From a4328e3d4fe2894c0ddf378eea9b3c2a3498d62b Mon Sep 17 00:00:00 2001
From: 648540858 <648540858@qq.com>
Date: 星期四, 23 三月 2023 08:52:35 +0800
Subject: [PATCH] 修复关闭接口鉴权后跨域设置失效的问题
---
src/main/java/com/genersoft/iot/vmp/conf/security/JwtAuthenticationFilter.java | 16 +++++++++++++---
src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java | 32 ++++++++++++++------------------
2 files changed, 27 insertions(+), 21 deletions(-)
diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/JwtAuthenticationFilter.java b/src/main/java/com/genersoft/iot/vmp/conf/security/JwtAuthenticationFilter.java
index 8fdcee1..e50a8b0 100644
--- a/src/main/java/com/genersoft/iot/vmp/conf/security/JwtAuthenticationFilter.java
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/JwtAuthenticationFilter.java
@@ -1,7 +1,9 @@
package com.genersoft.iot.vmp.conf.security;
+import com.genersoft.iot.vmp.conf.UserSetting;
import com.genersoft.iot.vmp.conf.security.dto.JwtUser;
import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
@@ -22,12 +24,23 @@
public class JwtAuthenticationFilter extends OncePerRequestFilter {
+ @Autowired
+ private UserSetting userSetting;
+
+
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
// 蹇界暐鐧诲綍璇锋眰鐨則oken楠岃瘉
String requestURI = request.getRequestURI();
if (requestURI.equalsIgnoreCase("/api/user/login")) {
+ chain.doFilter(request, response);
+ return;
+ }
+ if (!userSetting.isInterfaceAuthentication()) {
+ // 鏋勫缓UsernamePasswordAuthenticationToken,杩欓噷瀵嗙爜涓簄ull锛屾槸鍥犱负鎻愪緵浜嗘纭殑JWT,瀹炵幇鑷姩鐧诲綍
+ UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(null, null, new ArrayList<>() );
+ SecurityContextHolder.getContext().setAuthentication(token);
chain.doFilter(request, response);
return;
}
@@ -61,9 +74,6 @@
// return;
default:
}
-
-// String password = SecurityUtils.encryptPassword(jwtUser.getPassword());
-// user.setPassword(password);
// 鏋勫缓UsernamePasswordAuthenticationToken,杩欓噷瀵嗙爜涓簄ull锛屾槸鍥犱负鎻愪緵浜嗘纭殑JWT,瀹炵幇鑷姩鐧诲綍
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, jwtUser.getPassword(), new ArrayList<>() );
diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
index 0f77ab1..c9a1233 100644
--- a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
@@ -73,24 +73,20 @@
@Override
public void configure(WebSecurity web) {
- if (!userSetting.isInterfaceAuthentication()) {
- web.ignoring().antMatchers("**");
- }else {
- ArrayList<String> matchers = new ArrayList<>();
- matchers.add("/");
- matchers.add("/#/**");
- matchers.add("/static/**");
- matchers.add("/index.html");
- matchers.add("/doc.html");
- matchers.add("/webjars/**");
- matchers.add("/swagger-resources/**");
- matchers.add("/v3/api-docs/**");
- matchers.add("/js/**");
- matchers.add("/api/device/query/snap/**");
- matchers.addAll(userSetting.getInterfaceAuthenticationExcludes());
- // 鍙互鐩存帴璁块棶鐨勯潤鎬佹暟鎹�
- web.ignoring().antMatchers(matchers.toArray(new String[0]));
- }
+ ArrayList<String> matchers = new ArrayList<>();
+ matchers.add("/");
+ matchers.add("/#/**");
+ matchers.add("/static/**");
+ matchers.add("/index.html");
+ matchers.add("/doc.html");
+ matchers.add("/webjars/**");
+ matchers.add("/swagger-resources/**");
+ matchers.add("/v3/api-docs/**");
+ matchers.add("/js/**");
+ matchers.add("/api/device/query/snap/**");
+ matchers.addAll(userSetting.getInterfaceAuthenticationExcludes());
+ // 鍙互鐩存帴璁块棶鐨勯潤鎬佹暟鎹�
+ web.ignoring().antMatchers(matchers.toArray(new String[0]));
}
/**
--
Gitblit v1.8.0