From 1965eb7ad2598f3c028920e8ffa9744857ee8f39 Mon Sep 17 00:00:00 2001
From: zhoushihao <zsh19950802@163.com>
Date: 星期一, 13 五月 2024 15:33:08 +0800
Subject: [PATCH] 修改权限认证,允许所有接口未经权限校验可直接访问
---
hangzhoumesParent/common/springsecurity/src/main/java/com/mes/common/filter/JwtAuthenticationTokenFilter.java | 77 ++++++++++++++++++++++----------------
1 files changed, 44 insertions(+), 33 deletions(-)
diff --git a/hangzhoumesParent/common/springsecurity/src/main/java/com/mes/common/filter/JwtAuthenticationTokenFilter.java b/hangzhoumesParent/common/springsecurity/src/main/java/com/mes/common/filter/JwtAuthenticationTokenFilter.java
index 0b8b082..1505d1b 100644
--- a/hangzhoumesParent/common/springsecurity/src/main/java/com/mes/common/filter/JwtAuthenticationTokenFilter.java
+++ b/hangzhoumesParent/common/springsecurity/src/main/java/com/mes/common/filter/JwtAuthenticationTokenFilter.java
@@ -1,9 +1,18 @@
package com.mes.common.filter;
+import com.mes.common.utils.JwtUtil;
import com.mes.common.utils.RedisUtil;
+import com.mes.common.utils.UserInfoUtils;
+import com.mes.userinfo.entity.LoginUser;
import com.mes.userinfo.service.SysUserService;
+import io.jsonwebtoken.Claims;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
+import org.springframework.util.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;
import javax.annotation.Resource;
@@ -12,6 +21,9 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
+import java.util.List;
+import java.util.Objects;
+import java.util.stream.Collectors;
/**
* @Author : zhoush
@@ -31,39 +43,38 @@
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
//鑾峰彇token
String token = request.getHeader("token");
-//
-// if (!StringUtils.hasText(token)) {
-// //鏀捐
-// filterChain.doFilter(request, response);
-// return; // 姝ゅ鍔犱笂return濂藉鏄悗闈㈢粨鏋滆繑鍥炵殑鏃跺�欏氨涓嶄細鍐嶈蛋涓�閬嶆杩囨护鍣ㄧ殑鏂规硶浜�
-// }
-// //瑙f瀽token
-// String userid;
-// try {
-// Claims claims = JwtUtil.getClaimByToken(token);
-// userid = claims.getSubject();
-// } catch (Exception e) {
-// e.printStackTrace();
-// throw new RuntimeException("token闈炴硶");
-// }
-// //浠巖edis涓幏鍙栫敤鎴蜂俊鎭�
-// String redisKey = "login:" + userid;
-// LoginUser loginUser = redisUtil.getCacheObject(redisKey);
-// if (Objects.isNull(loginUser)) {
-// response.setHeader("token", "");
-// throw new RuntimeException("鐢ㄦ埛鏈櫥褰�");
-// }
-// //灏嗙敤鎴蜂俊鎭斁鍏ュ綋鍓嶇嚎绋�
-// UserInfoUtils.set(loginUser.getUser());
-// //瀛樺叆SecurityContextHolder锛屼互渚涘悗闈㈢殑杩囨护鍣ㄤ娇鐢�
-// List<String> permissionKeyList = sysUserService.getUserAuthorityInfo(Long.parseLong(userid));
-// List<GrantedAuthority> authorities = permissionKeyList.stream().
-// map(SimpleGrantedAuthority::new)
-// .collect(Collectors.toList());
-// UsernamePasswordAuthenticationToken authenticationToken =
-// new UsernamePasswordAuthenticationToken(loginUser, null, authorities);
-// SecurityContextHolder.getContext().setAuthentication(authenticationToken);
+ if (!StringUtils.hasText(token)) {
+ //鏀捐
+ filterChain.doFilter(request, response);
+ return; // 姝ゅ鍔犱笂return濂藉鏄悗闈㈢粨鏋滆繑鍥炵殑鏃跺�欏氨涓嶄細鍐嶈蛋涓�閬嶆杩囨护鍣ㄧ殑鏂规硶浜�
+ }
+ //瑙f瀽token
+ String userid;
+ try {
+ Claims claims = JwtUtil.getClaimByToken(token);
+ userid = claims.getSubject();
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new RuntimeException("token闈炴硶");
+ }
+ //浠巖edis涓幏鍙栫敤鎴蜂俊鎭�
+ String redisKey = "login:" + userid;
+ LoginUser loginUser = redisUtil.getCacheObject(redisKey);
+ if (Objects.isNull(loginUser)) {
+ response.setHeader("token", "");
+ throw new RuntimeException("鐢ㄦ埛鏈櫥褰�");
+ }
+ //灏嗙敤鎴蜂俊鎭斁鍏ュ綋鍓嶇嚎绋�
+ UserInfoUtils.set(loginUser.getUser());
+ //瀛樺叆SecurityContextHolder锛屼互渚涘悗闈㈢殑杩囨护鍣ㄤ娇鐢�
+ List<String> permissionKeyList = sysUserService.getUserAuthorityInfo(Long.parseLong(userid));
+ List<GrantedAuthority> authorities = permissionKeyList.stream().
+ map(SimpleGrantedAuthority::new)
+ .collect(Collectors.toList());
+ UsernamePasswordAuthenticationToken authenticationToken =
+ new UsernamePasswordAuthenticationToken(loginUser, null, authorities);
+ SecurityContextHolder.getContext().setAuthentication(authenticationToken);
//鏀捐
filterChain.doFilter(request, response);
}
-}
+}
\ No newline at end of file
--
Gitblit v1.8.0