From 6bcbe72b43d6fa041d06878d1dae09a6d8903895 Mon Sep 17 00:00:00 2001
From: jack <jack.su@pollex.com.tw>
Date: 星期五, 11 八月 2023 16:19:02 +0800
Subject: [PATCH] [ADD] 為了解決滲透測試JWT token 登出未失效問題, 在登出後會需要建立黑名單並在filter中確定token是否非黑名單

---
 pamapi/src/main/java/com/pollex/pam/config/SecurityConfiguration.java |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/pamapi/src/main/java/com/pollex/pam/config/SecurityConfiguration.java b/pamapi/src/main/java/com/pollex/pam/config/SecurityConfiguration.java
index c7f6824..191ed67 100644
--- a/pamapi/src/main/java/com/pollex/pam/config/SecurityConfiguration.java
+++ b/pamapi/src/main/java/com/pollex/pam/config/SecurityConfiguration.java
@@ -78,7 +78,9 @@
             .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
         .and()
             .authorizeRequests()
+            .antMatchers("/api/access_analysis/**").permitAll()
             .antMatchers("/api/authenticate").permitAll()
+            .antMatchers("/api/logout").permitAll()
             .antMatchers("/api/register").permitAll()
             .antMatchers("/api/activate").permitAll()
             .antMatchers("/api/testLogin/**").permitAll()

--
Gitblit v1.8.0