【功能调整】全局：默认 /app-api/* 需要登录，和 /admin-api/* 保持一致，降低大家理解成本

yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/YudaoSecurityAutoConfiguration.java

@@ -1,6 +1,5 @@
 package cn.iocoder.yudao.framework.security.config;
 
-import cn.iocoder.yudao.framework.security.core.aop.PreAuthenticatedAspect;
 import cn.iocoder.yudao.framework.security.core.context.TransmittableThreadLocalSecurityContextHolderStrategy;
 import cn.iocoder.yudao.framework.security.core.filter.TokenAuthenticationFilter;
 import cn.iocoder.yudao.framework.security.core.handler.AccessDeniedHandlerImpl;
@@ -38,14 +37,6 @@ public class YudaoSecurityAutoConfiguration {
     @Resource
     private SecurityProperties securityProperties;
 
-    /**
-     * 处理用户未登录拦截的切面的 Bean
-     */
-    @Bean
-    public PreAuthenticatedAspect preAuthenticatedAspect() {
-        return new PreAuthenticatedAspect();
-    }
-
     /**
      * 认证失败处理类 Bean
      */

yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/YudaoWebSecurityConfigurerAdapter.java

@@ -138,8 +138,6 @@ public class YudaoWebSecurityConfigurerAdapter {
                     .requestMatchers(HttpMethod.PATCH, permitAllUrls.get(HttpMethod.PATCH).toArray(new String[0])).permitAll()
                     // 1.2 基于 yudao.security.permit-all-urls 无需认证
                     .requestMatchers(securityProperties.getPermitAllUrls().toArray(new String[0])).permitAll()
-                    // 1.3 设置 App API 无需认证
-                    .requestMatchers(buildAppApi("/**")).permitAll()
                 )
                 // ②：每个项目的自定义规则
                 .authorizeHttpRequests(c -> authorizeRequestsCustomizers.forEach(customizer -> customizer.customize(c)))

yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/annotations/PreAuthenticated.java

@@ -1,17 +0,0 @@
-package cn.iocoder.yudao.framework.security.core.annotations;
-
-import java.lang.annotation.*;
-
-/**
- * 声明用户需要登录
- *
- * 为什么不使用 {@link org.springframework.security.access.prepost.PreAuthorize} 注解，原因是不通过时，抛出的是认证不通过，而不是未登录
- *
- * @author 芋道源码
- */
-@Target({ElementType.METHOD})
-@Retention(RetentionPolicy.RUNTIME)
-@Inherited
-@Documented
-public @interface PreAuthenticated {
-}

yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/aop/PreAuthenticatedAspect.java

@@ -1,25 +0,0 @@
-package cn.iocoder.yudao.framework.security.core.aop;
-
-import cn.iocoder.yudao.framework.security.core.annotations.PreAuthenticated;
-import cn.iocoder.yudao.framework.security.core.util.SecurityFrameworkUtils;
-import lombok.extern.slf4j.Slf4j;
-import org.aspectj.lang.ProceedingJoinPoint;
-import org.aspectj.lang.annotation.Around;
-import org.aspectj.lang.annotation.Aspect;
-
-import static cn.iocoder.yudao.framework.common.exception.enums.GlobalErrorCodeConstants.UNAUTHORIZED;
-import static cn.iocoder.yudao.framework.common.exception.util.ServiceExceptionUtil.exception;
-
-@Aspect
-@Slf4j
-public class PreAuthenticatedAspect {
-
-    @Around("@annotation(preAuthenticated)")
-    public Object around(ProceedingJoinPoint joinPoint, PreAuthenticated preAuthenticated) throws Throwable {
-        if (SecurityFrameworkUtils.getLoginUser() == null) {
-            throw exception(UNAUTHORIZED);
-        }
-        return joinPoint.proceed();
-    }
-
-}

yudao-module-infra/yudao-module-infra-biz/src/main/java/cn/iocoder/yudao/module/infra/controller/app/file/AppFileController.java

@@ -9,6 +9,7 @@ import cn.iocoder.yudao.module.infra.service.file.FileService;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.annotation.Resource;
+import jakarta.annotation.security.PermitAll;
 import jakarta.validation.Valid;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.validation.annotation.Validated;
@@ -29,6 +30,7 @@ public class AppFileController {
 
     @PostMapping("/upload")
     @Operation(summary = "上传文件")
+    @PermitAll
     public CommonResult<String> uploadFile(AppFileUploadReqVO uploadReqVO) throws Exception {
         MultipartFile file = uploadReqVO.getFile();
         String path = uploadReqVO.getPath();
@@ -37,12 +39,14 @@ public class AppFileController {
 
     @GetMapping("/presigned-url")
     @Operation(summary = "获取文件预签名地址", description = "模式二：前端上传文件：用于前端直接上传七牛、阿里云 OSS 等文件存储器")
+    @PermitAll
     public CommonResult<FilePresignedUrlRespVO> getFilePresignedUrl(@RequestParam("path") String path) throws Exception {
         return success(fileService.getFilePresignedUrl(path));
     }
 
     @PostMapping("/create")
     @Operation(summary = "创建文件", description = "模式二：前端上传文件：配合 presigned-url 接口，记录上传了上传的文件")
+    @PermitAll
     public CommonResult<Long> createFile(@Valid @RequestBody FileCreateReqVO createReqVO) {
         return success(fileService.createFile(createReqVO));
     }

yudao-module-mall/yudao-module-product-biz/src/main/java/cn/iocoder/yudao/module/product/controller/app/category/AppCategoryController.java

@@ -9,15 +9,14 @@ import cn.iocoder.yudao.module.product.service.category.ProductCategoryService;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.annotation.Resource;
+import jakarta.annotation.security.PermitAll;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
-import jakarta.annotation.Resource;
-
-import java.util.Collection;
 import java.util.Collections;
 import java.util.Comparator;
 import java.util.List;
@@ -35,6 +34,7 @@ public class AppCategoryController {
 
     @GetMapping("/list")
     @Operation(summary = "获得商品分类列表")
+    @PermitAll
     public CommonResult<List<AppCategoryRespVO>> getProductCategoryList() {
         List<ProductCategoryDO> list = categoryService.getEnableCategoryList();
         list.sort(Comparator.comparing(ProductCategoryDO::getSort));
@@ -44,6 +44,7 @@ public class AppCategoryController {
     @GetMapping("/list-by-ids")
     @Operation(summary = "获得商品分类列表，指定编号")
     @Parameter(name = "ids", description = "商品分类编号数组", required = true)
+    @PermitAll
     public CommonResult<List<AppCategoryRespVO>> getProductCategoryList(@RequestParam("ids") List<Long> ids) {
         if (CollUtil.isEmpty(ids)) {
             return success(Collections.emptyList());

yudao-module-mall/yudao-module-product-biz/src/main/java/cn/iocoder/yudao/module/product/controller/app/comment/AppProductCommentController.java

@@ -11,6 +11,7 @@ import cn.iocoder.yudao.module.product.service.comment.ProductCommentService;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.annotation.Resource;
+import jakarta.annotation.security.PermitAll;
 import jakarta.validation.Valid;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -30,6 +31,7 @@ public class AppProductCommentController {
 
     @GetMapping("/page")
     @Operation(summary = "获得商品评价分页")
+    @PermitAll
     public CommonResult<PageResult<AppProductCommentRespVO>> getCommentPage(@Valid AppCommentPageReqVO pageVO) {
         // 查询评论分页
         PageResult<ProductCommentDO> pageResult = productCommentService.getCommentPage(pageVO, Boolean.TRUE);

yudao-module-mall/yudao-module-product-biz/src/main/java/cn/iocoder/yudao/module/product/controller/app/favorite/AppFavoriteController.java

@@ -3,8 +3,6 @@ package cn.iocoder.yudao.module.product.controller.app.favorite;
 import cn.hutool.core.collection.CollUtil;
 import cn.iocoder.yudao.framework.common.pojo.CommonResult;
 import cn.iocoder.yudao.framework.common.pojo.PageResult;
-import cn.iocoder.yudao.framework.security.core.annotations.PreAuthenticated;
-import cn.iocoder.yudao.module.product.controller.app.favorite.vo.AppFavoriteBatchReqVO;
 import cn.iocoder.yudao.module.product.controller.app.favorite.vo.AppFavoritePageReqVO;
 import cn.iocoder.yudao.module.product.controller.app.favorite.vo.AppFavoriteReqVO;
 import cn.iocoder.yudao.module.product.controller.app.favorite.vo.AppFavoriteRespVO;
@@ -15,10 +13,10 @@ import cn.iocoder.yudao.module.product.service.favorite.ProductFavoriteService;
 import cn.iocoder.yudao.module.product.service.spu.ProductSpuService;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
-import org.springframework.web.bind.annotation.*;
-
 import jakarta.annotation.Resource;
 import jakarta.validation.Valid;
+import org.springframework.web.bind.annotation.*;
+
 import java.util.List;
 
 import static cn.iocoder.yudao.framework.common.pojo.CommonResult.success;
@@ -37,14 +35,12 @@ public class AppFavoriteController {
 
     @PostMapping(value = "/create")
     @Operation(summary = "添加商品收藏")
-    @PreAuthenticated
     public CommonResult<Long> createFavorite(@RequestBody @Valid AppFavoriteReqVO reqVO) {
         return success(productFavoriteService.createFavorite(getLoginUserId(), reqVO.getSpuId()));
     }
 
     @DeleteMapping(value = "/delete")
     @Operation(summary = "取消单个商品收藏")
-    @PreAuthenticated
     public CommonResult<Boolean> deleteFavorite(@RequestBody @Valid AppFavoriteReqVO reqVO) {
         productFavoriteService.deleteFavorite(getLoginUserId(), reqVO.getSpuId());
         return success(Boolean.TRUE);
@@ -52,7 +48,6 @@ public class AppFavoriteController {
 
     @GetMapping(value = "/page")
     @Operation(summary = "获得商品收藏分页")
-    @PreAuthenticated
     public CommonResult<PageResult<AppFavoriteRespVO>> getFavoritePage(AppFavoritePageReqVO reqVO) {
         PageResult<ProductFavoriteDO> favoritePage = productFavoriteService.getFavoritePage(getLoginUserId(), reqVO);
         if (CollUtil.isEmpty(favoritePage.getList())) {
@@ -72,7 +67,6 @@ public class AppFavoriteController {
 
     @GetMapping(value = "/exits")
     @Operation(summary = "检查是否收藏过商品")
-    @PreAuthenticated
     public CommonResult<Boolean> isFavoriteExists(AppFavoriteReqVO reqVO) {
         ProductFavoriteDO favorite = productFavoriteService.getFavorite(getLoginUserId(), reqVO.getSpuId());
         return success(favorite != null);
@@ -80,7 +74,6 @@ public class AppFavoriteController {
 
     @GetMapping(value = "/get-count")
     @Operation(summary = "获得商品收藏数量")
-    @PreAuthenticated
     public CommonResult<Long> getFavoriteCount() {
         return success(productFavoriteService.getFavoriteCount(getLoginUserId()));
     }

yudao-module-mall/yudao-module-product-biz/src/main/java/cn/iocoder/yudao/module/product/controller/app/history/AppProductBrowseHistoryController.java

@@ -4,7 +4,6 @@ import cn.hutool.core.collection.CollUtil;
 import cn.iocoder.yudao.framework.common.pojo.CommonResult;
 import cn.iocoder.yudao.framework.common.pojo.PageResult;
 import cn.iocoder.yudao.framework.common.util.object.BeanUtils;
-import cn.iocoder.yudao.framework.security.core.annotations.PreAuthenticated;
 import cn.iocoder.yudao.module.product.controller.admin.history.vo.ProductBrowseHistoryPageReqVO;
 import cn.iocoder.yudao.module.product.controller.app.history.vo.AppProductBrowseHistoryDeleteReqVO;
 import cn.iocoder.yudao.module.product.controller.app.history.vo.AppProductBrowseHistoryPageReqVO;
@@ -40,7 +39,6 @@ public class AppProductBrowseHistoryController {
 
