修复关闭接口鉴权后跨域设置失效的问题

648540858

2023-03-23 a4328e3d4fe2894c0ddf378eea9b3c2a3498d62b

修复关闭接口鉴权后跨域设置失效的问题

 src/main/java/com/genersoft/iot/vmp/conf/security/JwtAuthenticationFilter.java

@@ -1,7 +1,9 @@
package com.genersoft.iot.vmp.conf.security;

import com.genersoft.iot.vmp.conf.UserSetting;
import com.genersoft.iot.vmp.conf.security.dto.JwtUser;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
@@ -22,12 +24,23 @@
public class JwtAuthenticationFilter extends OncePerRequestFilter {


    @Autowired
    private UserSetting userSetting;


    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {

        // 忽略登录请求的token验证
        String requestURI = request.getRequestURI();
        if (requestURI.equalsIgnoreCase("/api/user/login")) {
            chain.doFilter(request, response);
            return;
        }
        if (!userSetting.isInterfaceAuthentication()) {
            // 构建UsernamePasswordAuthenticationToken,这里密码为null，是因为提供了正确的JWT,实现自动登录
            UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(null, null, new ArrayList<>() );
            SecurityContextHolder.getContext().setAuthentication(token);
            chain.doFilter(request, response);
            return;
        }
@@ -61,9 +74,6 @@
//                return;
            default:
        }

//        String password = SecurityUtils.encryptPassword(jwtUser.getPassword());
//        user.setPassword(password);

        // 构建UsernamePasswordAuthenticationToken,这里密码为null，是因为提供了正确的JWT,实现自动登录
        UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, jwtUser.getPassword(), new ArrayList<>() );

 src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java

@@ -73,24 +73,20 @@
    @Override
    public void configure(WebSecurity web) {

        if (!userSetting.isInterfaceAuthentication()) {
            web.ignoring().antMatchers("**");
        }else {
            ArrayList<String> matchers = new ArrayList<>();
            matchers.add("/");
            matchers.add("/#/**");
            matchers.add("/static/**");
            matchers.add("/index.html");
            matchers.add("/doc.html");
            matchers.add("/webjars/**");
            matchers.add("/swagger-resources/**");
            matchers.add("/v3/api-docs/**");
            matchers.add("/js/**");
            matchers.add("/api/device/query/snap/**");
            matchers.addAll(userSetting.getInterfaceAuthenticationExcludes());
            // 可以直接访问的静态数据
            web.ignoring().antMatchers(matchers.toArray(new String[0]));
        }
        ArrayList<String> matchers = new ArrayList<>();
        matchers.add("/");
        matchers.add("/#/**");
        matchers.add("/static/**");
        matchers.add("/index.html");
        matchers.add("/doc.html");
        matchers.add("/webjars/**");
        matchers.add("/swagger-resources/**");
        matchers.add("/v3/api-docs/**");
        matchers.add("/js/**");
        matchers.add("/api/device/query/snap/**");
        matchers.addAll(userSetting.getInterfaceAuthenticationExcludes());
        // 可以直接访问的静态数据
        web.ignoring().antMatchers(matchers.toArray(new String[0]));
    }

    /**