| | |
|---|
| | | |
|---|
| | | // 忽略登录请求的token验证 |
|---|
| | | String requestURI = request.getRequestURI(); |
|---|
| | | if ((requestURI.startsWith("/doc.html") || requestURI.startsWith("/swagger-ui") ) && !userSetting.getDocEnable()) { |
|---|
| | | response.setStatus(HttpServletResponse.SC_NOT_FOUND); |
|---|
| | | return; |
|---|
| | | } |
|---|
| | | if (requestURI.equalsIgnoreCase("/api/user/login")) { |
|---|
| | | chain.doFilter(request, response); |
|---|
| | | return; |
|---|
| | | } |
|---|
| | | |
|---|
| | | if (!userSetting.isInterfaceAuthentication()) { |
|---|
| | | UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(null, null, new ArrayList<>() ); |
|---|
| | | SecurityContextHolder.getContext().setAuthentication(token); |
|---|
| | |
|---|
| | | if (StringUtils.isBlank(jwt)) { |
|---|
| | | jwt = request.getParameter(JwtUtils.getHeader()); |
|---|
| | | if (StringUtils.isBlank(jwt)) { |
|---|
| | | chain.doFilter(request, response); |
|---|
| | | return; |
|---|
| | | jwt = request.getHeader(JwtUtils.getApiKeyHeader()); |
|---|
| | | if (StringUtils.isBlank(jwt)) { |
|---|
| | | chain.doFilter(request, response); |
|---|
| | | return; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | |
|---|
| | | |
|---|
| | | // 构建UsernamePasswordAuthenticationToken,这里密码为null,是因为提供了正确的JWT,实现自动登录 |
|---|
| | | User user = new User(); |
|---|
| | | user.setId(jwtUser.getUserId()); |
|---|
| | | user.setUsername(jwtUser.getUserName()); |
|---|
| | | user.setPassword(jwtUser.getPassword()); |
|---|
| | | Role role = new Role(); |
|---|
