在 Spring Boot 3.5 应用中,如果你想允许某些接口无需 Token 即可访问,有以下几种实现方式:
1. 使用 @PermitAll 注解
java
import jakarta.annotation.security.PermitAll;
@RestController
@RequestMapping("/api/public")
public class PublicController {
@PermitAll
@GetMapping("/hello")
public String hello() {
return "Hello, public world!";
}
}
2. 使用 @Anonymous 注解(RuoYi 框架专用)
如果你使用的是 RuoYi 框架,它通常提供了自定义的 @Anonymous 注解:
java
import com.ruoyi.common.annotation.Anonymous;
@RestController
@RequestMapping("/api/public")
public class PublicController {
@Anonymous
@GetMapping("/hello")
public String hello() {
return "Hello, public world!";
}
}
3. 在安全配置中放行特定路径
在你的安全配置类中(通常是 SecurityConfig.java):
java
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;
@Configuration
public class SecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests(auth -> auth
.requestMatchers("/api/public/**", "/auth/login").permitAll()
.anyRequest().authenticated()
)
// 其他配置...
;
return http.build();
}
}