update security 路径配置抽取到配置文件

ruoyi-admin/src/main/resources/application.yml

@@ -124,13 +124,17 @@ sa-token:
 
 # security配置
 security:
-  # 登出路径
-  logout-url: /logout
-  # 匿名路径
-  anonymous:
+  # 排除路径
+  excludes:
     - /login
+    - /logout
     - /register
     - /captchaImage
+    # 静态资源
+    - /*.html
+    - /**/*.html
+    - /**/*.css
+    - /**/*.js
     # swagger 文档配置
     - /doc.html
     - /swagger-resources/**
@@ -141,8 +145,6 @@ security:
     # actuator 监控配置
     - /actuator
     - /actuator/**
-  # 用户放行
-  permit-all:
 
 # 重复提交
 repeat-submit:

ruoyi-framework/src/main/java/com/ruoyi/framework/config/ResourcesConfig.java

@@ -6,6 +6,8 @@ import cn.dev33.satoken.router.SaRouter;
 import cn.dev33.satoken.stp.StpUtil;
 import com.ruoyi.common.utils.SecurityUtils;
 import com.ruoyi.common.utils.StringUtils;
+import com.ruoyi.framework.config.properties.SecurityProperties;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.cors.CorsConfiguration;
@@ -17,7 +19,6 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 import java.util.Arrays;
 import java.util.Collections;
-import java.util.List;
 
 /**
  * 通用配置
@@ -27,26 +28,12 @@ import java.util.List;
 @Configuration
 public class ResourcesConfig implements WebMvcConfigurer {
 
+    @Autowired
+    private SecurityProperties securityProperties;
+
     // 注册sa-token的拦截器
     @Override
     public void addInterceptors(InterceptorRegistry registry) {
-        List<String> urlPath = Arrays.asList(
-                "/login",
-                "/logout",
-                "/register",
-                "/captchaImage",
-                "/*.html",
-                "/**/*.html",
-                "/**/*.css",
-                "/**/*.js",
-                "/doc.html",
-                "/swagger-resources/**",
-                "/webjars/**",
-                "/*/api-docs",
-                "/druid/**",
-                "/actuator",
-                "/actuator/**"
-        );
         // 注册路由拦截器，自定义验证规则
         registry.addInterceptor(new SaRouteInterceptor((request, response, handler) -> {
             // 登录验证 -- 排除多个路径
@@ -54,7 +41,7 @@ public class ResourcesConfig implements WebMvcConfigurer {
                     //获取所有的
                     Collections.singletonList("/**"),
                     //排除下不需要拦截的
-                    urlPath,
+                    Arrays.asList(securityProperties.getExcludes()),
                     () -> {
                         Long userId = SecurityUtils.getUserId();
                         if(StringUtils.isNotNull(userId) ) {

ruoyi-framework/src/main/java/com/ruoyi/framework/config/properties/SecurityProperties.java

@@ -15,18 +15,9 @@ import org.springframework.stereotype.Component;
 public class SecurityProperties {
 
     /**
-     * 退出登录url
+     * 排除路径
      */
-    private String logoutUrl;
+    private String[] excludes;
 
-    /**
-     * 匿名放行路径
-     */
-    private String[] anonymous;
-
-    /**
-     * 用户任意访问放行路径
-     */
-    private String[] permitAll;
 
 }