fix: change nursing endpoints from anonymous() to permitAll()

- .anonymous() blocks authenticated users (returns 403 with token) - .permitAll() allows both anonymous and authenticated requests - Add @Anonymous annotation to publishedList() and incrementView() - Remove /system/nursing/** from anonymous whitelist, add to permitAll Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-23 01:45:15 +08:00
parent ccf1ffa8dd
commit d0d69387fb
2 changed files with 5 additions and 1 deletions
--- a/rlz/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java
+++ b/rlz/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java
@@ -109,7 +109,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
                // 过滤请求
                .authorizeRequests()
                // 对于登录login 注册register 验证码captchaImage 允许匿名访问
-                .antMatchers("/login","/appLogin","/system/msm","/smsLogin", "/register", "/captchaImage","/weixinLogin","/getUserToken","/system/weixin/wxPayNotify","/system/weixin/wxRefundNotify","/system/user/getAppIndexInfo","/system/nursing/published","/system/nursing/view/**").anonymous()
+                .antMatchers("/login","/appLogin","/system/msm","/smsLogin", "/register", "/captchaImage","/weixinLogin","/getUserToken","/system/weixin/wxPayNotify","/system/weixin/wxRefundNotify","/system/user/getAppIndexInfo").anonymous()
+                .antMatchers("/system/nursing/published","/system/nursing/view/**").permitAll()
                // 静态资源，可匿名访问
                .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll()
                .antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll()
--- a/rlz/ruoyi-system/src/main/java/com/ruoyi/system/controller/RlzNursingArticleController.java
+++ b/rlz/ruoyi-system/src/main/java/com/ruoyi/system/controller/RlzNursingArticleController.java
@@ -12,6 +12,7 @@ import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
+import com.ruoyi.common.annotation.Anonymous;
 import com.ruoyi.common.annotation.Log;
 import com.ruoyi.common.core.controller.BaseController;
 import com.ruoyi.common.core.domain.AjaxResult;
@@ -94,6 +95,7 @@ public class RlzNursingArticleController extends BaseController
    /**
     * 获取已发布的护理资讯列表（无需认证，供App使用）
     */
+    @Anonymous
    @GetMapping("/published")
    public AjaxResult publishedList()
    {
@@ -104,6 +106,7 @@ public class RlzNursingArticleController extends BaseController
    /**
     * 阅读量+1（无需认证，App点击文章时调用）
     */
+    @Anonymous
    @PutMapping("/view/{id}")
    public AjaxResult incrementView(@PathVariable("id") Long id)
    {