2 years ago · 3dfbc843ad
--- a/src/main/java/com/genersoft/iot/vmp/conf/security/JwtAuthenticationFilter.java
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/JwtAuthenticationFilter.java
@@ -38,7 +38,6 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
 
				             return;
			
 
				         }
			
 
				         if (!userSetting.isInterfaceAuthentication()) {
			
 
				-            // 构建UsernamePasswordAuthenticationToken,这里密码为null，是因为提供了正确的JWT,实现自动登录
			
 
				             UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(null, null, new ArrayList<>() );
			
 
				             SecurityContextHolder.getContext().setAuthentication(token);
			
 
				             chain.doFilter(request, response);
			
--- a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
@@ -72,21 +72,23 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
				      **/
			
 
				     @Override
			
 
				     public void configure(WebSecurity web) {
			
 
				-
			
 
				-        ArrayList<String> matchers = new ArrayList<>();
			
 
				-        matchers.add("/");
			
 
				-        matchers.add("/#/**");
			
 
				-        matchers.add("/static/**");
			
 
				-        matchers.add("/index.html");
			
 
				-        matchers.add("/doc.html");
			
 
				-        matchers.add("/webjars/**");
			
 
				-        matchers.add("/swagger-resources/**");
			
 
				-        matchers.add("/v3/api-docs/**");
			
 
				-        matchers.add("/js/**");
			
 
				-        matchers.add("/api/device/query/snap/**");
			
 
				-        matchers.addAll(userSetting.getInterfaceAuthenticationExcludes());
			
 
				-        // 可以直接访问的静态数据
			
 
				-        web.ignoring().antMatchers(matchers.toArray(new String[0]));
			
 
				+        if (userSetting.isInterfaceAuthentication()) {
			
 
				+            ArrayList<String> matchers = new ArrayList<>();
			
 
				+            matchers.add("/");
			
 
				+            matchers.add("/#/**");
			
 
				+            matchers.add("/static/**");
			
 
				+            matchers.add("/index.html");
			
 
				+            matchers.add("/doc.html");
			
 
				+            matchers.add("/webjars/**");
			
 
				+            matchers.add("/swagger-resources/**");
			
 
				+            matchers.add("/v3/api-docs/**");
			
 
				+            matchers.add("/js/**");
			
 
				+            matchers.add("/api/device/query/snap/**");
			
 
				+            matchers.add("/record_proxy/*/**");
			
 
				+            matchers.addAll(userSetting.getInterfaceAuthenticationExcludes());
			
 
				+            // 可以直接访问的静态数据
			
 
				+            web.ignoring().antMatchers(matchers.toArray(new String[0]));
			
 
				+        }
			
 
				     }
			
 
				 
			
 
				     /**