YiWuProject.git

			@@ -1,9 +1,18 @@
			package com.mes.common.filter;

			import com.mes.common.utils.JwtUtil;
			import com.mes.common.utils.RedisUtil;
			import com.mes.common.utils.UserInfoUtils;
			import com.mes.userinfo.entity.LoginUser;
			import com.mes.userinfo.service.SysUserService;
			import io.jsonwebtoken.Claims;
			import org.springframework.beans.factory.annotation.Autowired;
			import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
			import org.springframework.security.core.GrantedAuthority;
			import org.springframework.security.core.authority.SimpleGrantedAuthority;
			import org.springframework.security.core.context.SecurityContextHolder;
			import org.springframework.stereotype.Component;
			import org.springframework.util.StringUtils;
			import org.springframework.web.filter.OncePerRequestFilter;

			import javax.annotation.Resource;
			@@ -12,6 +21,9 @@
			import javax.servlet.http.HttpServletRequest;
			import javax.servlet.http.HttpServletResponse;
			import java.io.IOException;
			import java.util.List;
			import java.util.Objects;
			import java.util.stream.Collectors;

			/**
			* @Author : zhoush
			@@ -31,39 +43,38 @@
			protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
			//获取token
			String token = request.getHeader("token");
			//
			// if (!StringUtils.hasText(token)) {
			// //放行
			// filterChain.doFilter(request, response);
			// return; // 此处加上return好处是后面结果返回的时候就不会再走一遍此过滤器的方法了
			// }
			// //解析token
			// String userid;
			// try {
			// Claims claims = JwtUtil.getClaimByToken(token);
			// userid = claims.getSubject();
			// } catch (Exception e) {
			// e.printStackTrace();
			// throw new RuntimeException("token非法");
			// }
			// //从redis中获取用户信息
			// String redisKey = "login:" + userid;
			// LoginUser loginUser = redisUtil.getCacheObject(redisKey);
			// if (Objects.isNull(loginUser)) {
			// response.setHeader("token", "");
			// throw new RuntimeException("用户未登录");
			// }
			// //将用户信息放入当前线程
			// UserInfoUtils.set(loginUser.getUser());
			// //存入SecurityContextHolder，以供后面的过滤器使用
			// List<String> permissionKeyList = sysUserService.getUserAuthorityInfo(Long.parseLong(userid));
			// List<GrantedAuthority> authorities = permissionKeyList.stream().
			// map(SimpleGrantedAuthority::new)
			// .collect(Collectors.toList());
			// UsernamePasswordAuthenticationToken authenticationToken =
			// new UsernamePasswordAuthenticationToken(loginUser, null, authorities);
			// SecurityContextHolder.getContext().setAuthentication(authenticationToken);
			if (!StringUtils.hasText(token)) {
			//放行
			filterChain.doFilter(request, response);
			return; // 此处加上return好处是后面结果返回的时候就不会再走一遍此过滤器的方法了
			}
			//解析token
			String userid;
			try {
			Claims claims = JwtUtil.getClaimByToken(token);
			userid = claims.getSubject();
			} catch (Exception e) {
			e.printStackTrace();
			throw new RuntimeException("token非法");
			}
			//从redis中获取用户信息
			String redisKey = "login:" + userid;
			LoginUser loginUser = redisUtil.getCacheObject(redisKey);
			if (Objects.isNull(loginUser)) {
			response.setHeader("token", "");
			throw new RuntimeException("用户未登录");
			}
			//将用户信息放入当前线程
			UserInfoUtils.set(loginUser.getUser());
			//存入SecurityContextHolder，以供后面的过滤器使用
			List<String> permissionKeyList = sysUserService.getUserAuthorityInfo(Long.parseLong(userid));
			List<GrantedAuthority> authorities = permissionKeyList.stream().
			map(SimpleGrantedAuthority::new)
			.collect(Collectors.toList());
			UsernamePasswordAuthenticationToken authenticationToken =
			new UsernamePasswordAuthenticationToken(loginUser, null, authorities);
			SecurityContextHolder.getContext().setAuthentication(authenticationToken);
			//放行
			filterChain.doFilter(request, response);
			}
			}
			}