From 42a2772d1aa7493bcc4fac3e24ee8eda4eebc23d Mon Sep 17 00:00:00 2001
From: xubinbin <1323875150@qq.com>
Date: 星期二, 12 十二月 2023 17:09:04 +0800
Subject: [PATCH] bugfix:请求头带token, SecurityUtils 获取用户id 一直为0 #1195
---
src/main/java/com/genersoft/iot/vmp/conf/security/JwtAuthenticationFilter.java | 41 ++++++++++++++++++++++++++++++++++-------
1 files changed, 34 insertions(+), 7 deletions(-)
diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/JwtAuthenticationFilter.java b/src/main/java/com/genersoft/iot/vmp/conf/security/JwtAuthenticationFilter.java
index 91709aa..f45f89a 100644
--- a/src/main/java/com/genersoft/iot/vmp/conf/security/JwtAuthenticationFilter.java
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/JwtAuthenticationFilter.java
@@ -1,7 +1,11 @@
package com.genersoft.iot.vmp.conf.security;
+import com.genersoft.iot.vmp.conf.UserSetting;
import com.genersoft.iot.vmp.conf.security.dto.JwtUser;
+import com.genersoft.iot.vmp.storager.dao.dto.Role;
+import com.genersoft.iot.vmp.storager.dao.dto.User;
import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
@@ -22,16 +26,35 @@
public class JwtAuthenticationFilter extends OncePerRequestFilter {
+ @Autowired
+ private UserSetting userSetting;
+
+
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
+
+ // 蹇界暐鐧诲綍璇锋眰鐨則oken楠岃瘉
+ String requestURI = request.getRequestURI();
+ if (requestURI.equalsIgnoreCase("/api/user/login")) {
+ chain.doFilter(request, response);
+ return;
+ }
+ if (!userSetting.isInterfaceAuthentication()) {
+ UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(null, null, new ArrayList<>() );
+ SecurityContextHolder.getContext().setAuthentication(token);
+ chain.doFilter(request, response);
+ return;
+ }
String jwt = request.getHeader(JwtUtils.getHeader());
// 杩欓噷濡傛灉娌℃湁jwt锛岀户缁線鍚庤蛋锛屽洜涓哄悗闈㈣繕鏈夐壌鏉冪鐞嗗櫒绛夊幓鍒ゆ柇鏄惁鎷ユ湁韬唤鍑瘉锛屾墍浠ユ槸鍙互鏀捐鐨�
// 娌℃湁jwt鐩稿綋浜庡尶鍚嶈闂紝鑻ユ湁涓�浜涙帴鍙f槸闇�瑕佹潈闄愮殑锛屽垯涓嶈兘璁块棶杩欎簺鎺ュ彛
if (StringUtils.isBlank(jwt)) {
- chain.doFilter(request, response);
- return;
+ jwt = request.getParameter(JwtUtils.getHeader());
+ if (StringUtils.isBlank(jwt)) {
+ chain.doFilter(request, response);
+ return;
+ }
}
-
JwtUser jwtUser = JwtUtils.verifyToken(jwt);
String username = jwtUser.getUserName();
@@ -53,11 +76,15 @@
default:
}
-// String password = SecurityUtils.encryptPassword(jwtUser.getPassword());
-// user.setPassword(password);
-
// 鏋勫缓UsernamePasswordAuthenticationToken,杩欓噷瀵嗙爜涓簄ull锛屾槸鍥犱负鎻愪緵浜嗘纭殑JWT,瀹炵幇鑷姩鐧诲綍
- UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, jwtUser.getPassword(), new ArrayList<>() );
+ User user = new User();
+ user.setId(jwtUser.getUserId());
+ user.setUsername(jwtUser.getUserName());
+ user.setPassword(jwtUser.getPassword());
+ Role role = new Role();
+ role.setId(jwtUser.getRoleId());
+ user.setRole(role);
+ UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user, jwtUser.getPassword(), new ArrayList<>() );
SecurityContextHolder.getContext().setAuthentication(token);
chain.doFilter(request, response);
}
--
Gitblit v1.8.0