| | |
|---|
| | | import com.ruoyi.common.core.service.TokenService; |
|---|
| | | import com.ruoyi.common.utils.SecurityUtils; |
|---|
| | | import com.ruoyi.common.utils.StringUtils; |
|---|
| | | import com.ruoyi.framework.config.properties.SecurityProperties; |
|---|
| | | import org.springframework.beans.factory.annotation.Autowired; |
|---|
| | | import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; |
|---|
| | | import org.springframework.security.core.context.SecurityContextHolder; |
|---|
| | | import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; |
|---|
| | | import org.springframework.stereotype.Component; |
|---|
| | | import org.springframework.util.AntPathMatcher; |
|---|
| | | import org.springframework.util.PathMatcher; |
|---|
| | | import org.springframework.web.filter.OncePerRequestFilter; |
|---|
| | | |
|---|
| | | import javax.servlet.FilterChain; |
|---|
| | |
|---|
| | | * @author ruoyi |
|---|
| | | */ |
|---|
| | | @Component |
|---|
| | | public class JwtAuthenticationTokenFilter extends OncePerRequestFilter |
|---|
| | | { |
|---|
| | | public class JwtAuthenticationTokenFilter extends OncePerRequestFilter { |
|---|
| | | |
|---|
| | | @Autowired |
|---|
| | | private TokenService tokenService; |
|---|
| | | |
|---|
| | | @Autowired |
|---|
| | | private SecurityProperties securityProperties; |
|---|
| | | |
|---|
| | | @Override |
|---|
| | | protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) |
|---|
| | | throws ServletException, IOException |
|---|
| | | { |
|---|
| | | // 匿名路径放行 默认拦截 |
|---|
| | | boolean flag = false; |
|---|
| | | for (String anonymou : securityProperties.getAnonymous()) { |
|---|
| | | PathMatcher pm = new AntPathMatcher(); |
|---|
| | | if (pm.matchStart(anonymou, request.getRequestURI())) { |
|---|
| | | flag = true; |
|---|
| | | break; |
|---|
| | | } |
|---|
| | | |
|---|
| | | } |
|---|
| | | if (flag) { |
|---|
| | | LoginUser loginUser = tokenService.getLoginUser(request); |
|---|
| | | if (StringUtils.isNotNull(loginUser) && StringUtils.isNull(SecurityUtils.getAuthentication())) { |
|---|
| | | tokenService.verifyToken(loginUser); |
|---|
| | | UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(loginUser, null, loginUser.getAuthorities()); |
|---|
| | | authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request)); |
|---|
| | | SecurityContextHolder.getContext().setAuthentication(authenticationToken); |
|---|
| | | } |
|---|
| | | throws ServletException, IOException { |
|---|
| | | LoginUser loginUser = tokenService.getLoginUser(request); |
|---|
| | | if (StringUtils.isNotNull(loginUser) && StringUtils.isNull(SecurityUtils.getAuthentication())) { |
|---|
| | | tokenService.verifyToken(loginUser); |
|---|
| | | UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(loginUser, null, loginUser.getAuthorities()); |
|---|
| | | authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request)); |
|---|
| | | SecurityContextHolder.getContext().setAuthentication(authenticationToken); |
|---|
| | | } |
|---|
| | | chain.doFilter(request, response); |
|---|
| | | } |
|---|
