权限控制

backend/build.war/src/main/java/com/beecode/inz/war/SecurityConfig.java

@@ -240,9 +240,11 @@ public class SecurityConfig  {
 			http.sessionManagement().maximumSessions(1);
 			http.csrf().disable();
 			http.cors().disable();
-			http.antMatcher("/warehouse/**").authorizeRequests().anyRequest().authenticated();
-			http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
+			http.antMatcher("/warehouse/**").authorizeRequests()
+			.antMatchers("/warehouse/user").permitAll()
+			.anyRequest().authenticated();
 			
+			http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
 			
 			InzConcurrentSessionFilter inzConcurrentSessionFilter = new InzConcurrentSessionFilter(sessionRegistry) ;
 			http.addFilterAt(inzConcurrentSessionFilter, ConcurrentSessionFilter.class);
@@ -312,7 +314,6 @@ public class SecurityConfig  {
 			.antMatchers("/crm/load/publicity/byAssetPackage/**").permitAll()
 			.antMatchers("/workflow/api/**").permitAll()
 			.antMatchers("/dnaserver/**").permitAll()
-			.antMatchers("/warehouseuser/**").permitAll()
 			.anyRequest().authenticated();//listAll,modifySelfPassword,loadAuctionByAsset临时开放
 			http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
 			InzWebAuthenticationFilter filter = new InzWebAuthenticationFilter();