调整security的filter异常处理
This commit is contained in:
ajaxfan
@ -5,6 +5,7 @@ import org.springframework.security.config.annotation.method.configuration.Enabl
|
|||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||||
|
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||||
|
|
||||||
@ -38,9 +39,10 @@ public class BrowserSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
protected void configure(HttpSecurity http) throws Exception {
|
||||||
http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint()).and()
|
http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint()).and().sessionManagement()
|
||||||
|
.sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
|
||||||
.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class)
|
.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class)
|
||||||
.authorizeRequests().antMatchers("/v1/**").authenticated().and().csrf().disable();
|
.authorizeRequests().antMatchers("/v1/**").authenticated().and().httpBasic().and().csrf().disable();
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -62,19 +62,22 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
|
|||||||
log.info("TokenAuthenticationFilter: header [{}]", header);
|
log.info("TokenAuthenticationFilter: header [{}]", header);
|
||||||
}
|
}
|
||||||
|
|
||||||
// 检查请求头是否包含 Bearer 前缀
|
try {
|
||||||
if (StringUtils.startsWith(header, Constants.TOKEN_PREFIX)) {
|
// 检查请求头是否包含 Bearer 前缀
|
||||||
setAuthentication(currentRoleCode, RegExUtils.replaceAll(header, Constants.TOKEN_PREFIX, ""));// 移除header的前缀,提取出token字串
|
if (StringUtils.startsWith(header, Constants.TOKEN_PREFIX)) {
|
||||||
}
|
setAuthentication(currentRoleCode, RegExUtils.replaceAll(header, Constants.TOKEN_PREFIX, ""));// 移除header的前缀,提取出token字串
|
||||||
// 检查cookie
|
}
|
||||||
else {
|
// 检查cookie
|
||||||
Optional.ofNullable(request.getCookies())
|
else {
|
||||||
.ifPresent(cookies -> Stream.of(cookies)
|
Optional.ofNullable(request.getCookies())
|
||||||
.filter(item -> StringUtils.equals(item.getName(), COOKIE_TOKEN_CODE)).findFirst()
|
.ifPresent(cookies -> Stream.of(cookies)
|
||||||
.ifPresent(cookie -> setAuthentication(currentRoleCode, cookie.getValue())));
|
.filter(item -> StringUtils.equals(item.getName(), COOKIE_TOKEN_CODE)).findFirst()
|
||||||
|
.ifPresent(cookie -> setAuthentication(currentRoleCode, cookie.getValue())));
|
||||||
|
}
|
||||||
// TODO 临时放行未传递token且session中未包含access token信息的服务调用
|
// TODO 临时放行未传递token且session中未包含access token信息的服务调用
|
||||||
isNullThenAssignDefault();
|
isNullThenAssignDefault();
|
||||||
|
} catch (Exception e) {
|
||||||
|
log.error(e.getMessage());
|
||||||
}
|
}
|
||||||
filterChain.doFilter(request, response);
|
filterChain.doFilter(request, response);
|
||||||
}
|
}
|
||||||
@ -86,11 +89,7 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
|
|||||||
* @param authToken
|
* @param authToken
|
||||||
*/
|
*/
|
||||||
private void setAuthentication(final String currentRoleCode, final String authToken) {
|
private void setAuthentication(final String currentRoleCode, final String authToken) {
|
||||||
try {// 通过token读取用户信息 (新增用户当前角色字段: 2021-03-05)
|
SecurityContextHolder.getContext().setAuthentication(getAuthentication(authToken, currentRoleCode));
|
||||||
SecurityContextHolder.getContext().setAuthentication(getAuthentication(authToken, currentRoleCode));
|
|
||||||
} catch (Exception e) {
|
|
||||||
log.error(e.getMessage());
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@ -40,12 +40,11 @@ public class FeignConfig implements RequestInterceptor {
|
|||||||
@Override
|
@Override
|
||||||
public void apply(RequestTemplate template) {
|
public void apply(RequestTemplate template) {
|
||||||
ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
|
ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
|
||||||
|
|
||||||
if (Objects.nonNull(attributes)) {
|
if (Objects.nonNull(attributes)) {
|
||||||
if (isNonExistsWhiteList(template.url())) {
|
if (isNonExistsWhiteList(template.url())) {
|
||||||
injectToken(template, attributes);
|
injectToken(template, attributes);
|
||||||
}
|
}
|
||||||
|
|
||||||
final String currentRoleCode = attributes.getRequest().getHeader(CURRENT_ROLE_CODE);// 提取request头信息
|
final String currentRoleCode = attributes.getRequest().getHeader(CURRENT_ROLE_CODE);// 提取request头信息
|
||||||
|
|
||||||
// 检查请求头是否包含 currentRoleCode
|
// 检查请求头是否包含 currentRoleCode
|
||||||
|
|||||||
Reference in New Issue
Block a user