蓉易创
blame | 历史 | 补丁 | 提交 | 提交对比 | show whitespace
lrj
1 天以前 dc643ba44fd2a426263015491268a0f0d6b4671d 
 backend/src/main/java/com/rongyichuang/auth/filter/JwtAuthenticationFilter.java


@@ -12,6 +12,7 @@


import org.springframework.beans.factory.annotation.Autowired;


import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;


import org.springframework.security.core.context.SecurityContextHolder;


import org.springframework.security.core.Authentication;


import org.springframework.security.core.userdetails.UserDetails;


import org.springframework.security.core.userdetails.UserDetailsService;


import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;


@@ -39,31 +40,44 @@


    @Override


    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, 


                                  FilterChain filterChain) throws ServletException, IOException {


        System.out.println("=== JWT过滤器被调用 === URI: " + request.getRequestURI());


        logger.debug("JWT过滤器开始处理请求: {}", request.getRequestURI());


        


        String authHeader = request.getHeader("Authorization");


        String token = null;


        Long userId = null;




        logger.debug("Authorization头: {}", authHeader);




        // 从请求头中提取JWT token


        if (authHeader != null && authHeader.startsWith("Bearer ")) {


            token = authHeader.substring(7);


            logger.debug("提取到JWT token: {}", token.substring(0, Math.min(20, token.length())) + "...");


            try {


                userId = jwtUtil.getUserIdFromToken(token);


                logger.debug("从token中解析到用户ID: {}", userId);


            } catch (Exception e) {


                logger.debug("JWT token解析失败: {}", e.getMessage());


                logger.error("JWT token解析失败: {}", e.getMessage(), e);


            }


        } else {


            logger.debug("没有找到Authorization头或格式不正确");


        }




        // 如果token有效且当前没有认证信息


        if (userId != null && SecurityContextHolder.getContext().getAuthentication() == null) {


        // 如果token有效且当前是匿名或无认证,则进行认证


        Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();


        boolean isAnonymous = (existingAuth == null) || ("anonymousUser".equals(String.valueOf(existingAuth.getPrincipal())));


        if (userId != null && isAnonymous) {


            logger.debug("开始验证token有效性");


            


            // 验证token是否有效


            if (jwtUtil.validateToken(token)) {


                logger.debug("Token验证成功,查找用户信息");


                


                // 查找用户信息


                Optional<User> userOpt = userRepository.findById(userId);


                if (userOpt.isPresent()) {


                    User user = userOpt.get();


                    logger.debug("找到用户: userId={}, phone={}", user.getId(), user.getPhone());


                    


                    // 创建认证对象


                    UsernamePasswordAuthenticationToken authToken = 


@@ -76,9 +90,17 @@


                    authToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));


                    SecurityContextHolder.getContext().setAuthentication(authToken);


                    


                    logger.debug("用户认证成功: userId={}, phone={}", user.getId(), user.getPhone());


                    logger.info("用户认证成功: userId={}, phone={}", user.getId(), user.getPhone());


                } else {


                    logger.warn("用户不存在: userId={}", userId);


                }


            } else {


                logger.warn("Token验证失败");


            }


        } else if (userId == null) {


            logger.debug("没有解析到用户ID");


        } else {


            logger.debug("已存在非匿名认证信息,跳过JWT认证");


        }




        filterChain.doFilter(request, response);