From 9a54426656ef027dcb754f53b2ea8331a3ad9d74 Mon Sep 17 00:00:00 2001
From: jackie <jackiexiang@foxmail.com>
Date: Sat, 11 May 2024 00:22:43 +0800
Subject: [PATCH] =?UTF-8?q?=E5=A6=82=E6=9E=9C=E8=AF=B7=E6=B1=82=E8=B7=AF?=
 =?UTF-8?q?=E5=BE=84=E4=B8=8E=E6=8E=A7=E5=88=B6=E5=99=A8=E6=96=B9=E6=B3=95?=
 =?UTF-8?q?=E7=9A=84=E8=B7=AF=E5=BE=84=E6=A8=A1=E5=BC=8F=E5=8C=B9=E9=85=8D?=
 =?UTF-8?q?=EF=BC=8C=E4=BD=86=E8=AF=B7=E6=B1=82=E6=96=B9=E6=B3=95=E4=B8=8D?=
 =?UTF-8?q?=E5=8C=B9=E9=85=8D=EF=BC=8C=E5=88=99getPatternsCondition()?=
 =?UTF-8?q?=E4=BC=9A=E8=BF=94=E5=9B=9Efalse=EF=BC=8C=E8=80=8CgetPathPatter?=
 =?UTF-8?q?nsCondition()=E4=BB=8D=E7=84=B6=E4=BC=9A=E8=BF=94=E5=9B=9Etrue?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../YudaoWebSecurityConfigurerAdapter.java     | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/YudaoWebSecurityConfigurerAdapter.java b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/YudaoWebSecurityConfigurerAdapter.java
index e2c335d77..1bb19de72 100644
--- a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/YudaoWebSecurityConfigurerAdapter.java
+++ b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/YudaoWebSecurityConfigurerAdapter.java
@@ -24,12 +24,15 @@ import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.method.HandlerMethod;
 import org.springframework.web.servlet.mvc.method.RequestMappingInfo;
 import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
+import org.springframework.web.util.pattern.PathPattern;
 
 import javax.annotation.Resource;
 import javax.annotation.security.PermitAll;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
+import java.util.stream.Collectors;
 
 /**
  * 自定义的 Spring Security 配置适配器实现
@@ -161,10 +164,21 @@ public class YudaoWebSecurityConfigurerAdapter {
             if (!handlerMethod.hasMethodAnnotation(PermitAll.class)) {
                 continue;
             }
-            if (entry.getKey().getPatternsCondition() == null) {
+
+            Set<String> urls = new HashSet<>();
+
+            if (null != entry.getKey().getPatternsCondition()) {
+                urls.addAll( entry.getKey().getPatternsCondition().getPatterns());
+            }
+            //如果请求路径与控制器方法的路径模式匹配，但请求方法不匹配，则getPatternsCondition()会返回false，而getPathPatternsCondition()仍然会返回true
+            if (null != entry.getKey().getPathPatternsCondition()){
+                urls.addAll(entry.getKey().getPathPatternsCondition().getPatterns().stream().map(PathPattern::getPatternString).collect(Collectors.toSet()));
+            }
+
+            if (urls.isEmpty()){
                 continue;
             }
-            Set<String> urls = entry.getKey().getPatternsCondition().getPatterns();
+
             // 特殊：使用 @RequestMapping 注解，并且未写 method 属性，此时认为都需要免登录
             Set<RequestMethod> methods = entry.getKey().getMethodsCondition().getMethods();
             if (CollUtil.isEmpty(methods)) { //