     @DeleteMapping(value = "/delete")
     @Operation(summary = "删除商品浏览记录")
-    @PreAuthenticated
     public CommonResult<Boolean> deleteBrowseHistory(@RequestBody @Valid AppProductBrowseHistoryDeleteReqVO reqVO) {
         productBrowseHistoryService.hideUserBrowseHistory(getLoginUserId(), reqVO.getSpuIds());
         return success(Boolean.TRUE);
@@ -48,7 +46,6 @@ public class AppProductBrowseHistoryController {
 
     @DeleteMapping(value = "/clean")
     @Operation(summary = "清空商品浏览记录")
-    @PreAuthenticated
     public CommonResult<Boolean> deleteBrowseHistory() {
         productBrowseHistoryService.hideUserBrowseHistory(getLoginUserId(), null);
         return success(Boolean.TRUE);
@@ -56,7 +53,6 @@ public class AppProductBrowseHistoryController {
 
     @GetMapping(value = "/page")
     @Operation(summary = "获得商品浏览记录分页")
-    @PreAuthenticated
     public CommonResult<PageResult<AppProductBrowseHistoryRespVO>> getBrowseHistoryPage(AppProductBrowseHistoryPageReqVO reqVO) {
         ProductBrowseHistoryPageReqVO pageReqVO = BeanUtils.toBean(reqVO, ProductBrowseHistoryPageReqVO.class)
                 .setUserId(getLoginUserId())

yudao-module-mall/yudao-module-product-biz/src/main/java/cn/iocoder/yudao/module/product/controller/app/spu/AppProductSpuController.java

@@ -17,6 +17,7 @@ import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.annotation.Resource;
+import jakarta.annotation.security.PermitAll;
 import jakarta.validation.Valid;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -50,6 +51,7 @@ public class AppProductSpuController {
     @GetMapping("/list-by-ids")
     @Operation(summary = "获得商品 SPU 列表")
     @Parameter(name = "ids", description = "编号列表", required = true)
+    @PermitAll
     public CommonResult<List<AppProductSpuRespVO>> getSpuList(@RequestParam("ids") Set<Long> ids) {
         List<ProductSpuDO> list = productSpuService.getSpuList(ids);
         if (CollUtil.isEmpty(list)) {
@@ -64,6 +66,7 @@ public class AppProductSpuController {
 
     @GetMapping("/page")
     @Operation(summary = "获得商品 SPU 分页")
+    @PermitAll
     public CommonResult<PageResult<AppProductSpuRespVO>> getSpuPage(@Valid AppProductSpuPageReqVO pageVO) {
         PageResult<ProductSpuDO> pageResult = productSpuService.getSpuPage(pageVO);
         if (CollUtil.isEmpty(pageResult.getList())) {
@@ -79,6 +82,7 @@ public class AppProductSpuController {
     @GetMapping("/get-detail")
     @Operation(summary = "获得商品 SPU 明细")
     @Parameter(name = "id", description = "编号", required = true)
+    @PermitAll
     public CommonResult<AppProductSpuDetailRespVO> getSpuDetail(@RequestParam("id") Long id) {
         // 获得商品 SPU
         ProductSpuDO spu = productSpuService.getSpu(id);

yudao-module-mall/yudao-module-promotion-biz/src/main/java/cn/iocoder/yudao/module/promotion/controller/app/activity/AppActivityController.java

@@ -13,6 +13,7 @@ import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.annotation.Resource;
+import jakarta.annotation.security.PermitAll;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -40,6 +41,7 @@ public class AppActivityController {
     @GetMapping("/list-by-spu-id")
     @Operation(summary = "获得单个商品，进行中的拼团、秒杀、砍价活动信息", description = "每种活动，只返回一个")
     @Parameter(name = "spuId", description = "商品编号", required = true)
+    @PermitAll
     public CommonResult<List<AppActivityRespVO>> getActivityListBySpuId(@RequestParam("spuId") Long spuId) {
         List<AppActivityRespVO> activityVOList = new ArrayList<>();
         // 1. 拼团活动

yudao-module-mall/yudao-module-promotion-biz/src/main/java/cn/iocoder/yudao/module/promotion/controller/app/article/AppArticleController.java

@@ -12,6 +12,7 @@ import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.Parameters;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.annotation.security.PermitAll;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.PutMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -38,6 +39,7 @@ public class AppArticleController {
             @Parameter(name = "recommendHot", description = "是否热门", example = "false"), // 场景一：查看指定的文章
             @Parameter(name = "recommendBanner", description = "是否轮播图", example = "false") // 场景二：查看指定的文章
     })
+    @PermitAll
     public CommonResult<List<AppArticleRespVO>> getArticleList(
             @RequestParam(value = "recommendHot", required = false) Boolean recommendHot,
             @RequestParam(value = "recommendBanner", required = false) Boolean recommendBanner) {
@@ -47,6 +49,7 @@ public class AppArticleController {
 
     @RequestMapping("/page")
     @Operation(summary = "获得文章详情分页")
+    @PermitAll
     public CommonResult<PageResult<AppArticleRespVO>> getArticlePage(AppArticlePageReqVO pageReqVO) {
         return success(ArticleConvert.INSTANCE.convertPage02(articleService.getArticlePage(pageReqVO)));
     }
@@ -57,6 +60,7 @@ public class AppArticleController {
             @Parameter(name = "id", description = "文章编号", example = "1024"),
             @Parameter(name = "title", description = "文章标题", example = "1024"),
     })
+    @PermitAll
     public CommonResult<AppArticleRespVO> getArticle(@RequestParam(value = "id", required = false) Long id,
                                                      @RequestParam(value = "title", required = false) String title) {
         ArticleDO article = id != null ? articleService.getArticle(id)
@@ -67,6 +71,7 @@ public class AppArticleController {
     @PutMapping("/add-browse-count")
     @Operation(summary = "增加文章浏览量")
     @Parameter(name = "id", description = "文章编号", example = "1024")
+    @PermitAll
     public CommonResult<Boolean> addBrowseCount(@RequestParam("id") Long id) {
         articleService.addArticleBrowseCount(id);
         return success(true);

yudao-module-mall/yudao-module-promotion-biz/src/main/java/cn/iocoder/yudao/module/promotion/controller/app/banner/AppBannerController.java

@@ -8,6 +8,7 @@ import cn.iocoder.yudao.module.promotion.service.banner.BannerService;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.annotation.security.PermitAll;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
@@ -28,6 +29,7 @@ public class AppBannerController {
     @GetMapping("/list")
     @Operation(summary = "获得 banner 列表")
     @Parameter(name = "position", description = "Banner position", example = "1")
+    @PermitAll
     public CommonResult<List<AppBannerRespVO>> getBannerList(@RequestParam("position") Integer position) {
         List<BannerDO> bannerList = bannerService.getBannerListByPosition(position);
         return success(BannerConvert.INSTANCE.convertList01(bannerList));
@@ -36,6 +38,7 @@ public class AppBannerController {
     @PutMapping("/add-browse-count")
     @Operation(summary = "增加 Banner 点击量")
     @Parameter(name = "id", description = "Banner 编号", example = "1024")
+    @PermitAll
     public CommonResult<Boolean> addBrowseCount(@RequestParam("id") Long id) {
         bannerService.addBannerBrowseCount(id);
         return success(true);

yudao-module-mall/yudao-module-promotion-biz/src/main/java/cn/iocoder/yudao/module/promotion/controller/app/bargain/AppBargainActivityController.java

@@ -18,6 +18,7 @@ import com.google.common.cache.LoadingCache;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.annotation.security.PermitAll;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -63,6 +64,7 @@ public class AppBargainActivityController {
     @GetMapping("/list")
     @Operation(summary = "获得砍价活动列表", description = "用于小程序首页")
     @Parameter(name = "count", description = "需要展示的数量", example = "6")
+    @PermitAll
     public CommonResult<List<AppBargainActivityRespVO>> getBargainActivityList(
             @RequestParam(name = "count", defaultValue = "6") Integer count) {
         return success(bargainActivityListCache.getUnchecked(count));
@@ -80,6 +82,7 @@ public class AppBargainActivityController {
 
     @GetMapping("/page")
     @Operation(summary = "获得砍价活动分页")
+    @PermitAll
     public CommonResult<PageResult<AppBargainActivityRespVO>> getBargainActivityPage(PageParam pageReqVO) {
         PageResult<BargainActivityDO> result = bargainActivityService.getBargainActivityPage(pageReqVO);
         if (CollUtil.isEmpty(result.getList())) {
@@ -93,6 +96,7 @@ public class AppBargainActivityController {
     @GetMapping("/get-detail")
     @Operation(summary = "获得砍价活动详情")
     @Parameter(name = "id", description = "活动编号", example = "1")
+    @PermitAll
     public CommonResult<AppBargainActivityDetailRespVO> getBargainActivityDetail(@RequestParam("id") Long id) {
         BargainActivityDO activity = bargainActivityService.getBargainActivity(id);
         if (activity == null) {

yudao-module-mall/yudao-module-promotion-biz/src/main/java/cn/iocoder/yudao/module/promotion/controller/app/bargain/AppBargainRecordController.java

@@ -5,7 +5,6 @@ import cn.hutool.core.lang.Assert;
 import cn.iocoder.yudao.framework.common.pojo.CommonResult;
 import cn.iocoder.yudao.framework.common.pojo.PageParam;
 import cn.iocoder.yudao.framework.common.pojo.PageResult;
-import cn.iocoder.yudao.framework.security.core.annotations.PreAuthenticated;
 import cn.iocoder.yudao.module.member.api.user.MemberUserApi;
 import cn.iocoder.yudao.module.member.api.user.dto.MemberUserRespDTO;
 import cn.iocoder.yudao.module.product.api.spu.ProductSpuApi;
@@ -27,10 +26,11 @@ import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.Parameters;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.annotation.Resource;
+import jakarta.annotation.security.PermitAll;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
-import jakarta.annotation.Resource;
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
@@ -61,6 +61,7 @@ public class AppBargainRecordController {
 
     @GetMapping("/get-summary")
     @Operation(summary = "获得砍价记录的概要信息", description = "用于小程序首页")
+    @PermitAll
     public CommonResult<AppBargainRecordSummaryRespVO> getBargainRecordSummary() {
         // 砍价成功的用户数量
         Integer successUserCount = bargainRecordService.getBargainRecordUserCount(
@@ -86,6 +87,7 @@ public class AppBargainRecordController {
             @Parameter(name = "id", description = "砍价记录编号", example = "111"), // 场景一：查看指定的砍价记录
             @Parameter(name = "activityId", description = "砍价活动编号", example = "222") // 场景二：查看指定的砍价活动
     })
+    @PermitAll
     public CommonResult<AppBargainRecordDetailRespVO> getBargainRecordDetail(
             @RequestParam(value = "id", required = false) Long id,
             @RequestParam(value = "activityId", required = false) Long activityId) {
@@ -153,7 +155,6 @@ public class AppBargainRecordController {
 
     @PostMapping("/create")
     @Operation(summary = "创建砍价记录", description = "参与砍价活动")
-    @PreAuthenticated
     public CommonResult<Long> createBargainRecord(@RequestBody AppBargainRecordCreateReqVO reqVO) {
         Long recordId = bargainRecordService.createBargainRecord(getLoginUserId(), reqVO);
         return success(recordId);

yudao-module-mall/yudao-module-promotion-biz/src/main/java/cn/iocoder/yudao/module/promotion/controller/app/combination/AppCombinationActivityController.java

@@ -18,6 +18,7 @@ import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.annotation.Resource;
+import jakarta.annotation.security.PermitAll;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -44,6 +45,7 @@ public class AppCombinationActivityController {
 
