From 126c774854a74f02e5deaee308a7688e0f171aaa Mon Sep 17 00:00:00 2001
From: xiangpei <xiangpei@timesnew.cn>
Date: 星期二, 09 七月 2024 17:37:20 +0800
Subject: [PATCH] Merge remote-tracking branch 'origin/dev' into dev

---
 src/main/java/com/ycl/jxkg/config/spring/security/SecurityConfigurer.java |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/src/main/java/com/ycl/jxkg/config/spring/security/SecurityConfigurer.java b/src/main/java/com/ycl/jxkg/config/spring/security/SecurityConfigurer.java
index 39405f8..596abfb 100644
--- a/src/main/java/com/ycl/jxkg/config/spring/security/SecurityConfigurer.java
+++ b/src/main/java/com/ycl/jxkg/config/spring/security/SecurityConfigurer.java
@@ -84,8 +84,9 @@
                     .and().authenticationProvider(restAuthenticationProvider)
                     .authorizeRequests()
                     .antMatchers(securityIgnoreUrls.toArray(ignores)).permitAll()
+                    .antMatchers("/api/admin/user/update/password").permitAll()
                     .antMatchers("/api/admin/**").hasRole(RoleEnum.ADMIN.getName())
-                    .antMatchers("/api/student/**").hasAnyRole(RoleEnum.STUDENT.getName(),RoleEnum.ADMIN.getName())
+                    .antMatchers("/api/student/**").hasRole(RoleEnum.STUDENT.getName())
                     .antMatchers("/api/register/**").anonymous()
                     .anyRequest().permitAll()
                     .and().exceptionHandling().accessDeniedHandler(restAccessDeniedHandler)

--
Gitblit v1.8.0