app端调整

2022-04-30 14:44:52 +08:00
parent b1e3fabea3
commit 50fa31c6ad
54 changed files with 617 additions and 256 deletions
@@ -22,6 +22,7 @@ import org.springframework.security.web.access.AccessDeniedHandler;
 import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;

 import javax.annotation.Resource;
+import javax.servlet.http.HttpServletRequest;
 import java.util.List;

 /**
@@ -86,8 +87,11 @@ public class YudaoSecurityAutoConfiguration {
     * Token 认证过滤器 Bean
     */
    @Bean
-    public JWTAuthenticationTokenFilter authenticationTokenFilter(MultiUserDetailsAuthenticationProvider authenticationProvider,
+    public JWTAuthenticationTokenFilter authenticationTokenFilter(
+            HttpServletRequest request,
+            MultiUserDetailsAuthenticationProvider authenticationProvider,
                                                                  GlobalExceptionHandler globalExceptionHandler) {
+
        return new JWTAuthenticationTokenFilter(securityProperties, authenticationProvider, globalExceptionHandler);
    }

@@ -132,7 +132,7 @@ public class YudaoWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdap
                    .antMatchers("/common/**").permitAll()

                // 忽略宝享购全部
-//                .antMatchers("/bxgApp/**","/bxg/**").hasAnyRole()
+                .antMatchers("/bxgApp/**").permitAll()

                // ②：每个项目的自定义规则
                .and().authorizeRequests(registry -> // 下面，循环设置自定义规则
@@ -142,8 +142,8 @@ public class YudaoWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdap
                    .anyRequest().authenticated()
        ;

-        // 添加 JWT Filter
-        httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
+//        // 添加 JWT Filter
+//        httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
    }

    private String buildAdminApi(String url) {
@@ -36,6 +36,7 @@ public class JWTAuthenticationTokenFilter extends OncePerRequestFilter {
    @SuppressWarnings("NullableProblems")
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
            throws ServletException, IOException {
+
        String token = SecurityFrameworkUtils.obtainAuthorization(request, securityProperties.getTokenHeader());
        if (StrUtil.isNotEmpty(token)) {
            try {