     @GetMapping("/page")
     @Operation(summary = "获得拼团活动分页")
+    @PermitAll
     public CommonResult<PageResult<AppCombinationActivityRespVO>> getCombinationActivityPage(PageParam pageParam) {
         PageResult<CombinationActivityDO> pageResult = activityService.getCombinationActivityPage(pageParam);
         if (CollUtil.isEmpty(pageResult.getList())) {
@@ -59,6 +61,7 @@ public class AppCombinationActivityController {
     @GetMapping("/list-by-ids")
     @Operation(summary = "获得拼团活动列表，基于活动编号数组")
     @Parameter(name = "ids", description = "活动编号数组", required = true, example = "[1024, 1025]")
+    @PermitAll
     public CommonResult<List<AppCombinationActivityRespVO>> getCombinationActivityListByIds(@RequestParam("ids") List<Long> ids) {
         // 1. 获得开启的活动列表
         List<CombinationActivityDO> activityList = activityService.getCombinationActivityListByIds(ids);
@@ -76,6 +79,7 @@ public class AppCombinationActivityController {
     @GetMapping("/get-detail")
     @Operation(summary = "获得拼团活动明细")
     @Parameter(name = "id", description = "活动编号", required = true, example = "1024")
+    @PermitAll
     public CommonResult<AppCombinationActivityDetailRespVO> getCombinationActivityDetail(@RequestParam("id") Long id) {
         // 1. 获取活动
         CombinationActivityDO activity = activityService.getCombinationActivity(id);

yudao-module-mall/yudao-module-promotion-biz/src/main/java/cn/iocoder/yudao/module/promotion/controller/app/combination/AppCombinationRecordController.java

@@ -3,7 +3,6 @@ package cn.iocoder.yudao.module.promotion.controller.app.combination;
 import cn.iocoder.yudao.framework.common.pojo.CommonResult;
 import cn.iocoder.yudao.framework.common.pojo.PageResult;
 import cn.iocoder.yudao.framework.common.util.object.BeanUtils;
-import cn.iocoder.yudao.framework.security.core.annotations.PreAuthenticated;
 import cn.iocoder.yudao.module.promotion.controller.app.combination.vo.record.AppCombinationRecordDetailRespVO;
 import cn.iocoder.yudao.module.promotion.controller.app.combination.vo.record.AppCombinationRecordPageReqVO;
 import cn.iocoder.yudao.module.promotion.controller.app.combination.vo.record.AppCombinationRecordRespVO;
@@ -16,6 +15,7 @@ import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.Parameters;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.annotation.Resource;
+import jakarta.annotation.security.PermitAll;
 import jakarta.validation.Valid;
 import jakarta.validation.constraints.Max;
 import org.springframework.validation.annotation.Validated;
@@ -43,6 +43,7 @@ public class AppCombinationRecordController {
 
     @GetMapping("/get-summary")
     @Operation(summary = "获得拼团记录的概要信息", description = "用于小程序首页")
+    @PermitAll
     public CommonResult<AppCombinationRecordSummaryRespVO> getCombinationRecordSummary() {
         AppCombinationRecordSummaryRespVO summary = new AppCombinationRecordSummaryRespVO();
         // 1. 获得拼团参与用户数量
@@ -68,6 +69,7 @@ public class AppCombinationRecordController {
             @Parameter(name = "status", description = "拼团状态"), // 对应 CombinationRecordStatusEnum 枚举
             @Parameter(name = "count", description = "数量")
     })
+    @PermitAll
     public CommonResult<List<AppCombinationRecordRespVO>> getHeadCombinationRecordList(
             @RequestParam(value = "activityId", required = false) Long activityId,
             @RequestParam("status") Integer status,
@@ -78,7 +80,6 @@ public class AppCombinationRecordController {
 
     @GetMapping("/page")
     @Operation(summary = "获得我的拼团记录分页")
-    @PreAuthenticated
     public CommonResult<PageResult<AppCombinationRecordRespVO>> getCombinationRecordPage(
             @Valid AppCombinationRecordPageReqVO pageReqVO) {
         PageResult<CombinationRecordDO> pageResult = combinationRecordService.getCombinationRecordPage(
@@ -89,6 +90,7 @@ public class AppCombinationRecordController {
     @GetMapping("/get-detail")
     @Operation(summary = "获得拼团记录明细")
     @Parameter(name = "id", description = "拼团记录编号", required = true, example = "1024")
+    @PermitAll
     public CommonResult<AppCombinationRecordDetailRespVO> getCombinationRecordDetail(@RequestParam("id") Long id) {
         // 1. 查找这条拼团记录
         CombinationRecordDO record = combinationRecordService.getCombinationRecordById(id);

yudao-module-mall/yudao-module-promotion-biz/src/main/java/cn/iocoder/yudao/module/promotion/controller/app/coupon/AppCouponController.java

@@ -4,7 +4,6 @@ import cn.hutool.core.collection.CollUtil;
 import cn.iocoder.yudao.framework.common.pojo.CommonResult;
 import cn.iocoder.yudao.framework.common.pojo.PageResult;
 import cn.iocoder.yudao.framework.common.util.object.BeanUtils;
-import cn.iocoder.yudao.framework.security.core.annotations.PreAuthenticated;
 import cn.iocoder.yudao.module.promotion.controller.app.coupon.vo.coupon.AppCouponPageReqVO;
 import cn.iocoder.yudao.module.promotion.controller.app.coupon.vo.coupon.AppCouponRespVO;
 import cn.iocoder.yudao.module.promotion.controller.app.coupon.vo.coupon.AppCouponTakeReqVO;
@@ -41,7 +40,6 @@ public class AppCouponController {
     @PostMapping("/take")
     @Operation(summary = "领取优惠劵")
     @Parameter(name = "templateId", description = "优惠券模板编号", required = true, example = "1024")
-    @PreAuthenticated
     public CommonResult<Boolean> takeCoupon(@Valid @RequestBody AppCouponTakeReqVO reqVO) {
         // 1. 领取优惠劵
         Long userId = getLoginUserId();
@@ -59,7 +57,6 @@ public class AppCouponController {
 
     @GetMapping("/page")
     @Operation(summary = "我的优惠劵列表")
-    @PreAuthenticated
     public CommonResult<PageResult<AppCouponRespVO>> getCouponPage(AppCouponPageReqVO pageReqVO) {
         PageResult<CouponDO> pageResult = couponService.getCouponPage(
                 CouponConvert.INSTANCE.convert(pageReqVO, Collections.singleton(getLoginUserId())));
@@ -69,7 +66,6 @@ public class AppCouponController {
     @GetMapping("/get")
     @Operation(summary = "获得优惠劵")
     @Parameter(name = "id", description = "优惠劵编号", required = true, example = "1024")
-    @PreAuthenticated
     public CommonResult<AppCouponRespVO> getCoupon(@RequestParam("id") Long id) {
         CouponDO coupon = couponService.getCoupon(getLoginUserId(), id);
         return success(BeanUtils.toBean(coupon, AppCouponRespVO.class));
@@ -77,7 +73,6 @@ public class AppCouponController {
 
     @GetMapping(value = "/get-unused-count")
     @Operation(summary = "获得未使用的优惠劵数量")
-    @PreAuthenticated
     public CommonResult<Long> getUnusedCouponCount() {
         return success(couponService.getUnusedCouponCount(getLoginUserId()));
     }

yudao-module-mall/yudao-module-promotion-biz/src/main/java/cn/iocoder/yudao/module/promotion/controller/app/coupon/AppCouponTemplateController.java

@@ -19,6 +19,7 @@ import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.Parameters;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.annotation.Resource;
+import jakarta.annotation.security.PermitAll;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -48,6 +49,7 @@ public class AppCouponTemplateController {
     @GetMapping("/get")
     @Operation(summary = "获得优惠劵模版")
     @Parameter(name = "id", description = "优惠券模板编号", required = true, example = "1024")
+    @PermitAll
     public CommonResult<AppCouponTemplateRespVO> getCouponTemplate(Long id) {
         CouponTemplateDO template = couponTemplateService.getCouponTemplate(id);
         if (template == null) {
@@ -66,6 +68,7 @@ public class AppCouponTemplateController {
             @Parameter(name = "productScope", description = "使用类型"),
             @Parameter(name = "count", description = "数量", required = true)
     })
+    @PermitAll
     public CommonResult<List<AppCouponTemplateRespVO>> getCouponTemplateList(
             @RequestParam(value = "spuId", required = false) Long spuId,
             @RequestParam(value = "productScope", required = false) Integer productScope,
@@ -88,6 +91,7 @@ public class AppCouponTemplateController {
     @GetMapping("/list-by-ids")
     @Operation(summary = "获得优惠劵模版列表")
     @Parameter(name = "ids", description = "优惠券模板编号列表")
+    @PermitAll
     public CommonResult<List<AppCouponTemplateRespVO>> getCouponTemplateList(
             @RequestParam(value = "ids", required = false) Set<Long> ids) {
         // 1. 查询
@@ -101,6 +105,7 @@ public class AppCouponTemplateController {
 
     @GetMapping("/page")
     @Operation(summary = "获得优惠劵模版分页")
+    @PermitAll
     public CommonResult<PageResult<AppCouponTemplateRespVO>> getCouponTemplatePage(AppCouponTemplatePageReqVO pageReqVO) {
         // 1.1 处理查询条件：商品范围编号
         Long productScopeValue = getProductScopeValue(pageReqVO.getProductScope(), pageReqVO.getSpuId());

yudao-module-mall/yudao-module-promotion-biz/src/main/java/cn/iocoder/yudao/module/promotion/controller/app/diy/AppDiyPageController.java

@@ -9,6 +9,7 @@ import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.annotation.Resource;
+import jakarta.annotation.security.PermitAll;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -29,6 +30,7 @@ public class AppDiyPageController {
     @GetMapping("/get")
     @Operation(summary = "获得装修页面")
     @Parameter(name = "id", description = "编号", required = true, example = "1024")
+    @PermitAll
     public CommonResult<AppDiyPagePropertyRespVO> getDiyPage(@RequestParam("id") Long id) {
         DiyPageDO diyPage = diyPageService.getDiyPage(id);
         return success(BeanUtils.toBean(diyPage, AppDiyPagePropertyRespVO.class));

yudao-module-mall/yudao-module-promotion-biz/src/main/java/cn/iocoder/yudao/module/promotion/controller/app/diy/AppDiyTemplateController.java

@@ -12,6 +12,7 @@ import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.annotation.Resource;
+import jakarta.annotation.security.PermitAll;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -37,6 +38,7 @@ public class AppDiyTemplateController {
     // TODO @疯狂：要不要把 used 和 get 接口合并哈；不传递 id，直接拿默认；
     @GetMapping("/used")
     @Operation(summary = "使用中的装修模板")
+    @PermitAll
     public CommonResult<AppDiyTemplatePropertyRespVO> getUsedDiyTemplate() {
         DiyTemplateDO diyTemplate = diyTemplateService.getUsedDiyTemplate();
         return success(buildVo(diyTemplate));
@@ -45,6 +47,7 @@ public class AppDiyTemplateController {
     @GetMapping("/get")
     @Operation(summary = "获得装修模板")
     @Parameter(name = "id", description = "编号", required = true, example = "1024")
+    @PermitAll
     public CommonResult<AppDiyTemplatePropertyRespVO> getDiyTemplate(@RequestParam("id") Long id) {
         DiyTemplateDO diyTemplate = diyTemplateService.getDiyTemplate(id);
         return success(buildVo(diyTemplate));

yudao-module-mall/yudao-module-promotion-biz/src/main/java/cn/iocoder/yudao/module/promotion/controller/app/kefu/AppKeFuMessageController.java

@@ -4,7 +4,6 @@ import cn.iocoder.yudao.framework.common.enums.UserTypeEnum;
 import cn.iocoder.yudao.framework.common.pojo.CommonResult;
 import cn.iocoder.yudao.framework.common.pojo.PageResult;
 import cn.iocoder.yudao.framework.common.util.object.BeanUtils;
-import cn.iocoder.yudao.framework.security.core.annotations.PreAuthenticated;
 import cn.iocoder.yudao.module.promotion.controller.admin.kefu.vo.message.KeFuMessageRespVO;
 import cn.iocoder.yudao.module.promotion.controller.app.kefu.vo.message.AppKeFuMessagePageReqVO;
 import cn.iocoder.yudao.module.promotion.controller.app.kefu.vo.message.AppKeFuMessageSendReqVO;
@@ -32,7 +31,6 @@ public class AppKeFuMessageController {
 
