调整security的filter异常处理

mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/config/BrowserSecurityConfig.java

@@ -5,6 +5,7 @@ import org.springframework.security.config.annotation.method.configuration.Enabl
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
@@ -38,9 +39,10 @@ public class BrowserSecurityConfig extends WebSecurityConfigurerAdapter {
 	 */
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
-		http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint()).and()
+		http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint()).and().sessionManagement()
+				.sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
 				.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class)
-				.authorizeRequests().antMatchers("/v1/**").authenticated().and().csrf().disable();
+				.authorizeRequests().antMatchers("/v1/**").authenticated().and().httpBasic().and().csrf().disable();
 	}
 
 }

mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java

@@ -62,6 +62,7 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
 			log.info("TokenAuthenticationFilter: header [{}]", header);
 		}
 
+		try {
 			// 检查请求头是否包含 Bearer 前缀
 			if (StringUtils.startsWith(header, Constants.TOKEN_PREFIX)) {
 				setAuthentication(currentRoleCode, RegExUtils.replaceAll(header, Constants.TOKEN_PREFIX, ""));// 移除header的前缀，提取出token字串
@@ -72,9 +73,11 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
 						.ifPresent(cookies -> Stream.of(cookies)
 								.filter(item -> StringUtils.equals(item.getName(), COOKIE_TOKEN_CODE)).findFirst()
 								.ifPresent(cookie -> setAuthentication(currentRoleCode, cookie.getValue())));
-			
+			}
 			// TODO 临时放行未传递token且session中未包含access token信息的服务调用
 			isNullThenAssignDefault();
+		} catch (Exception e) {
+			log.error(e.getMessage());
 		}
 		filterChain.doFilter(request, response);
 	}
@@ -86,11 +89,7 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
 	 * @param authToken
 	 */
 	private void setAuthentication(final String currentRoleCode, final String authToken) {
-		try {// 通过token读取用户信息 (新增用户当前角色字段: 2021-03-05)
 		SecurityContextHolder.getContext().setAuthentication(getAuthentication(authToken, currentRoleCode));
-		} catch (Exception e) {
-			log.error(e.getMessage());
-		}
 	}
 
 	/**

uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/config/FeignConfig.java

@@ -45,7 +45,6 @@ public class FeignConfig implements RequestInterceptor {
 			if (isNonExistsWhiteList(template.url())) {
 				injectToken(template, attributes);
 			}
-
 			final String currentRoleCode = attributes.getRequest().getHeader(CURRENT_ROLE_CODE);// 提取request头信息
 
 			// 检查请求头是否包含 currentRoleCode