From 3f632afe34ed690172e2ea4627281f3bed74bbc6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=98=BF=E6=B2=90?= <babamu@126.com>
Date: Sat, 30 Apr 2022 00:12:50 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E9=85=8D=E7=BD=AE=E6=96=87?=
 =?UTF-8?q?=E4=BB=B6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../framework/security/config/PermitResource.java   | 21 +++++++++++++++++++++
 .../security/config/ResourceServerConfig.java       |  5 +----
 2 files changed, 22 insertions(+), 4 deletions(-)
 create mode 100644 fast-boot-framework/src/main/java/net/maku/framework/security/config/PermitResource.java

diff --git a/fast-boot-framework/src/main/java/net/maku/framework/security/config/PermitResource.java b/fast-boot-framework/src/main/java/net/maku/framework/security/config/PermitResource.java
new file mode 100644
index 0000000..0825288
--- /dev/null
+++ b/fast-boot-framework/src/main/java/net/maku/framework/security/config/PermitResource.java
@@ -0,0 +1,21 @@
+package net.maku.framework.security.config;
+
+/**
+ * 允许访问的资源
+ *
+ * @author 阿沐 babamu@126.com
+ */
+public class PermitResource {
+    /**
+     * 指定被 spring security oauth2.0 忽略的URL
+     */
+    public static final String [] IGNORING_URLS = {
+        "/actuator/**",
+        "/v3/api-docs/**",
+        "/webjars/**",
+        "/swagger/**",
+        "/swagger-resources/**",
+        "/doc.html",
+        "/oauth/captcha"
+    };
+}
diff --git a/fast-boot-framework/src/main/java/net/maku/framework/security/config/ResourceServerConfig.java b/fast-boot-framework/src/main/java/net/maku/framework/security/config/ResourceServerConfig.java
index 01b9a01..daeac9f 100644
--- a/fast-boot-framework/src/main/java/net/maku/framework/security/config/ResourceServerConfig.java
+++ b/fast-boot-framework/src/main/java/net/maku/framework/security/config/ResourceServerConfig.java
@@ -35,11 +35,8 @@ public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
         http
             .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
             .and()
-            .requestMatchers()
-            // 被保护的资源
-            .antMatchers("/sys/**")
-            .and()
             .authorizeRequests()
+            .antMatchers(PermitResource.IGNORING_URLS).permitAll()
             .anyRequest().authenticated()
         ;
     }