     @PostMapping("/send")
     @Operation(summary = "发送客服消息")
-    @PreAuthenticated
     public CommonResult<Long> sendKefuMessage(@Valid @RequestBody AppKeFuMessageSendReqVO sendReqVO) {
         sendReqVO.setSenderId(getLoginUserId()).setSenderType(UserTypeEnum.MEMBER.getValue()); // 设置用户编号和类型
         return success(kefuMessageService.sendKefuMessage(sendReqVO));
@@ -41,7 +39,6 @@ public class AppKeFuMessageController {
     @PutMapping("/update-read-status")
     @Operation(summary = "更新客服消息已读状态")
     @Parameter(name = "conversationId", description = "会话编号", required = true)
-    @PreAuthenticated
     public CommonResult<Boolean> updateKefuMessageReadStatus(@RequestParam("conversationId") Long conversationId) {
         kefuMessageService.updateKeFuMessageReadStatus(conversationId, getLoginUserId(), UserTypeEnum.MEMBER.getValue());
         return success(true);
@@ -49,7 +46,6 @@ public class AppKeFuMessageController {
 
     @GetMapping("/page")
     @Operation(summary = "获得客服消息分页")
-    @PreAuthenticated
     public CommonResult<PageResult<KeFuMessageRespVO>> getKefuMessagePage(@Valid AppKeFuMessagePageReqVO pageReqVO) {
         PageResult<KeFuMessageDO> pageResult = kefuMessageService.getKeFuMessagePage(pageReqVO, getLoginUserId());
         return success(BeanUtils.toBean(pageResult, KeFuMessageRespVO.class));

yudao-module-mall/yudao-module-promotion-biz/src/main/java/cn/iocoder/yudao/module/promotion/controller/app/point/AppPointActivityController.java

@@ -19,6 +19,7 @@ import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.annotation.Resource;
+import jakarta.annotation.security.PermitAll;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -47,6 +48,7 @@ public class AppPointActivityController {
 
     @GetMapping("/page")
     @Operation(summary = "获得积分商城活动分页")
+    @PermitAll
     public CommonResult<PageResult<AppPointActivityRespVO>> getPointActivityPage(AppPointActivityPageReqVO pageReqVO) {
         // 1. 查询满足当前阶段的活动
         PageResult<PointActivityDO> pageResult = pointActivityService.getPointActivityPage(
@@ -63,6 +65,7 @@ public class AppPointActivityController {
     @GetMapping("/get-detail")
     @Operation(summary = "获得积分商城活动明细")
     @Parameter(name = "id", description = "活动编号", required = true, example = "1024")
+    @PermitAll
     public CommonResult<AppPointActivityDetailRespVO> getPointActivity(@RequestParam("id") Long id) {
         // 1. 获取活动
         PointActivityDO activity = pointActivityService.getPointActivity(id);
@@ -81,6 +84,7 @@ public class AppPointActivityController {
     @GetMapping("/list-by-ids")
     @Operation(summary = "获得积分商城活动列表，基于活动编号数组")
     @Parameter(name = "ids", description = "活动编号数组", required = true, example = "[1024, 1025]")
+    @PermitAll
     public CommonResult<List<AppPointActivityRespVO>> getCombinationActivityListByIds(@RequestParam("ids") List<Long> ids) {
         // 1. 获得开启的活动列表
         List<PointActivityDO> activityList = pointActivityService.getPointActivityListByIds(ids);

yudao-module-mall/yudao-module-promotion-biz/src/main/java/cn/iocoder/yudao/module/promotion/controller/app/reward/AppRewardActivityController.java

@@ -9,6 +9,7 @@ import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.annotation.Resource;
+import jakarta.annotation.security.PermitAll;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -29,6 +30,7 @@ public class AppRewardActivityController {
     @GetMapping("/get")
     @Operation(summary = "获得满减送活动")
     @Parameter(name = "id", description = "编号", required = true, example = "1024")
+    @PermitAll
     public CommonResult<AppRewardActivityRespVO> getRewardActivity(@RequestParam("id") Long id) {
         RewardActivityDO activity = rewardActivityService.getRewardActivity(id);
         if (activity == null) {

yudao-module-mall/yudao-module-promotion-biz/src/main/java/cn/iocoder/yudao/module/promotion/controller/app/seckill/AppSeckillActivityController.java

@@ -24,6 +24,7 @@ import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.annotation.Resource;
+import jakarta.annotation.security.PermitAll;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -74,6 +75,7 @@ public class AppSeckillActivityController {
 
     @GetMapping("/get-now")
     @Operation(summary = "获得当前秒杀活动", description = "获取当前正在进行的活动，提供给首页使用")
+    @PermitAll
     public CommonResult<AppSeckillActivityNowRespVO> getNowSeckillActivity() {
         return success(nowSeckillActivityCache.getUnchecked("")); // 缓存
     }
@@ -96,6 +98,7 @@ public class AppSeckillActivityController {
 
     @GetMapping("/page")
     @Operation(summary = "获得秒杀活动分页")
+    @PermitAll
     public CommonResult<PageResult<AppSeckillActivityRespVO>> getSeckillActivityPage(AppSeckillActivityPageReqVO pageReqVO) {
         // 1. 查询满足当前阶段的活动
         PageResult<SeckillActivityDO> pageResult = activityService.getSeckillActivityAppPageByConfigId(pageReqVO);
@@ -113,6 +116,7 @@ public class AppSeckillActivityController {
     @GetMapping("/get-detail")
     @Operation(summary = "获得秒杀活动明细")
     @Parameter(name = "id", description = "活动编号", required = true, example = "1024")
+    @PermitAll
     public CommonResult<AppSeckillActivityDetailRespVO> getSeckillActivity(@RequestParam("id") Long id) {
         // 1. 获取活动
         SeckillActivityDO activity = activityService.getSeckillActivity(id);
@@ -153,6 +157,7 @@ public class AppSeckillActivityController {
     @GetMapping("/list-by-ids")
     @Operation(summary = "获得秒杀活动列表，基于活动编号数组")
     @Parameter(name = "ids", description = "活动编号数组", required = true, example = "[1024, 1025]")
+    @PermitAll
     public CommonResult<List<AppSeckillActivityRespVO>> getCombinationActivityListByIds(@RequestParam("ids") List<Long> ids) {
         // 1. 获得开启的活动列表
         List<SeckillActivityDO> activityList = activityService.getSeckillActivityListByIds(ids);

yudao-module-mall/yudao-module-promotion-biz/src/main/java/cn/iocoder/yudao/module/promotion/controller/app/seckill/AppSeckillConfigController.java

@@ -8,6 +8,7 @@ import cn.iocoder.yudao.module.promotion.dal.dataobject.seckill.SeckillConfigDO;
 import cn.iocoder.yudao.module.promotion.service.seckill.SeckillConfigService;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.annotation.security.PermitAll;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -28,6 +29,7 @@ public class AppSeckillConfigController {
 
     @GetMapping("/list")
     @Operation(summary = "获得秒杀时间段列表")
+    @PermitAll
     public CommonResult<List<AppSeckillConfigRespVO>> getSeckillConfigList() {
         List<SeckillConfigDO> list = configService.getSeckillConfigListByStatus(CommonStatusEnum.ENABLE.getStatus());
         return success(SeckillConfigConvert.INSTANCE.convertList2(list));

yudao-module-mall/yudao-module-trade-biz/src/main/java/cn/iocoder/yudao/module/trade/controller/app/aftersale/AppAfterSaleController.java

@@ -3,7 +3,6 @@ package cn.iocoder.yudao.module.trade.controller.app.aftersale;
 import cn.iocoder.yudao.framework.common.pojo.CommonResult;
 import cn.iocoder.yudao.framework.common.pojo.PageParam;
 import cn.iocoder.yudao.framework.common.pojo.PageResult;
-import cn.iocoder.yudao.framework.security.core.annotations.PreAuthenticated;
 import cn.iocoder.yudao.module.trade.controller.app.aftersale.vo.AppAfterSaleCreateReqVO;
 import cn.iocoder.yudao.module.trade.controller.app.aftersale.vo.AppAfterSaleDeliveryReqVO;
 import cn.iocoder.yudao.module.trade.controller.app.aftersale.vo.AppAfterSaleRespVO;
@@ -32,7 +31,6 @@ public class AppAfterSaleController {
 
     @GetMapping(value = "/page")
     @Operation(summary = "获得售后分页")
-    @PreAuthenticated
     public CommonResult<PageResult<AppAfterSaleRespVO>> getAfterSalePage(PageParam pageParam) {
         return success(AfterSaleConvert.INSTANCE.convertPage02(
                 afterSaleService.getAfterSalePage(getLoginUserId(), pageParam)));
@@ -41,21 +39,18 @@ public class AppAfterSaleController {
     @GetMapping(value = "/get")
     @Operation(summary = "获得售后订单")
     @Parameter(name = "id", description = "售后编号", required = true, example = "1")
-    @PreAuthenticated
     public CommonResult<AppAfterSaleRespVO> getAfterSale(@RequestParam("id") Long id) {
         return success(AfterSaleConvert.INSTANCE.convert(afterSaleService.getAfterSale(getLoginUserId(), id)));
     }
 
     @PostMapping(value = "/create")
     @Operation(summary = "申请售后")
-    @PreAuthenticated
     public CommonResult<Long> createAfterSale(@RequestBody AppAfterSaleCreateReqVO createReqVO) {
         return success(afterSaleService.createAfterSale(getLoginUserId(), createReqVO));
     }
 
     @PutMapping(value = "/delivery")
     @Operation(summary = "退回货物")
-    @PreAuthenticated
     public CommonResult<Boolean> deliveryAfterSale(@RequestBody AppAfterSaleDeliveryReqVO deliveryReqVO) {
         afterSaleService.deliveryAfterSale(getLoginUserId(), deliveryReqVO);
         return success(true);
@@ -64,7 +59,6 @@ public class AppAfterSaleController {
     @DeleteMapping(value = "/cancel")
     @Operation(summary = "取消售后")
     @Parameter(name = "id", description = "售后编号", required = true, example = "1")
-    @PreAuthenticated
     public CommonResult<Boolean> cancelAfterSale(@RequestParam("id") Long id) {
         afterSaleService.cancelAfterSale(getLoginUserId(), id);
         return success(true);

yudao-module-mall/yudao-module-trade-biz/src/main/java/cn/iocoder/yudao/module/trade/controller/app/aftersale/AppAfterSaleLogController.java

@@ -2,7 +2,6 @@ package cn.iocoder.yudao.module.trade.controller.app.aftersale;
 
 import cn.iocoder.yudao.framework.common.pojo.CommonResult;
 import cn.iocoder.yudao.framework.common.util.object.BeanUtils;
-import cn.iocoder.yudao.framework.security.core.annotations.PreAuthenticated;
 import cn.iocoder.yudao.module.trade.controller.app.aftersale.vo.log.AppAfterSaleLogRespVO;
 import cn.iocoder.yudao.module.trade.dal.dataobject.aftersale.AfterSaleLogDO;
 import cn.iocoder.yudao.module.trade.service.aftersale.AfterSaleLogService;
@@ -34,7 +33,6 @@ public class AppAfterSaleLogController {
     @GetMapping("/list")
     @Operation(summary = "获得售后日志列表")
     @Parameter(name = "afterSaleId", description = "售后编号", required = true, example = "1")
-    @PreAuthenticated
     public CommonResult<List<AppAfterSaleLogRespVO>> getAfterSaleLogList(
             @RequestParam("afterSaleId") Long afterSaleId) {
         List<AfterSaleLogDO> logs = afterSaleLogService.getAfterSaleLogList(afterSaleId);

yudao-module-mall/yudao-module-trade-biz/src/main/java/cn/iocoder/yudao/module/trade/controller/app/brokerage/AppBrokerageRecordController.java

