spring security 实现匿名访问

实现思路：step1: 标注需要匿名访问的接口

　　　　 step2: 配置匿名访问

自定义注解 @AnonymousAccess，写在需要匿名访问的接口上：

 1     /**
 2      * 功能描述: 登录
 3      * @param loginVO 用户登录时的账号和密码
 4      * @Description TODO
 5      * @return com.rman.iflash.model.R
 6      * @Author Caesar
 7      * @Date 10:57 2020/5/3
 8      **/
 9     @AnonymousAccess
10     @PostMapping("/login")
11     public R login(@RequestBody @Validated LoginVO loginVO){
12         log.info("用户登录信息{}", loginVO);
13         LoginVO authUserDTO = new LoginVO();
14         authUserDTO.setUsername(loginVO.getUsername());
15         authUserDTO.setPassword(loginVO.getPassword());
16         authUserDTO.setCaptchaId(loginVO.getCaptchaId());
17         authUserDTO.setCaptchaCode(loginVO.getCaptchaCode());
18         Object data = loginService.login(authUserDTO);
19         return R.success(data);
20     }

@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface AnonymousAccess {
}

在security的配置类的 configure(HttpSecurity http)方法中配置匿名访问：

 1 //查找匿名标记URL
 2         Map<RequestMappingInfo, HandlerMethod> handlerMethods =
 3                 applicationContext.getBean(RequestMappingHandlerMapping.class).getHandlerMethods();
 4         Set<String> anonymousUrls = new HashSet<>();
 5         for (Map.Entry<RequestMappingInfo, HandlerMethod> infoEntry : handlerMethods.entrySet()) {
 6             HandlerMethod handlerMethod = infoEntry.getValue();
 7             AnonymousAccess anonymousAccess = handlerMethod.getMethodAnnotation(AnonymousAccess.class);
 8             if (anonymousAccess != null) {
 9                 anonymousUrls.addAll(infoEntry.getKey().getPatternsCondition().getPatterns());
10             }
11         }
12         anonymousUrls.forEach(s -> log.warn("可以匿名访问的url：{}", s));
13 
14 http.antMatchers(anonymousUrls.toArray(new String[0])).anonymous()