Skip to content
项目
群组
代码片段
帮助
正在加载...
帮助
提交反馈
为 GitLab 提交贡献
登录
切换导航
iBiz4j Spring R7
项目
项目
详情
动态
版本
周期分析
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
统计图
议题
0
议题
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
CI / CD
CI / CD
流水线
作业
计划
统计图
Wiki
Wiki
代码片段
代码片段
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
统计图
创建新议题
作业
提交
议题看板
打开侧边栏
iBiz-R7后台标准模板
iBiz4j Spring R7
提交
72171bbc
提交
72171bbc
编写于
9月 09, 2020
作者:
xignzi006
🇨🇳
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
更新 AuthorizationTokenFilter.java.ftl
上级
ce211e8f
变更
1
隐藏空白字符变更
内嵌
并排
正在显示
1 个修改的文件
包含
37 行增加
和
7 行删除
+37
-7
AuthorizationTokenFilter.java.ftl
..._PKGPATH%/util/security/AuthorizationTokenFilter.java.ftl
+37
-7
未找到文件。
SLN/%PUBPRJ%-util/src/main/java/%SYS_PKGPATH%/util/security/AuthorizationTokenFilter.java.ftl
浏览文件 @
72171bbc
...
...
@@ -13,6 +13,8 @@ import org.springframework.security.core.userdetails.UserDetails;
import
org
.
springframework
.
security
.
core
.
userdetails
.
UserDetailsService
;
import
org
.
springframework
.
security
.
web
.
authentication
.
WebAuthenticationDetailsSource
;
import
org
.
springframework
.
stereotype
.
Component
;
import
org
.
springframework
.
util
.
AntPathMatcher
;
import
org
.
springframework
.
util
.
PathMatcher
;
import
org
.
springframework
.
web
.
filter
.
OncePerRequestFilter
;
import
org
.
springframework
.
beans
.
factory
.
annotation
.
Qualifier
;
...
...
@@ -21,6 +23,10 @@ import javax.servlet.ServletException;
import
javax
.
servlet
.
http
.
HttpServletRequest
;
import
javax
.
servlet
.
http
.
HttpServletResponse
;
import
java
.
io
.
IOException
;
import
java
.
util
.
Arrays
;
import
java
.
util
.
HashSet
;
import
java
.
util
.
Iterator
;
import
java
.
util
.
Set
;
@
Slf4j
@
Component
...
...
@@ -29,6 +35,8 @@ public class AuthorizationTokenFilter extends OncePerRequestFilter {
private
final
UserDetailsService
userDetailsService
;
private
final
AuthTokenUtil
authTokenUtil
;
private
final
String
tokenHeader
;
private
Set
<
String
>
excludesPattern
;
private
PathMatcher
pathMatcher
=
new
AntPathMatcher
();
public
AuthorizationTokenFilter
(
AuthenticationUserService
userDetailsService
,
AuthTokenUtil
authTokenUtil
,
@
Value
(${
r
'"${ibiz.jwt.header:Authorization}"'
})
String
tokenHeader
)
{
this
.
userDetailsService
=
userDetailsService
;
...
...
@@ -38,7 +46,11 @@ public class AuthorizationTokenFilter extends OncePerRequestFilter {
@
Override
protected
void
doFilterInternal
(
HttpServletRequest
request
,
HttpServletResponse
response
,
FilterChain
chain
)
throws
ServletException
,
IOException
{
if
(
isExclusion
(
request
.
getRequestURI
()))
{
chain
.
doFilter
(
request
,
response
);
return
;
}
final
String
requestHeader
=
request
.
getHeader
(
this
.
tokenHeader
);
String
username
=
null
;
...
...
@@ -53,20 +65,38 @@ public class AuthorizationTokenFilter extends OncePerRequestFilter {
}
if
(
username
!= null && SecurityContextHolder.getContext().getAuthentication() == null) {
//
It
is
not
compelling
necessary
to
load
the
use
details
from
the
database
.
You
could
also
store
the
information
//
in
the
token
and
read
it
from
it
.
It
's up to you ;)
UserDetails
userDetails
=
this
.
userDetailsService
.
loadUserByUsername
(
username
);
// For simple validation it is completely sufficient to just check the token integrity. You don'
t
have
to
call
//
the
database
compellingly
.
Again
it
's up to you ;)
if
(
authTokenUtil
.
validateToken
(
authToken
,
userDetails
))
{
UsernamePasswordAuthenticationToken
authentication
=
new
UsernamePasswordAuthenticationToken
(
userDetails
,
null
,
userDetails
.
getAuthorities
());
authentication
.
setDetails
(
new
WebAuthenticationDetailsSource
().
buildDetails
(
request
));
// log.info("authorizated user '
{}
', setting security context", username);
SecurityContextHolder
.
getContext
().
setAuthentication
(
authentication
);
}
}
chain
.
doFilter
(
request
,
response
);
}
public
void
setExcludesPattern
(
String
excludesPattern
)
{
this
.
excludesPattern
=
new
HashSet
(
Arrays
.
asList
(
excludesPattern
.
split
(
"
\\
s*,
\\
s*"
)));
}
public
void
addExcludePattern
(
String
excludePattern
)
{
excludesPattern
.
add
(
excludePattern
);
}
private
boolean
isExclusion
(
String
requestURI
)
{
if
(
this
.
excludesPattern
==
null
)
{
return
false
;
}
else
{
Iterator
excludeIterator
=
this
.
excludesPattern
.
iterator
();
String
pattern
;
do
{
if
(
!excludeIterator.hasNext()) {
return
false
;
}
pattern
=
(
String
)
excludeIterator
.
next
();
}
while
(
!pathMatcher.match(pattern, requestURI));
return
true
;
}
}
}
编辑
预览
Markdown
格式
0%
请重试
or
添加新附件
添加附件
取消
您添加了
0
人
到此讨论。请谨慎行事。
先完成此消息的编辑!
取消
想要评论请
注册
或
登录