@@ -3,7 +3,6 @@ package cn.iocoder.yudao.module.trade.controller.app.brokerage;
 import cn.iocoder.yudao.framework.common.pojo.CommonResult;
 import cn.iocoder.yudao.framework.common.pojo.PageResult;
 import cn.iocoder.yudao.framework.common.util.object.BeanUtils;
-import cn.iocoder.yudao.framework.security.core.annotations.PreAuthenticated;
 import cn.iocoder.yudao.module.trade.controller.app.brokerage.vo.record.AppBrokerageProductPriceRespVO;
 import cn.iocoder.yudao.module.trade.controller.app.brokerage.vo.record.AppBrokerageRecordPageReqVO;
 import cn.iocoder.yudao.module.trade.controller.app.brokerage.vo.record.AppBrokerageRecordRespVO;
@@ -12,6 +11,8 @@ import cn.iocoder.yudao.module.trade.dal.dataobject.brokerage.BrokerageRecordDO;
 import cn.iocoder.yudao.module.trade.service.brokerage.BrokerageRecordService;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.annotation.Resource;
+import jakarta.validation.Valid;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -19,9 +20,6 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
-import jakarta.annotation.Resource;
-import jakarta.validation.Valid;
-
 import static cn.iocoder.yudao.framework.common.pojo.CommonResult.success;
 import static cn.iocoder.yudao.framework.web.core.util.WebFrameworkUtils.getLoginUserId;
 
@@ -36,7 +34,6 @@ public class AppBrokerageRecordController {
 
     @GetMapping("/page")
     @Operation(summary = "获得分销记录分页")
-    @PreAuthenticated
     public CommonResult<PageResult<AppBrokerageRecordRespVO>> getBrokerageRecordPage(@Valid AppBrokerageRecordPageReqVO pageReqVO) {
         PageResult<BrokerageRecordDO> pageResult = brokerageRecordService.getBrokerageRecordPage(
                 BrokerageRecordConvert.INSTANCE.convert(pageReqVO, getLoginUserId()));
@@ -45,7 +42,6 @@ public class AppBrokerageRecordController {
 
     @GetMapping("/get-product-brokerage-price")
     @Operation(summary = "获得商品的分销金额")
-    @PreAuthenticated
     public CommonResult<AppBrokerageProductPriceRespVO> getProductBrokeragePrice(@RequestParam("spuId") Long spuId) {
         return success(brokerageRecordService.calculateProductBrokeragePrice(getLoginUserId(), spuId));
     }

yudao-module-mall/yudao-module-trade-biz/src/main/java/cn/iocoder/yudao/module/trade/controller/app/brokerage/AppBrokerageUserController.java

@@ -3,7 +3,6 @@ package cn.iocoder.yudao.module.trade.controller.app.brokerage;
 import cn.hutool.core.date.LocalDateTimeUtil;
 import cn.iocoder.yudao.framework.common.pojo.CommonResult;
 import cn.iocoder.yudao.framework.common.pojo.PageResult;
-import cn.iocoder.yudao.framework.security.core.annotations.PreAuthenticated;
 import cn.iocoder.yudao.module.member.api.user.MemberUserApi;
 import cn.iocoder.yudao.module.member.api.user.dto.MemberUserRespDTO;
 import cn.iocoder.yudao.module.trade.controller.app.brokerage.vo.user.*;
@@ -55,7 +54,6 @@ public class AppBrokerageUserController {
 
     @GetMapping("/get")
     @Operation(summary = "获得个人分销信息")
-    @PreAuthenticated
     public CommonResult<AppBrokerageUserRespVO> getBrokerageUser() {
         Optional<BrokerageUserDO> user = Optional.ofNullable(brokerageUserService.getOrCreateBrokerageUser(getLoginUserId()));
         // 返回数据
@@ -68,14 +66,12 @@ public class AppBrokerageUserController {
 
     @PutMapping("/bind")
     @Operation(summary = "绑定推广员")
-    @PreAuthenticated
     public CommonResult<Boolean> bindBrokerageUser(@Valid @RequestBody AppBrokerageUserBindReqVO reqVO) {
         return success(brokerageUserService.bindBrokerageUser(getLoginUserId(), reqVO.getBindUserId()));
     }
 
     @GetMapping("/get-summary")
     @Operation(summary = "获得个人分销统计")
-    @PreAuthenticated
     public CommonResult<AppBrokerageUserMySummaryRespVO> getBrokerageUserSummary() {
         // 查询当前登录用户信息
         Long userId = getLoginUserId();
@@ -101,7 +97,6 @@ public class AppBrokerageUserController {
 
     @GetMapping("/rank-page-by-user-count")
     @Operation(summary = "获得分销用户排行分页（基于用户量）")
-    @PreAuthenticated
     public CommonResult<PageResult<AppBrokerageUserRankByUserCountRespVO>> getBrokerageUserRankPageByUserCount(AppBrokerageUserRankPageReqVO pageReqVO) {
         // 分页查询
         PageResult<AppBrokerageUserRankByUserCountRespVO> pageResult = brokerageUserService.getBrokerageUserRankPageByUserCount(pageReqVO);
@@ -112,7 +107,6 @@ public class AppBrokerageUserController {
 
     @GetMapping("/rank-page-by-price")
     @Operation(summary = "获得分销用户排行分页（基于佣金）")
-    @PreAuthenticated
     public CommonResult<PageResult<AppBrokerageUserRankByPriceRespVO>> getBrokerageUserChildSummaryPageByPrice(AppBrokerageUserRankPageReqVO pageReqVO) {
         // 分页查询
         PageResult<AppBrokerageUserRankByPriceRespVO> pageResult = brokerageRecordService.getBrokerageUserChildSummaryPageByPrice(pageReqVO);
@@ -123,7 +117,6 @@ public class AppBrokerageUserController {
 
     @GetMapping("/child-summary-page")
     @Operation(summary = "获得下级分销统计分页")
-    @PreAuthenticated
     public CommonResult<PageResult<AppBrokerageUserChildSummaryRespVO>> getBrokerageUserChildSummaryPage(
             AppBrokerageUserChildSummaryPageReqVO pageReqVO) {
         PageResult<AppBrokerageUserChildSummaryRespVO> pageResult = brokerageUserService.getBrokerageUserChildSummaryPage(pageReqVO, getLoginUserId());
@@ -133,7 +126,6 @@ public class AppBrokerageUserController {
     @GetMapping("/get-rank-by-price")
     @Operation(summary = "获得分销用户排行（基于佣金）")
     @Parameter(name = "times", description = "时间段", required = true)
-    @PreAuthenticated
     public CommonResult<Integer> getRankByPrice(
             @RequestParam("times") @DateTimeFormat(pattern = FORMAT_YEAR_MONTH_DAY_HOUR_MINUTE_SECOND) LocalDateTime[] times) {
         return success(brokerageRecordService.getUserRankByPrice(getLoginUserId(), times));

yudao-module-mall/yudao-module-trade-biz/src/main/java/cn/iocoder/yudao/module/trade/controller/app/brokerage/AppBrokerageWithdrawController.java

@@ -2,7 +2,6 @@ package cn.iocoder.yudao.module.trade.controller.app.brokerage;
 
 import cn.iocoder.yudao.framework.common.pojo.CommonResult;
 import cn.iocoder.yudao.framework.common.pojo.PageResult;
-import cn.iocoder.yudao.framework.security.core.annotations.PreAuthenticated;
 import cn.iocoder.yudao.module.trade.controller.app.brokerage.vo.withdraw.AppBrokerageWithdrawCreateReqVO;
 import cn.iocoder.yudao.module.trade.controller.app.brokerage.vo.withdraw.AppBrokerageWithdrawPageReqVO;
 import cn.iocoder.yudao.module.trade.controller.app.brokerage.vo.withdraw.AppBrokerageWithdrawRespVO;
@@ -11,13 +10,12 @@ import cn.iocoder.yudao.module.trade.dal.dataobject.brokerage.BrokerageWithdrawD
 import cn.iocoder.yudao.module.trade.service.brokerage.BrokerageWithdrawService;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.annotation.Resource;
+import jakarta.validation.Valid;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
-import jakarta.annotation.Resource;
-import jakarta.validation.Valid;
-
 import static cn.iocoder.yudao.framework.common.pojo.CommonResult.success;
 import static cn.iocoder.yudao.framework.web.core.util.WebFrameworkUtils.getLoginUserId;
 
@@ -33,7 +31,6 @@ public class AppBrokerageWithdrawController {
 
     @GetMapping("/page")
     @Operation(summary = "获得分销提现分页")
-    @PreAuthenticated
     public CommonResult<PageResult<AppBrokerageWithdrawRespVO>> getBrokerageWithdrawPage(AppBrokerageWithdrawPageReqVO pageReqVO) {
         PageResult<BrokerageWithdrawDO> pageResult = brokerageWithdrawService.getBrokerageWithdrawPage(
                 BrokerageWithdrawConvert.INSTANCE.convert(pageReqVO, getLoginUserId()));
@@ -42,7 +39,6 @@ public class AppBrokerageWithdrawController {
 
     @PostMapping("/create")
     @Operation(summary = "创建分销提现")
-    @PreAuthenticated
     public CommonResult<Long> createBrokerageWithdraw(@RequestBody @Valid AppBrokerageWithdrawCreateReqVO createReqVO) {
         return success(brokerageWithdrawService.createBrokerageWithdraw(getLoginUserId(), createReqVO));
     }

yudao-module-mall/yudao-module-trade-biz/src/main/java/cn/iocoder/yudao/module/trade/controller/app/cart/AppCartController.java

@@ -1,19 +1,18 @@
 package cn.iocoder.yudao.module.trade.controller.app.cart;
 
 import cn.iocoder.yudao.framework.common.pojo.CommonResult;
-import cn.iocoder.yudao.framework.security.core.annotations.PreAuthenticated;
 import cn.iocoder.yudao.module.trade.controller.app.cart.vo.*;
 import cn.iocoder.yudao.module.trade.service.cart.CartService;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.annotation.Resource;
+import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
-import jakarta.annotation.Resource;
-import jakarta.validation.Valid;
 import java.util.List;
 
 import static cn.iocoder.yudao.framework.common.pojo.CommonResult.success;
@@ -32,14 +31,12 @@ public class AppCartController {
 
     @PostMapping("/add")
     @Operation(summary = "添加购物车商品")
-    @PreAuthenticated
     public CommonResult<Long> addCart(@Valid @RequestBody AppCartAddReqVO addCountReqVO) {
         return success(cartService.addCart(getLoginUserId(), addCountReqVO));
     }
 
     @PutMapping("/update-count")
     @Operation(summary = "更新购物车商品数量")
-    @PreAuthenticated
     public CommonResult<Boolean> updateCartCount(@Valid @RequestBody AppCartUpdateCountReqVO updateReqVO) {
         cartService.updateCartCount(getLoginUserId(), updateReqVO);
         return success(true);
@@ -47,7 +44,6 @@ public class AppCartController {
 
     @PutMapping("/update-selected")
     @Operation(summary = "更新购物车商品选中")
-    @PreAuthenticated
     public CommonResult<Boolean> updateCartSelected(@Valid @RequestBody AppCartUpdateSelectedReqVO updateReqVO) {
         cartService.updateCartSelected(getLoginUserId(), updateReqVO);
         return success(true);
@@ -55,7 +51,6 @@ public class AppCartController {
 
     @PutMapping("/reset")
     @Operation(summary = "重置购物车商品")
-    @PreAuthenticated
     public CommonResult<Boolean> resetCart(@Valid @RequestBody AppCartResetReqVO updateReqVO) {
         cartService.resetCart(getLoginUserId(), updateReqVO);
         return success(true);
@@ -64,7 +59,6 @@ public class AppCartController {
     @DeleteMapping("/delete")
     @Operation(summary = "删除购物车商品")
     @Parameter(name = "ids", description = "购物车商品编号", required = true, example = "1024,2048")
-    @PreAuthenticated
     public CommonResult<Boolean> deleteCart(@RequestParam("ids") List<Long> ids) {
         cartService.deleteCart(getLoginUserId(), ids);
         return success(true);
@@ -72,14 +66,12 @@ public class AppCartController {
 
     @GetMapping("get-count")
     @Operation(summary = "查询用户在购物车中的商品数量")
-    @PreAuthenticated
     public CommonResult<Integer> getCartCount() {
         return success(cartService.getCartCount(getLoginUserId()));
     }
 
     @GetMapping("/list")
     @Operation(summary = "查询用户的购物车列表")
-    @PreAuthenticated
     public CommonResult<AppCartListRespVO> getCartList() {
         return success(cartService.getCartList(getLoginUserId()));
     }

yudao-module-mall/yudao-module-trade-biz/src/main/java/cn/iocoder/yudao/module/trade/controller/app/config/AppTradeConfigController.java

