核心代码 ## yml 里配置白名单接口 ``` security: ignore: whites: # file - /file/viewByUrl ``` ## 读取 yml中的list IgnoreWhiteProperties.class ``` import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.context.annotation.Configuration; import java.util.ArrayList; import java.util.List; /** * 放行白名单配置 * */ @Configuration @ConfigurationProperties(prefix = "security.ignore") public class IgnoreWhiteProperties { /** * 放行白名单配置，网关不校验此处的白名单 */ private List<String> whites = new ArrayList<>(); public List<String> getWhites() { return whites; } public void setWhites(List<String> whites) { this.whites = whites; } } ``` ## spring security 配置 SecurityConfig 类里增加 ``` @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true) public class SecurityConfig extends WebSecurityConfigurerAdapter { /** * YML 配置的允许匿名访问的地址 */ @Autowired private IgnoreWhiteProperties ignoreWhiteList; configure 方法中增加 // YML 配置的白名单 List<String> whites = ignoreWhiteList.getWhites(); String[] whitesString = new String[whites.size()]; whites.toArray(whitesString); 在 .antMatchers("/login", "/register", "/captchaImage").permitAll() 后面增加 ..antMatchers(whitesString).permitAll() } ```