默认api放行

bid/src/main/java/cn/hobbystocks/auc/config/SecurityConfig.java

@@ -1,5 +1,6 @@
 package cn.hobbystocks.auc.config;
 
+import cn.hobbystocks.auc.common.filter.AuthenticationFilter;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -7,11 +8,49 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
 @Configuration
 @EnableWebSecurity
 public class SecurityConfig {
 
+    private final AuthenticationFilter authenticationFilter;
+
+    private String[] ignoreUrl = {
+            "/error",
+            "/*/error",
+            "/actuator/**",
+            "/api/local/**",
+            "/api-docs/*",
+            "/doc.html",
+            "/webjars/**",
+            "/swagger-resources/**",
+            "/v3/api-docs/**",
+            "/swagger-ui/**",
+            "/bid/bid/bidding/addPrice",
+            "/bid/auction/banner/list",
+            "/bid/lot/hot/list",
+            "/bid/lot/list/search",
+            "/bid/lot/category/query",
+            "/bid/auction/details",
+            "/bid/lot/detail/**",
+            "/bid/lot/notice/list",
+            "/bid/lot/notice/detail/**",
+            "/bid/bidding/addPrice",
+            "/auction/banner/list",
+            "/lot/hot/list",
+            "/lot/list/search",
+            "/lot/category/query",
+            "/auction/details",
+            "/lot/detail/**",
+            "/lot/notice/list",
+            "/lot/notice/detail/**"
+    };
+
+    public SecurityConfig(AuthenticationFilter authenticationFilter) {
+        this.authenticationFilter = authenticationFilter;
+    }
+
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         http
@@ -19,8 +58,10 @@ public class SecurityConfig {
                 .sessionManagement(session -> session
                         .sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                 .authorizeHttpRequests(auth -> auth
-                        .anyRequest().permitAll()
-                );
+                        .antMatchers(ignoreUrl).permitAll()
+                        .anyRequest().authenticated()
+                )
+                .addFilterBefore(authenticationFilter, UsernamePasswordAuthenticationFilter.class);
 
         return http.build();
     }