@@ -8,6 +8,7 @@ import cn.iocoder.yudao.module.trade.dal.dataobject.config.TradeConfigDO;
 import cn.iocoder.yudao.module.trade.service.config.TradeConfigService;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.annotation.security.PermitAll;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
@@ -36,6 +37,7 @@ public class AppTradeConfigController {
 
     @GetMapping("/get")
     @Operation(summary = "获得交易配置")
+    @PermitAll
     public CommonResult<AppTradeConfigRespVO> getTradeConfig() {
         TradeConfigDO config = ObjUtil.defaultIfNull(tradeConfigService.getTradeConfig(), new TradeConfigDO());
         return success(TradeConfigConvert.INSTANCE.convert02(config).setTencentLbsKey(tencentLbsKey));

yudao-module-mall/yudao-module-trade-biz/src/main/java/cn/iocoder/yudao/module/trade/controller/app/delivery/AppDeliverExpressController.java

@@ -8,6 +8,7 @@ import cn.iocoder.yudao.module.trade.dal.dataobject.delivery.DeliveryExpressDO;
 import cn.iocoder.yudao.module.trade.service.delivery.DeliveryExpressService;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.annotation.security.PermitAll;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -30,6 +31,7 @@ public class AppDeliverExpressController {
 
     @GetMapping("/list")
     @Operation(summary = "获得快递公司列表")
+    @PermitAll
     public CommonResult<List<AppDeliveryExpressRespVO>> getDeliveryExpressList() {
         List<DeliveryExpressDO> list = deliveryExpressService.getDeliveryExpressListByStatus(CommonStatusEnum.ENABLE.getStatus());
         list.sort(Comparator.comparing(DeliveryExpressDO::getSort));

yudao-module-mall/yudao-module-trade-biz/src/main/java/cn/iocoder/yudao/module/trade/controller/app/delivery/AppDeliverPickUpStoreController.java

@@ -10,6 +10,7 @@ import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.Parameters;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.annotation.security.PermitAll;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -36,6 +37,7 @@ public class AppDeliverPickUpStoreController {
             @Parameter(name = "latitude", description = "精度", example = "110"),
             @Parameter(name = "longitude", description = "纬度", example = "120")
     })
+    @PermitAll
     public CommonResult<List<AppDeliveryPickUpStoreRespVO>> getDeliveryPickUpStoreList(
             @RequestParam(value = "latitude", required = false) Double latitude,
             @RequestParam(value = "longitude", required = false) Double longitude) {
@@ -47,6 +49,7 @@ public class AppDeliverPickUpStoreController {
     @GetMapping("/get")
     @Operation(summary = "获得自提门店")
     @Parameter(name = "id", description = "门店编号")
+    @PermitAll
     public CommonResult<AppDeliveryPickUpStoreRespVO> getOrder(@RequestParam("id") Long id) {
         DeliveryPickUpStoreDO store = deliveryPickUpStoreService.getDeliveryPickUpStore(id);
         return success(DeliveryPickUpStoreConvert.INSTANCE.convert03(store));

yudao-module-mall/yudao-module-trade-biz/src/main/java/cn/iocoder/yudao/module/trade/controller/app/order/AppTradeOrderController.java

@@ -2,7 +2,6 @@ package cn.iocoder.yudao.module.trade.controller.app.order;
 
 import cn.iocoder.yudao.framework.common.pojo.CommonResult;
 import cn.iocoder.yudao.framework.common.pojo.PageResult;
-import cn.iocoder.yudao.framework.security.core.annotations.PreAuthenticated;
 import cn.iocoder.yudao.module.pay.api.notify.dto.PayOrderNotifyReqDTO;
 import cn.iocoder.yudao.module.trade.controller.app.order.vo.*;
 import cn.iocoder.yudao.module.trade.controller.app.order.vo.item.AppTradeOrderItemCommentCreateReqVO;
@@ -24,6 +23,7 @@ import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.Parameters;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.annotation.Resource;
+import jakarta.annotation.security.PermitAll;
 import jakarta.validation.Valid;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.validation.annotation.Validated;
@@ -59,7 +59,6 @@ public class AppTradeOrderController {
 
     @GetMapping("/settlement")
     @Operation(summary = "获得订单结算信息")
-    @PreAuthenticated
     public CommonResult<AppTradeOrderSettlementRespVO> settlementOrder(@Valid AppTradeOrderSettlementReqVO settlementReqVO) {
         return success(tradeOrderUpdateService.settlementOrder(getLoginUserId(), settlementReqVO));
     }
@@ -67,13 +66,13 @@ public class AppTradeOrderController {
     @GetMapping("/settlement-product")
     @Operation(summary = "获得商品结算信息", description = "用于商品列表、商品详情，获得参与活动后的价格信息")
     @Parameter(name = "spuIds", description = "商品 SPU 编号数组")
+    @PermitAll
     public CommonResult<List<AppTradeProductSettlementRespVO>> settlementProduct(@RequestParam("spuIds") List<Long> spuIds) {
         return success(priceService.calculateProductPrice(getLoginUserId(), spuIds));
     }
 
     @PostMapping("/create")
     @Operation(summary = "创建订单")
-    @PreAuthenticated
     public CommonResult<AppTradeOrderCreateRespVO> createOrder(@Valid @RequestBody AppTradeOrderCreateReqVO createReqVO) {
         TradeOrderDO order = tradeOrderUpdateService.createOrder(getLoginUserId(), createReqVO);
         return success(new AppTradeOrderCreateRespVO().setId(order.getId()).setPayOrderId(order.getPayOrderId()));
@@ -93,7 +92,6 @@ public class AppTradeOrderController {
             @Parameter(name = "id", description = "交易订单编号"),
             @Parameter(name = "sync", description = "是否同步支付状态", example = "true")
     })
-    @PreAuthenticated
     public CommonResult<AppTradeOrderDetailRespVO> getOrderDetail(@RequestParam("id") Long id,
                                                                   @RequestParam(value = "sync", required = false) Boolean sync) {
         // 1.1 查询订单
@@ -121,7 +119,6 @@ public class AppTradeOrderController {
     @GetMapping("/get-express-track-list")
     @Operation(summary = "获得交易订单的物流轨迹")
     @Parameter(name = "id", description = "交易订单编号")
-    @PreAuthenticated
     public CommonResult<List<AppOrderExpressTrackRespDTO>> getOrderExpressTrackList(@RequestParam("id") Long id) {
         return success(TradeOrderConvert.INSTANCE.convertList02(
                 tradeOrderQueryService.getExpressTrackList(id, getLoginUserId())));
@@ -129,7 +126,6 @@ public class AppTradeOrderController {
 
     @GetMapping("/page")
     @Operation(summary = "获得交易订单分页")
-    @PreAuthenticated
     public CommonResult<PageResult<AppTradeOrderPageItemRespVO>> getOrderPage(AppTradeOrderPageReqVO reqVO) {
         // 查询订单
         PageResult<TradeOrderDO> pageResult = tradeOrderQueryService.getOrderPage(getLoginUserId(), reqVO);
@@ -142,7 +138,6 @@ public class AppTradeOrderController {
 
     @GetMapping("/get-count")
     @Operation(summary = "获得交易订单数量")
-    @PreAuthenticated
     public CommonResult<Map<String, Long>> getOrderCount() {
         Map<String, Long> orderCount = Maps.newLinkedHashMapWithExpectedSize(5);
         // 全部
@@ -167,7 +162,6 @@ public class AppTradeOrderController {
     @PutMapping("/receive")
     @Operation(summary = "确认交易订单收货")
     @Parameter(name = "id", description = "交易订单编号")
-    @PreAuthenticated
     public CommonResult<Boolean> receiveOrder(@RequestParam("id") Long id) {
         tradeOrderUpdateService.receiveOrderByMember(getLoginUserId(), id);
         return success(true);
@@ -176,7 +170,6 @@ public class AppTradeOrderController {
     @DeleteMapping("/cancel")
     @Operation(summary = "取消交易订单")
     @Parameter(name = "id", description = "交易订单编号")
-    @PreAuthenticated
     public CommonResult<Boolean> cancelOrder(@RequestParam("id") Long id) {
         tradeOrderUpdateService.cancelOrderByMember(getLoginUserId(), id);
         return success(true);
@@ -185,7 +178,6 @@ public class AppTradeOrderController {
     @DeleteMapping("/delete")
     @Operation(summary = "删除交易订单")
     @Parameter(name = "id", description = "交易订单编号")
-    @PreAuthenticated
     public CommonResult<Boolean> deleteOrder(@RequestParam("id") Long id) {
         tradeOrderUpdateService.deleteOrder(getLoginUserId(), id);
         return success(true);
@@ -196,7 +188,6 @@ public class AppTradeOrderController {
     @GetMapping("/item/get")
     @Operation(summary = "获得交易订单项")
     @Parameter(name = "id", description = "交易订单项编号")
-    @PreAuthenticated
     public CommonResult<AppTradeOrderItemRespVO> getOrderItem(@RequestParam("id") Long id) {
         TradeOrderItemDO item = tradeOrderQueryService.getOrderItem(getLoginUserId(), id);
         return success(TradeOrderConvert.INSTANCE.convert03(item));
@@ -204,7 +195,6 @@ public class AppTradeOrderController {
 
     @PostMapping("/item/create-comment")
     @Operation(summary = "创建交易订单项的评价")
-    @PreAuthenticated
     public CommonResult<Long> createOrderItemComment(@RequestBody AppTradeOrderItemCommentCreateReqVO createReqVO) {
         return success(tradeOrderUpdateService.createOrderItemCommentByMember(getLoginUserId(), createReqVO));
     }

yudao-module-member/yudao-module-member-biz/src/main/java/cn/iocoder/yudao/module/member/controller/app/address/AppAddressController.java

@@ -1,21 +1,20 @@
 package cn.iocoder.yudao.module.member.controller.app.address;
 
 import cn.iocoder.yudao.framework.common.pojo.CommonResult;
-import cn.iocoder.yudao.framework.security.core.annotations.PreAuthenticated;
 import cn.iocoder.yudao.module.member.controller.app.address.vo.AppAddressCreateReqVO;
 import cn.iocoder.yudao.module.member.controller.app.address.vo.AppAddressRespVO;
 import cn.iocoder.yudao.module.member.controller.app.address.vo.AppAddressUpdateReqVO;
 import cn.iocoder.yudao.module.member.convert.address.AddressConvert;
 import cn.iocoder.yudao.module.member.dal.dataobject.address.MemberAddressDO;
 import cn.iocoder.yudao.module.member.service.address.AddressService;
-import io.swagger.v3.oas.annotations.tags.Tag;
-import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.annotation.Resource;
+import jakarta.validation.Valid;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
-import jakarta.annotation.Resource;
-import jakarta.validation.Valid;
 import java.util.List;
 
 import static cn.iocoder.yudao.framework.common.pojo.CommonResult.success;
@@ -32,14 +31,12 @@ public class AppAddressController {
 
     @PostMapping("/create")
     @Operation(summary = "创建用户收件地址")
-    @PreAuthenticated
     public CommonResult<Long> createAddress(@Valid @RequestBody AppAddressCreateReqVO createReqVO) {
         return success(addressService.createAddress(getLoginUserId(), createReqVO));
     }
 
     @PutMapping("/update")
     @Operation(summary = "更新用户收件地址")
-    @PreAuthenticated
     public CommonResult<Boolean> updateAddress(@Valid @RequestBody AppAddressUpdateReqVO updateReqVO) {
         addressService.updateAddress(getLoginUserId(), updateReqVO);
         return success(true);
@@ -48,7 +45,6 @@ public class AppAddressController {
     @DeleteMapping("/delete")
     @Operation(summary = "删除用户收件地址")
     @Parameter(name = "id", description = "编号", required = true)
-    @PreAuthenticated
     public CommonResult<Boolean> deleteAddress(@RequestParam("id") Long id) {
         addressService.deleteAddress(getLoginUserId(), id);
         return success(true);
@@ -57,7 +53,6 @@ public class AppAddressController {
     @GetMapping("/get")
     @Operation(summary = "获得用户收件地址")
     @Parameter(name = "id", description = "编号", required = true, example = "1024")
-    @PreAuthenticated
     public CommonResult<AppAddressRespVO> getAddress(@RequestParam("id") Long id) {
         MemberAddressDO address = addressService.getAddress(getLoginUserId(), id);
         return success(AddressConvert.INSTANCE.convert(address));
@@ -65,7 +60,6 @@ public class AppAddressController {
 
