
||||
.antMatchers("/app/**").permitAll()
|
||||
.antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll()
|
||||
//ai对话模块
|
||||
.antMatchers("/app/chat/**").permitAll()
|
||||
//文字转语音或者语音转文字
|
||||
.antMatchers("/app/speech/**").permitAll()
|
||||
//移动端岗位信息
|
||||
.antMatchers("/app/job/**").permitAll()
|
||||
//招聘会信息
|
||||
.antMatchers("/app/fair/**").permitAll()
|
||||
//.antMatchers("/app/**").permitAll()
|
||||
//.antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll()
|
||||
//放行前端界面
|
||||
.antMatchers("/kashi/job-portal/detail/**").permitAll()
|
||||
// 除上面外的所有请求全部需要鉴权认证
|
||||
|
||||
Reference in New Issue
Block a user