From 92804151a3459162438be2e66e589fd33a3c8087 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子li <15040126243@163.com>
Date: 星期日, 26 九月 2021 14:08:48 +0800
Subject: [PATCH] update 优化匿名路径jwt放行
---
ruoyi-framework/src/main/java/com/ruoyi/framework/security/filter/JwtAuthenticationTokenFilter.java | 13 +++++++++++++
ruoyi-framework/src/main/java/com/ruoyi/framework/config/properties/SecurityProperties.java | 22 ++++++++++++++++++++++
2 files changed, 35 insertions(+), 0 deletions(-)
diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/properties/SecurityProperties.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/properties/SecurityProperties.java
new file mode 100644
index 0000000..33414ce
--- /dev/null
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/properties/SecurityProperties.java
@@ -0,0 +1,22 @@
+package com.ruoyi.framework.config.properties;
+
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.stereotype.Component;
+
+/**
+ * Security 閰嶇疆灞炴��
+ *
+ * @author Lion Li
+ */
+@Data
+@Component
+@ConfigurationProperties(prefix = "security")
+public class SecurityProperties {
+
+ /**
+ * 鍖垮悕鏀捐璺緞
+ */
+ private String[] anonymous;
+
+}
diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/security/filter/JwtAuthenticationTokenFilter.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/security/filter/JwtAuthenticationTokenFilter.java
index 5439a97..2c5e302 100644
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/security/filter/JwtAuthenticationTokenFilter.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/security/filter/JwtAuthenticationTokenFilter.java
@@ -4,11 +4,14 @@
import com.ruoyi.common.core.service.TokenService;
import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.StringUtils;
+import com.ruoyi.framework.config.properties.SecurityProperties;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
+import org.springframework.util.AntPathMatcher;
+import org.springframework.util.PathMatcher;
import org.springframework.web.filter.OncePerRequestFilter;
import javax.servlet.FilterChain;
@@ -28,10 +31,20 @@
@Autowired
private TokenService tokenService;
+ @Autowired
+ private SecurityProperties securityProperties;
+
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws ServletException, IOException
{
+ // 鍖垮悕璺緞鏀捐
+ for (String anonymou : securityProperties.getAnonymous()) {
+ PathMatcher pm = new AntPathMatcher();
+ if (pm.matchStart(anonymou, request.getRequestURI())) {
+ chain.doFilter(request, response);
+ }
+ }
LoginUser loginUser = tokenService.getLoginUser(request);
if (StringUtils.isNotNull(loginUser) && StringUtils.isNull(SecurityUtils.getAuthentication()))
{
--
Gitblit v1.9.3