     @GetMapping("/get-default")
     @Operation(summary = "获得默认的用户收件地址")
-    @PreAuthenticated
     public CommonResult<AppAddressRespVO> getDefaultUserAddress() {
         MemberAddressDO address = addressService.getDefaultUserAddress(getLoginUserId());
         return success(AddressConvert.INSTANCE.convert(address));
@@ -73,7 +67,6 @@ public class AppAddressController {
 
     @GetMapping("/list")
     @Operation(summary = "获得用户收件地址列表")
-    @PreAuthenticated
     public CommonResult<List<AppAddressRespVO>> getAddressList() {
         List<MemberAddressDO> list = addressService.getAddressList(getLoginUserId());
         return success(AddressConvert.INSTANCE.convertList(list));

yudao-module-member/yudao-module-member-biz/src/main/java/cn/iocoder/yudao/module/member/controller/app/auth/AppAuthController.java

@@ -44,13 +44,14 @@ public class AppAuthController {
 
     @PostMapping("/login")
     @Operation(summary = "使用手机 + 密码登录")
+    @PermitAll
     public CommonResult<AppAuthLoginRespVO> login(@RequestBody @Valid AppAuthLoginReqVO reqVO) {
         return success(authService.login(reqVO));
     }
 
     @PostMapping("/logout")
-    @PermitAll
     @Operation(summary = "登出系统")
+    @PermitAll
     public CommonResult<Boolean> logout(HttpServletRequest request) {
         String token = SecurityFrameworkUtils.obtainAuthorization(request,
                 securityProperties.getTokenHeader(), securityProperties.getTokenParameter());
@@ -63,6 +64,7 @@ public class AppAuthController {
     @PostMapping("/refresh-token")
     @Operation(summary = "刷新令牌")
     @Parameter(name = "refreshToken", description = "刷新令牌", required = true)
+    @PermitAll
     public CommonResult<AppAuthLoginRespVO> refreshToken(@RequestParam("refreshToken") String refreshToken) {
         return success(authService.refreshToken(refreshToken));
     }
@@ -71,12 +73,14 @@ public class AppAuthController {
 
     @PostMapping("/sms-login")
     @Operation(summary = "使用手机 + 验证码登录")
+    @PermitAll
     public CommonResult<AppAuthLoginRespVO> smsLogin(@RequestBody @Valid AppAuthSmsLoginReqVO reqVO) {
         return success(authService.smsLogin(reqVO));
     }
 
     @PostMapping("/send-sms-code")
     @Operation(summary = "发送手机验证码")
+    @PermitAll
     public CommonResult<Boolean> sendSmsCode(@RequestBody @Valid AppAuthSmsSendReqVO reqVO) {
         authService.sendSmsCode(getLoginUserId(), reqVO);
         return success(true);
@@ -84,6 +88,7 @@ public class AppAuthController {
 
     @PostMapping("/validate-sms-code")
     @Operation(summary = "校验手机验证码")
+    @PermitAll
     public CommonResult<Boolean> validateSmsCode(@RequestBody @Valid AppAuthSmsValidateReqVO reqVO) {
         authService.validateSmsCode(getLoginUserId(), reqVO);
         return success(true);
@@ -97,6 +102,7 @@ public class AppAuthController {
             @Parameter(name = "type", description = "社交类型", required = true),
             @Parameter(name = "redirectUri", description = "回调路径")
     })
+    @PermitAll
     public CommonResult<String> socialAuthRedirect(@RequestParam("type") Integer type,
                                                    @RequestParam("redirectUri") String redirectUri) {
         return CommonResult.success(authService.getSocialAuthorizeUrl(type, redirectUri));
@@ -104,12 +110,14 @@ public class AppAuthController {
 
     @PostMapping("/social-login")
     @Operation(summary = "社交快捷登录，使用 code 授权码", description = "适合未登录的用户，但是社交账号已绑定用户")
+    @PermitAll
     public CommonResult<AppAuthLoginRespVO> socialLogin(@RequestBody @Valid AppAuthSocialLoginReqVO reqVO) {
         return success(authService.socialLogin(reqVO));
     }
 
     @PostMapping("/weixin-mini-app-login")
     @Operation(summary = "微信小程序的一键登录")
+    @PermitAll
     public CommonResult<AppAuthLoginRespVO> weixinMiniAppLogin(@RequestBody @Valid AppAuthWeixinMiniAppLoginReqVO reqVO) {
         return success(authService.weixinMiniAppLogin(reqVO));
     }
@@ -117,6 +125,7 @@ public class AppAuthController {
     @PostMapping("/create-weixin-jsapi-signature")
     @Operation(summary = "创建微信 JS SDK 初始化所需的签名",
             description = "参考 https://developers.weixin.qq.com/doc/offiaccount/OA_Web_Apps/JS-SDK.html 文档")
+    @PermitAll
     public CommonResult<SocialWxJsapiSignatureRespDTO> createWeixinMpJsapiSignature(@RequestParam("url") String url) {
         SocialWxJsapiSignatureRespDTO signature = socialClientApi.createWxMpJsapiSignature(
                 UserTypeEnum.MEMBER.getValue(), url);

yudao-module-member/yudao-module-member-biz/src/main/java/cn/iocoder/yudao/module/member/controller/app/level/AppMemberExperienceRecordController.java

@@ -3,7 +3,6 @@ package cn.iocoder.yudao.module.member.controller.app.level;
 import cn.iocoder.yudao.framework.common.pojo.CommonResult;
 import cn.iocoder.yudao.framework.common.pojo.PageParam;
 import cn.iocoder.yudao.framework.common.pojo.PageResult;
-import cn.iocoder.yudao.framework.security.core.annotations.PreAuthenticated;
 import cn.iocoder.yudao.module.member.controller.app.level.vo.experience.AppMemberExperienceRecordRespVO;
 import cn.iocoder.yudao.module.member.convert.level.MemberExperienceRecordConvert;
 import cn.iocoder.yudao.module.member.dal.dataobject.level.MemberExperienceRecordDO;
@@ -32,7 +31,6 @@ public class AppMemberExperienceRecordController {
 
     @GetMapping("/page")
     @Operation(summary = "获得会员经验记录分页")
-    @PreAuthenticated
     public CommonResult<PageResult<AppMemberExperienceRecordRespVO>> getExperienceRecordPage(
             @Valid PageParam pageParam) {
         PageResult<MemberExperienceRecordDO> pageResult = experienceLogService.getExperienceRecordPage(

yudao-module-member/yudao-module-member-biz/src/main/java/cn/iocoder/yudao/module/member/controller/app/level/AppMemberLevelController.java

@@ -7,6 +7,7 @@ import cn.iocoder.yudao.module.member.dal.dataobject.level.MemberLevelDO;
 import cn.iocoder.yudao.module.member.service.level.MemberLevelService;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.annotation.security.PermitAll;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -28,6 +29,7 @@ public class AppMemberLevelController {
 
     @GetMapping("/list")
     @Operation(summary = "获得会员等级列表")
+    @PermitAll
     public CommonResult<List<AppMemberLevelRespVO>> getLevelList() {
         List<MemberLevelDO> result = levelService.getEnableLevelList();
         return success(MemberLevelConvert.INSTANCE.convertList02(result));

yudao-module-member/yudao-module-member-biz/src/main/java/cn/iocoder/yudao/module/member/controller/app/point/AppMemberPointRecordController.java

@@ -1,25 +1,21 @@
 package cn.iocoder.yudao.module.member.controller.app.point;
 
 import cn.iocoder.yudao.framework.common.pojo.CommonResult;
-import cn.iocoder.yudao.framework.common.pojo.PageParam;
 import cn.iocoder.yudao.framework.common.pojo.PageResult;
 import cn.iocoder.yudao.framework.common.util.object.BeanUtils;
-import cn.iocoder.yudao.framework.security.core.annotations.PreAuthenticated;
 import cn.iocoder.yudao.module.member.controller.app.point.vo.AppMemberPointRecordPageReqVO;
 import cn.iocoder.yudao.module.member.controller.app.point.vo.AppMemberPointRecordRespVO;
-import cn.iocoder.yudao.module.member.convert.point.MemberPointRecordConvert;
 import cn.iocoder.yudao.module.member.dal.dataobject.point.MemberPointRecordDO;
 import cn.iocoder.yudao.module.member.service.point.MemberPointRecordService;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.annotation.Resource;
+import jakarta.validation.Valid;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import jakarta.annotation.Resource;
-import jakarta.validation.Valid;
-
 import static cn.iocoder.yudao.framework.common.pojo.CommonResult.success;
 import static cn.iocoder.yudao.framework.security.core.util.SecurityFrameworkUtils.getLoginUserId;
 
@@ -34,7 +30,6 @@ public class AppMemberPointRecordController {
 
     @GetMapping("/page")
     @Operation(summary = "获得用户积分记录分页")
-    @PreAuthenticated
     public CommonResult<PageResult<AppMemberPointRecordRespVO>> getPointRecordPage(
             @Valid AppMemberPointRecordPageReqVO pageReqVO) {
         PageResult<MemberPointRecordDO> pageResult = pointRecordService.getPointRecordPage(getLoginUserId(), pageReqVO);

yudao-module-member/yudao-module-member-biz/src/main/java/cn/iocoder/yudao/module/member/controller/app/signin/AppMemberSignInConfigController.java

@@ -8,6 +8,7 @@ import cn.iocoder.yudao.module.member.dal.dataobject.signin.MemberSignInConfigDO
 import cn.iocoder.yudao.module.member.service.signin.MemberSignInConfigService;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.annotation.security.PermitAll;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -29,6 +30,7 @@ public class AppMemberSignInConfigController {
 
     @GetMapping("/list")
     @Operation(summary = "获得签到规则列表")
+    @PermitAll
     public CommonResult<List<AppMemberSignInConfigRespVO>> getSignInConfigList() {
         List<MemberSignInConfigDO> pageResult = signInConfigService.getSignInConfigList(CommonStatusEnum.ENABLE.getStatus());
         return success(MemberSignInConfigConvert.INSTANCE.convertList02(pageResult));

yudao-module-member/yudao-module-member-biz/src/main/java/cn/iocoder/yudao/module/member/controller/app/signin/AppMemberSignInRecordController.java

@@ -3,7 +3,6 @@ package cn.iocoder.yudao.module.member.controller.app.signin;
 import cn.iocoder.yudao.framework.common.pojo.CommonResult;
 import cn.iocoder.yudao.framework.common.pojo.PageParam;
 import cn.iocoder.yudao.framework.common.pojo.PageResult;
-import cn.iocoder.yudao.framework.security.core.annotations.PreAuthenticated;
 import cn.iocoder.yudao.module.member.controller.app.signin.vo.record.AppMemberSignInRecordRespVO;
 import cn.iocoder.yudao.module.member.controller.app.signin.vo.record.AppMemberSignInRecordSummaryRespVO;
 import cn.iocoder.yudao.module.member.convert.signin.MemberSignInRecordConvert;
@@ -11,14 +10,13 @@ import cn.iocoder.yudao.module.member.dal.dataobject.signin.MemberSignInRecordDO
 import cn.iocoder.yudao.module.member.service.signin.MemberSignInRecordService;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.annotation.Resource;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import jakarta.annotation.Resource;
-
 import static cn.iocoder.yudao.framework.common.pojo.CommonResult.success;
 import static cn.iocoder.yudao.framework.security.core.util.SecurityFrameworkUtils.getLoginUserId;
 
@@ -33,14 +31,12 @@ public class AppMemberSignInRecordController {
 
     @GetMapping("/get-summary")
     @Operation(summary = "获得个人签到统计")
-    @PreAuthenticated
     public CommonResult<AppMemberSignInRecordSummaryRespVO> getSignInRecordSummary() {
         return success(signInRecordService.getSignInRecordSummary(getLoginUserId()));
     }
 
