guzijian / wvp-GB28181-pro · Commits

Commit a4328e3d4fe2894c0ddf378eea9b3c2a3498d62b

Authored by 648540858
1 parent 663f3941

修复关闭接口鉴权后跨域设置失效的问题

Inline Side-by-side
Showing 2 changed files with 27 additions and 21 deletions
src/main/java/com/genersoft/iot/vmp/conf/security/JwtAuthenticationFilter.java
  View file @a4328e3
1 package com.genersoft.iot.vmp.conf.security; 1 package com.genersoft.iot.vmp.conf.security;
2 2
  3 +import com.genersoft.iot.vmp.conf.UserSetting;
3 import com.genersoft.iot.vmp.conf.security.dto.JwtUser; 4 import com.genersoft.iot.vmp.conf.security.dto.JwtUser;
4 import org.apache.commons.lang3.StringUtils; 5 import org.apache.commons.lang3.StringUtils;
  6 +import org.springframework.beans.factory.annotation.Autowired;
5 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; 7 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
6 import org.springframework.security.core.context.SecurityContextHolder; 8 import org.springframework.security.core.context.SecurityContextHolder;
7 import org.springframework.stereotype.Component; 9 import org.springframework.stereotype.Component;
@@ -22,6 +24,10 @@ import java.util.ArrayList; @@ -22,6 +24,10 @@ import java.util.ArrayList;
22 public class JwtAuthenticationFilter extends OncePerRequestFilter { 24 public class JwtAuthenticationFilter extends OncePerRequestFilter {
23 25
24 26
  27 + @Autowired
  28 + private UserSetting userSetting;
  29 +
  30 +
25 @Override 31 @Override
26 protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException { 32 protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
27 33
@@ -31,6 +37,13 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter { @@ -31,6 +37,13 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
31 chain.doFilter(request, response); 37 chain.doFilter(request, response);
32 return; 38 return;
33 } 39 }
  40 + if (!userSetting.isInterfaceAuthentication()) {
  41 + // 构建UsernamePasswordAuthenticationToken,这里密码为null,是因为提供了正确的JWT,实现自动登录
  42 + UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(null, null, new ArrayList<>() );
  43 + SecurityContextHolder.getContext().setAuthentication(token);
  44 + chain.doFilter(request, response);
  45 + return;
  46 + }
34 String jwt = request.getHeader(JwtUtils.getHeader()); 47 String jwt = request.getHeader(JwtUtils.getHeader());
35 // 这里如果没有jwt,继续往后走,因为后面还有鉴权管理器等去判断是否拥有身份凭证,所以是可以放行的 48 // 这里如果没有jwt,继续往后走,因为后面还有鉴权管理器等去判断是否拥有身份凭证,所以是可以放行的
36 // 没有jwt相当于匿名访问,若有一些接口是需要权限的,则不能访问这些接口 49 // 没有jwt相当于匿名访问,若有一些接口是需要权限的,则不能访问这些接口
@@ -62,9 +75,6 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter { @@ -62,9 +75,6 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
62 default: 75 default:
63 } 76 }
64 77
65 -// String password = SecurityUtils.encryptPassword(jwtUser.getPassword());  
66 -// user.setPassword(password);  
67 -  
68 // 构建UsernamePasswordAuthenticationToken,这里密码为null,是因为提供了正确的JWT,实现自动登录 78 // 构建UsernamePasswordAuthenticationToken,这里密码为null,是因为提供了正确的JWT,实现自动登录
69 UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, jwtUser.getPassword(), new ArrayList<>() ); 79 UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, jwtUser.getPassword(), new ArrayList<>() );
70 SecurityContextHolder.getContext().setAuthentication(token); 80 SecurityContextHolder.getContext().setAuthentication(token);
src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
  View file @a4328e3
@@ -73,24 +73,20 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @@ -73,24 +73,20 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
73 @Override 73 @Override
74 public void configure(WebSecurity web) { 74 public void configure(WebSecurity web) {
75 75
76 - if (!userSetting.isInterfaceAuthentication()) {  
77 - web.ignoring().antMatchers("**");  
78 - }else {  
79 - ArrayList<String> matchers = new ArrayList<>();  
80 - matchers.add("/");  
81 - matchers.add("/#/**");  
82 - matchers.add("/static/**");  
83 - matchers.add("/index.html");  
84 - matchers.add("/doc.html");  
85 - matchers.add("/webjars/**");  
86 - matchers.add("/swagger-resources/**");  
87 - matchers.add("/v3/api-docs/**");  
88 - matchers.add("/js/**");  
89 - matchers.add("/api/device/query/snap/**");  
90 - matchers.addAll(userSetting.getInterfaceAuthenticationExcludes());  
91 - // 可以直接访问的静态数据  
92 - web.ignoring().antMatchers(matchers.toArray(new String[0]));  
93 - } 76 + ArrayList<String> matchers = new ArrayList<>();
  77 + matchers.add("/");
  78 + matchers.add("/#/**");
  79 + matchers.add("/static/**");
  80 + matchers.add("/index.html");
  81 + matchers.add("/doc.html");
  82 + matchers.add("/webjars/**");
  83 + matchers.add("/swagger-resources/**");
  84 + matchers.add("/v3/api-docs/**");
  85 + matchers.add("/js/**");
  86 + matchers.add("/api/device/query/snap/**");
  87 + matchers.addAll(userSetting.getInterfaceAuthenticationExcludes());
  88 + // 可以直接访问的静态数据
  89 + web.ignoring().antMatchers(matchers.toArray(new String[0]));
94 } 90 }
95 91
96 /** 92 /**