admin/lx-admin-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update 优化匿名路径jwt放行

Browse Source
This commit is contained in:
疯狂的狮子li 2021-09-26 14:08:48 +08:00
parent 0f2caf1cb6
commit 92804151a3
2 changed files with 35 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
ruoyi-framework/src/main/java/com/ruoyi/framework/config/properties/SecurityProperties.java Normal file
View File

@ -0,0 +1,22 @@
package com.ruoyi.framework.config.properties;
import lombok.Data;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.stereotype.Component;
/**
* Security 配置属性
*
* @author Lion Li
*/
@Data
@Component
@ConfigurationProperties(prefix = "security")
public class SecurityProperties {
/**
* 匿名放行路径
*/
private String[] anonymous;
}

13
ruoyi-framework/src/main/java/com/ruoyi/framework/security/filter/JwtAuthenticationTokenFilter.java
View File

@ -4,11 +4,14 @@ import com.ruoyi.common.core.domain.model.LoginUser;
import com.ruoyi.common.core.service.TokenService; import com.ruoyi.common.core.service.TokenService;
import com.ruoyi.common.utils.SecurityUtils; import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.StringUtils; import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.framework.config.properties.SecurityProperties;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.PathMatcher;
import org.springframework.web.filter.OncePerRequestFilter; import org.springframework.web.filter.OncePerRequestFilter;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
@ -28,10 +31,20 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter
@Autowired @Autowired
private TokenService tokenService; private TokenService tokenService;
@Autowired
private SecurityProperties securityProperties;
@Override @Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws ServletException, IOException throws ServletException, IOException
{ {
// 匿名路径放行
for (String anonymou : securityProperties.getAnonymous()) {
PathMatcher pm = new AntPathMatcher();
if (pm.matchStart(anonymou, request.getRequestURI())) {
chain.doFilter(request, response);
}
}
LoginUser loginUser = tokenService.getLoginUser(request); LoginUser loginUser = tokenService.getLoginUser(request);
if (StringUtils.isNotNull(loginUser) && StringUtils.isNull(SecurityUtils.getAuthentication())) if (StringUtils.isNotNull(loginUser) && StringUtils.isNull(SecurityUtils.getAuthentication()))
{ {