调整security的filter异常处理

mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/config/BrowserSecurityConfig.java

@@ -5,6 +5,7 @@ import org.springframework.security.config.annotation.method.configuration.Enabl
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
@@ -38,9 +39,10 @@ public class BrowserSecurityConfig extends WebSecurityConfigurerAdapter {
 	 */
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
-		http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint()).and()
+		http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint()).and().sessionManagement()
+				.sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
 				.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class)
-				.authorizeRequests().antMatchers("/v1/**").authenticated().and().csrf().disable();
+				.authorizeRequests().antMatchers("/v1/**").authenticated().and().httpBasic().and().csrf().disable();
 	}
 
 }

mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java

@@ -62,19 +62,22 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
 			log.info("TokenAuthenticationFilter: header [{}]", header);
 		}
 
-		// 检查请求头是否包含 Bearer 前缀
-		if (StringUtils.startsWith(header, Constants.TOKEN_PREFIX)) {
-			setAuthentication(currentRoleCode, RegExUtils.replaceAll(header, Constants.TOKEN_PREFIX, ""));// 移除header的前缀，提取出token字串
-		}
-		// 检查cookie 
-		else {
-			Optional.ofNullable(request.getCookies())
-					.ifPresent(cookies -> Stream.of(cookies)
-							.filter(item -> StringUtils.equals(item.getName(), COOKIE_TOKEN_CODE)).findFirst()
-							.ifPresent(cookie -> setAuthentication(currentRoleCode, cookie.getValue())));
-			
+		try {
+			// 检查请求头是否包含 Bearer 前缀
+			if (StringUtils.startsWith(header, Constants.TOKEN_PREFIX)) {
+				setAuthentication(currentRoleCode, RegExUtils.replaceAll(header, Constants.TOKEN_PREFIX, ""));// 移除header的前缀，提取出token字串
+			}
+			// 检查cookie
+			else {
+				Optional.ofNullable(request.getCookies())
+						.ifPresent(cookies -> Stream.of(cookies)
+								.filter(item -> StringUtils.equals(item.getName(), COOKIE_TOKEN_CODE)).findFirst()
+								.ifPresent(cookie -> setAuthentication(currentRoleCode, cookie.getValue())));
+			}
 			// TODO 临时放行未传递token且session中未包含access token信息的服务调用
 			isNullThenAssignDefault();
+		} catch (Exception e) {
+			log.error(e.getMessage());
 		}
 		filterChain.doFilter(request, response);
 	}
@@ -86,11 +89,7 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
 	 * @param authToken
 	 */
 	private void setAuthentication(final String currentRoleCode, final String authToken) {
-		try {// 通过token读取用户信息 (新增用户当前角色字段: 2021-03-05)
-			SecurityContextHolder.getContext().setAuthentication(getAuthentication(authToken, currentRoleCode));
-		} catch (Exception e) {
-			log.error(e.getMessage());
-		}
+		SecurityContextHolder.getContext().setAuthentication(getAuthentication(authToken, currentRoleCode));
 	}
 
 	/**

uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/config/FeignConfig.java

@@ -40,12 +40,11 @@ public class FeignConfig implements RequestInterceptor {
 	@Override
 	public void apply(RequestTemplate template) {
 		ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
-
+		
 		if (Objects.nonNull(attributes)) {
 			if (isNonExistsWhiteList(template.url())) {
 				injectToken(template, attributes);
 			}
-
 			final String currentRoleCode = attributes.getRequest().getHeader(CURRENT_ROLE_CODE);// 提取request头信息
 
 			// 检查请求头是否包含 currentRoleCode