接口需要鉴权才可以访问

src/main/java/com/welampiot/security/CustomizeAccessDecisionManager.java

@@ -21,29 +21,29 @@ public class CustomizeAccessDecisionManager implements AccessDecisionManager {
     public void decide(Authentication authentication, Object o, Collection<ConfigAttribute> collection)
             throws AccessDeniedException, InsufficientAuthenticationException {
         Iterator<ConfigAttribute> iterator = collection.iterator();
-//        while (iterator.hasNext()) {
-//            ConfigAttribute ca = iterator.next();
-//            //当前请求需要的权限
-//            String needRole = ca.getAttribute();
-//            if ("ROLE_LOGIN".equalsIgnoreCase(needRole)) {
-//                //判断是否登录
-//                if (authentication instanceof AnonymousAuthenticationToken) {
-//                    throw new AccessDeniedException("尚未登录，请登录！");
-//                } else {
-//                    return;
-//                }
-//            }else if("ROLE_NO_AUTH".equalsIgnoreCase(needRole)){
-//                throw new AccessDeniedException("未授权可以访问！");
-//            }
-//            //当前用户所具有的权限
-//            Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
-//            for (GrantedAuthority authority : authorities) {
-//                if (authority.getAuthority().equals(needRole)) {
-//                    return;
-//                }
-//            }
-//        }
-//        throw new AccessDeniedException("权限不足!");
+        while (iterator.hasNext()) {
+            ConfigAttribute ca = iterator.next();
+            //当前请求需要的权限
+            String needRole = ca.getAttribute();
+            if ("ROLE_LOGIN".equalsIgnoreCase(needRole)) {
+                //判断是否登录
+                if (authentication instanceof AnonymousAuthenticationToken) {
+                    throw new AccessDeniedException("尚未登录，请登录！");
+                } else {
+                    return;
+                }
+            }else if("ROLE_NO_AUTH".equalsIgnoreCase(needRole)){
+                throw new AccessDeniedException("未授权可以访问！");
+            }
+            //当前用户所具有的权限
+            Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
+            for (GrantedAuthority authority : authorities) {
+                if (authority.getAuthority().equals(needRole)) {
+                    return;
+                }
+            }
+        }
+        throw new AccessDeniedException("权限不足!");
     }
 
     @Override

src/main/java/com/welampiot/security/CustomizeFilterInvocationSecurityMetadataSource.java

@@ -30,12 +30,14 @@ public class CustomizeFilterInvocationSecurityMetadataSource implements FilterIn
     private UserService userService;
     @Override
     public Collection<ConfigAttribute> getAttributes(Object o) throws IllegalArgumentException {
+        // 不需要鉴权，开发可打开，注释后续代码即可
+//        return null;
         //获取请求地址
         String requestUrl = ((FilterInvocation) o).getRequestUrl();
-        /*Object user = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
+        Object user = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
         if(user instanceof String && user.equals("anonymousUser")){
             //禁止匿名访问(禁止未登录访问)
-            return null;
+            return SecurityConfig.createList("ROLE_LOGIN");
         }
         User userDetails = (User) user;
         //查询具体某个接口的权限
@@ -46,14 +48,9 @@ public class CustomizeFilterInvocationSecurityMetadataSource implements FilterIn
         PathDTO path = permissionList.stream().filter(e->e.getUrl().equals(requestUrl)).findFirst().orElse(null);
         if(path==null){
             return SecurityConfig.createList("ROLE_NO_AUTH");
-        }*/
+        }
         //表明该请求接口可以访问
         return null;
-//        String[] attributes = new String[permissionList.size()];
-//        for(int i = 0;i<permissionList.size();i++){
-//            attributes[i] = permissionList.get(i).getPermissionCode();
-//        }
-//        return SecurityConfig.createList(attributes);
     }
 
     @Override