     @PostMapping("/create")
     @Operation(summary = "签到")
-    @PreAuthenticated
     public CommonResult<AppMemberSignInRecordRespVO> createSignInRecord() {
         MemberSignInRecordDO recordDO = signInRecordService.createSignRecord(getLoginUserId());
         return success(MemberSignInRecordConvert.INSTANCE.coverRecordToAppRecordVo(recordDO));
@@ -48,7 +44,6 @@ public class AppMemberSignInRecordController {
 
     @GetMapping("/page")
     @Operation(summary = "获得签到记录分页")
-    @PreAuthenticated
     public CommonResult<PageResult<AppMemberSignInRecordRespVO>> getSignRecordPage(PageParam pageParam) {
         PageResult<MemberSignInRecordDO> pageResult = signInRecordService.getSignRecordPage(getLoginUserId(), pageParam);
         return success(MemberSignInRecordConvert.INSTANCE.convertPage02(pageResult));

yudao-module-member/yudao-module-member-biz/src/main/java/cn/iocoder/yudao/module/member/controller/app/social/AppSocialUserController.java

@@ -4,7 +4,6 @@ import cn.hutool.core.codec.Base64;
 import cn.iocoder.yudao.framework.common.enums.UserTypeEnum;
 import cn.iocoder.yudao.framework.common.pojo.CommonResult;
 import cn.iocoder.yudao.framework.common.util.object.BeanUtils;
-import cn.iocoder.yudao.framework.security.core.annotations.PreAuthenticated;
 import cn.iocoder.yudao.module.member.controller.app.social.vo.*;
 import cn.iocoder.yudao.module.system.api.social.SocialClientApi;
 import cn.iocoder.yudao.module.system.api.social.SocialUserApi;
@@ -13,6 +12,7 @@ import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.annotation.Resource;
+import jakarta.annotation.security.PermitAll;
 import jakarta.validation.Valid;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
@@ -35,6 +35,7 @@ public class AppSocialUserController {
 
     @PostMapping("/bind")
     @Operation(summary = "社交绑定，使用 code 授权码")
+    @PermitAll
     public CommonResult<String> socialBind(@RequestBody @Valid AppSocialUserBindReqVO reqVO) {
         SocialUserBindReqDTO reqDTO = new SocialUserBindReqDTO(getLoginUserId(), UserTypeEnum.MEMBER.getValue(),
                 reqVO.getType(), reqVO.getCode(), reqVO.getState());
@@ -44,7 +45,6 @@ public class AppSocialUserController {
 
     @DeleteMapping("/unbind")
     @Operation(summary = "取消社交绑定")
-    @PreAuthenticated
     public CommonResult<Boolean> socialUnbind(@RequestBody AppSocialUserUnbindReqVO reqVO) {
         SocialUserUnbindReqDTO reqDTO = new SocialUserUnbindReqDTO(getLoginUserId(), UserTypeEnum.MEMBER.getValue(),
                 reqVO.getType(), reqVO.getOpenid());
@@ -55,7 +55,6 @@ public class AppSocialUserController {
     @GetMapping("/get")
     @Operation(summary = "获得社交用户")
     @Parameter(name = "type", description = "社交平台的类型，参见 SocialTypeEnum 枚举值", required = true, example = "10")
-    @PreAuthenticated
     public CommonResult<AppSocialUserRespVO> getSocialUser(@RequestParam("type") Integer type) {
         SocialUserRespDTO socialUser = socialUserApi.getSocialUserByUserId(UserTypeEnum.MEMBER.getValue(), getLoginUserId(), type);
         return success(BeanUtils.toBean(socialUser, AppSocialUserRespVO.class));
@@ -63,6 +62,7 @@ public class AppSocialUserController {
 
     @PostMapping("/wxa-qrcode")
     @Operation(summary = "获得微信小程序码(base64 image)")
+    @PermitAll
     public CommonResult<String> getWxaQrcode(@RequestBody @Valid AppSocialWxaQrcodeReqVO reqVO) {
         byte[] wxQrcode = socialClientApi.getWxaQrcode(BeanUtils.toBean(reqVO, SocialWxQrcodeReqDTO.class));
         return success(Base64.encode(wxQrcode));
@@ -70,6 +70,7 @@ public class AppSocialUserController {
 
     @GetMapping("/get-subscribe-template-list")
     @Operation(summary = "获得微信小程订阅模板列表")
+    @PermitAll
     public CommonResult<List<AppSocialWxaSubscribeTemplateRespVO>> getSubscribeTemplateList() {
         List<SocialWxaSubscribeTemplateRespDTO> template = socialClientApi.getWxaSubscribeTemplateList(UserTypeEnum.MEMBER.getValue());
         return success(BeanUtils.toBean(template, AppSocialWxaSubscribeTemplateRespVO.class));

yudao-module-member/yudao-module-member-biz/src/main/java/cn/iocoder/yudao/module/member/controller/app/user/AppMemberUserController.java

@@ -1,7 +1,6 @@
 package cn.iocoder.yudao.module.member.controller.app.user;
 
 import cn.iocoder.yudao.framework.common.pojo.CommonResult;
-import cn.iocoder.yudao.framework.security.core.annotations.PreAuthenticated;
 import cn.iocoder.yudao.module.member.controller.app.user.vo.*;
 import cn.iocoder.yudao.module.member.convert.user.MemberUserConvert;
 import cn.iocoder.yudao.module.member.dal.dataobject.level.MemberLevelDO;
@@ -10,13 +9,13 @@ import cn.iocoder.yudao.module.member.service.level.MemberLevelService;
 import cn.iocoder.yudao.module.member.service.user.MemberUserService;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.annotation.Resource;
+import jakarta.annotation.security.PermitAll;
+import jakarta.validation.Valid;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
-import jakarta.annotation.Resource;
-import jakarta.validation.Valid;
-
 import static cn.iocoder.yudao.framework.common.pojo.CommonResult.success;
 import static cn.iocoder.yudao.framework.security.core.util.SecurityFrameworkUtils.getLoginUserId;
 
@@ -34,7 +33,6 @@ public class AppMemberUserController {
 
     @GetMapping("/get")
     @Operation(summary = "获得基本信息")
-    @PreAuthenticated
     public CommonResult<AppMemberUserInfoRespVO> getUserInfo() {
         MemberUserDO user = userService.getUser(getLoginUserId());
         MemberLevelDO level = levelService.getLevel(user.getLevelId());
@@ -43,7 +41,6 @@ public class AppMemberUserController {
 
     @PutMapping("/update")
     @Operation(summary = "修改基本信息")
-    @PreAuthenticated
     public CommonResult<Boolean> updateUser(@RequestBody @Valid AppMemberUserUpdateReqVO reqVO) {
         userService.updateUser(getLoginUserId(), reqVO);
         return success(true);
@@ -51,7 +48,6 @@ public class AppMemberUserController {
 
     @PutMapping("/update-mobile")
     @Operation(summary = "修改用户手机")
-    @PreAuthenticated
     public CommonResult<Boolean> updateUserMobile(@RequestBody @Valid AppMemberUserUpdateMobileReqVO reqVO) {
         userService.updateUserMobile(getLoginUserId(), reqVO);
         return success(true);
@@ -59,7 +55,6 @@ public class AppMemberUserController {
 
     @PutMapping("/update-mobile-by-weixin")
     @Operation(summary = "基于微信小程序的授权码，修改用户手机")
-    @PreAuthenticated
     public CommonResult<Boolean> updateUserMobileByWeixin(@RequestBody @Valid AppMemberUserUpdateMobileByWeixinReqVO reqVO) {
         userService.updateUserMobileByWeixin(getLoginUserId(), reqVO);
         return success(true);
@@ -67,7 +62,6 @@ public class AppMemberUserController {
 
     @PutMapping("/update-password")
     @Operation(summary = "修改用户密码", description = "用户修改密码时使用")
-    @PreAuthenticated
     public CommonResult<Boolean> updateUserPassword(@RequestBody @Valid AppMemberUserUpdatePasswordReqVO reqVO) {
         userService.updateUserPassword(getLoginUserId(), reqVO);
         return success(true);
@@ -75,6 +69,7 @@ public class AppMemberUserController {
 
     @PutMapping("/reset-password")
     @Operation(summary = "重置密码", description = "用户忘记密码时使用")
+    @PermitAll
     public CommonResult<Boolean> resetUserPassword(@RequestBody @Valid AppMemberUserResetPasswordReqVO reqVO) {
         userService.resetUserPassword(reqVO);
         return success(true);

yudao-module-pay/yudao-module-pay-biz/src/main/java/cn/iocoder/yudao/module/pay/controller/app/channel/AppPayChannelController.java

@@ -6,13 +6,13 @@ import cn.iocoder.yudao.module.pay.service.channel.PayChannelService;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.annotation.Resource;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
-import jakarta.annotation.Resource;
 import java.util.List;
 import java.util.Set;
 

yudao-module-pay/yudao-module-pay-biz/src/main/java/cn/iocoder/yudao/module/pay/controller/app/order/AppPayOrderController.java

@@ -17,12 +17,11 @@ import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.Parameters;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.annotation.Resource;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
-import jakarta.annotation.Resource;
-
 import java.util.Map;
 import java.util.Objects;
 

yudao-module-pay/yudao-module-pay-biz/src/main/java/cn/iocoder/yudao/module/pay/controller/app/refund/package-info.java

@@ -1,4 +0,0 @@
-/**
- * TODO 芋艿：占个位置，没啥用
- */
-package cn.iocoder.yudao.module.pay.controller.app.refund;

yudao-module-pay/yudao-module-pay-biz/src/main/java/cn/iocoder/yudao/module/pay/controller/app/wallet/AppPayWalletController.java

@@ -2,7 +2,6 @@ package cn.iocoder.yudao.module.pay.controller.app.wallet;
 
 import cn.iocoder.yudao.framework.common.enums.UserTypeEnum;
 import cn.iocoder.yudao.framework.common.pojo.CommonResult;
-import cn.iocoder.yudao.framework.security.core.annotations.PreAuthenticated;
 import cn.iocoder.yudao.module.pay.controller.app.wallet.vo.wallet.AppPayWalletRespVO;
 import cn.iocoder.yudao.module.pay.convert.wallet.PayWalletConvert;
 import cn.iocoder.yudao.module.pay.dal.dataobject.wallet.PayWalletDO;
@@ -35,7 +34,6 @@ public class AppPayWalletController {
 
     @GetMapping("/get")
     @Operation(summary = "获取钱包")
-    @PreAuthenticated
     public CommonResult<AppPayWalletRespVO> getPayWallet() {
         PayWalletDO wallet = payWalletService.getOrCreateWallet(getLoginUserId(), UserTypeEnum.MEMBER.getValue());
         return success(PayWalletConvert.INSTANCE.convert(wallet));

yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/app/dict/AppDictDataController.java

@@ -9,6 +9,7 @@ import cn.iocoder.yudao.module.system.service.dict.DictDataService;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.annotation.security.PermitAll;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -32,6 +33,7 @@ public class AppDictDataController {
     @GetMapping("/type")
     @Operation(summary = "根据字典类型查询字典数据信息")
     @Parameter(name = "type", description = "字典类型", required = true, example = "common_status")
+    @PermitAll
     public CommonResult<List<AppDictDataRespVO>> getDictDataListByType(@RequestParam("type") String type) {
         List<DictDataDO> list = dictDataService.getDictDataList(
                 CommonStatusEnum.ENABLE.getStatus(), type);

yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/app/ip/AppAreaController.java

@@ -8,6 +8,7 @@ import cn.iocoder.yudao.framework.ip.core.utils.AreaUtils;
 import cn.iocoder.yudao.module.system.controller.app.ip.vo.AppAreaNodeRespVO;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.annotation.security.PermitAll;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -25,6 +26,7 @@ public class AppAreaController {
 
     @GetMapping("/tree")
     @Operation(summary = "获得地区树")
+    @PermitAll
     public CommonResult<List<AppAreaNodeRespVO>> getAreaTree() {
         Area area = AreaUtils.getArea(Area.ID_CHINA);
         Assert.notNull(area, "获取不到中国");