From a17c514b1b9bb5805a4b28c3cb4bf12273ecad30 Mon Sep 17 00:00:00 2001
From: ajaxfan <909938737@qq.com>
Date: Mon, 10 May 2021 16:29:43 +0800
Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E6=97=A0=20token=20=E5=92=8C?=
 =?UTF-8?q?=20session=20=E4=BF=A1=E6=81=AF=E7=9A=84=E6=9C=8D=E5=8A=A1?=
 =?UTF-8?q?=E8=B0=83=E7=94=A8=E6=94=BE=E8=A1=8C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../filter/TokenAuthenticationFilter.java      | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java b/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java
index 3c95176..9c6e93b 100644
--- a/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java
+++ b/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java
@@ -68,10 +68,12 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
 		}
 		// 检查cookie
 		else {
-			Optional.ofNullable(request.getCookies()).ifPresent(cookies -> {
-				Stream.of(cookies).filter(item -> StringUtils.equals(item.getName(), COOKIE_TOKEN_CODE)).findFirst()
-						.ifPresent(cookie -> setAuthentication(currentRoleCode, cookie.getValue()));
-			});
+			Optional.ofNullable(request.getCookies())
+					.ifPresentOrElse(cookies -> Stream.of(cookies)
+							.filter(item -> StringUtils.equals(item.getName(), COOKIE_TOKEN_CODE)).findFirst()
+							.ifPresentOrElse(cookie -> setAuthentication(currentRoleCode, cookie.getValue()),
+									() -> defaultAuthentication()),
+							() -> defaultAuthentication());
 		}
 		filterChain.doFilter(request, response);
 	}
@@ -115,4 +117,12 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
 				authorities);
 	}
 
+	/**
+	 * 未发现token和session信息，则使用空的用户认证对象放行服务
+	 */
+	private void defaultAuthentication() {
+		SecurityContextHolder.getContext()
+				.setAuthentication(new UsernamePasswordAuthenticationToken(new SecurityUser(), null, null));
+	}
+
 }