修复关闭接口鉴权后跨域设置失效的问题

648540858
1 parent 663f3941
Showing 2 changed files with 27 additions and 21 deletions
src/main/java/com/genersoft/iot/vmp/conf/security/JwtAuthenticationFilter.java
src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
 package com.genersoft.iot.vmp.conf.security;
  
+import com.genersoft.iot.vmp.conf.UserSetting;
 import com.genersoft.iot.vmp.conf.security.dto.JwtUser;
 import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;
@@ -22,6 +24,10 @@ import java.util.ArrayList;
 public class JwtAuthenticationFilter extends OncePerRequestFilter {
  
  
+    @Autowired
+    private UserSetting userSetting;
+
+
     @Override
     protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
  
@@ -31,6 +37,13 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
             chain.doFilter(request, response);
             return;
         }
+        if (!userSetting.isInterfaceAuthentication()) {
+            // 构建UsernamePasswordAuthenticationToken,这里密码为null，是因为提供了正确的JWT,实现自动登录
+            UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(null, null, new ArrayList<>() );
+            SecurityContextHolder.getContext().setAuthentication(token);
+            chain.doFilter(request, response);
+            return;
+        }
         String jwt = request.getHeader(JwtUtils.getHeader());
         // 这里如果没有jwt，继续往后走，因为后面还有鉴权管理器等去判断是否拥有身份凭证，所以是可以放行的
         // 没有jwt相当于匿名访问，若有一些接口是需要权限的，则不能访问这些接口
@@ -62,9 +75,6 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
             default:
         }
  
-//        String password = SecurityUtils.encryptPassword(jwtUser.getPassword());
-//        user.setPassword(password);
-
         // 构建UsernamePasswordAuthenticationToken,这里密码为null，是因为提供了正确的JWT,实现自动登录
         UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, jwtUser.getPassword(), new ArrayList<>() );
         SecurityContextHolder.getContext().setAuthentication(token);
@@ -73,24 +73,20 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
     @Override
     public void configure(WebSecurity web) {
  
-        if (!userSetting.isInterfaceAuthentication()) {
-            web.ignoring().antMatchers("**");
-        }else {
-            ArrayList<String> matchers = new ArrayList<>();
-            matchers.add("/");
-            matchers.add("/#/**");
-            matchers.add("/static/**");
-            matchers.add("/index.html");
-            matchers.add("/doc.html");
-            matchers.add("/webjars/**");
-            matchers.add("/swagger-resources/**");
-            matchers.add("/v3/api-docs/**");
-            matchers.add("/js/**");
-            matchers.add("/api/device/query/snap/**");
-            matchers.addAll(userSetting.getInterfaceAuthenticationExcludes());
-            // 可以直接访问的静态数据
-            web.ignoring().antMatchers(matchers.toArray(new String[0]));
-        }
+        ArrayList<String> matchers = new ArrayList<>();
+        matchers.add("/");
+        matchers.add("/#/**");
+        matchers.add("/static/**");
+        matchers.add("/index.html");
+        matchers.add("/doc.html");
+        matchers.add("/webjars/**");
+        matchers.add("/swagger-resources/**");
+        matchers.add("/v3/api-docs/**");
+        matchers.add("/js/**");
+        matchers.add("/api/device/query/snap/**");
+        matchers.addAll(userSetting.getInterfaceAuthenticationExcludes());
+        // 可以直接访问的静态数据
+        web.ignoring().antMatchers(matchers.toArray(new String[0]));
     }
  
     /**