Update TokenFilter.java

report-core/src/main/java/com/anjiplus/template/gaea/business/filter/TokenFilter.java

@@ -7,14 +7,18 @@ import com.anji.plus.gaea.cache.CacheHelper;
 import com.anji.plus.gaea.utils.JwtBean;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.core.Ordered;
 import org.springframework.core.annotation.Order;
 import org.springframework.stereotype.Component;
 
+import javax.annotation.PostConstruct;
 import javax.servlet.*;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
+import java.util.List;
+import java.util.regex.Pattern;
 
 /**
  * 简单的鉴权
@@ -28,11 +32,44 @@ public class TokenFilter implements Filter {
     @Autowired
     private JwtBean jwtBean;
 
+    /**跳过token验证和权限验证的url清单*/
+    @Value("#{'${customer.skip-authenticate-urls}'.split(',')}")
+    private List<String> skipAuthenticateUrls;
+    private Pattern SKIP_AUTHENTICATE_PATTERN;
+
     @Override
     public void init(FilterConfig filterConfig) throws ServletException {
         Filter.super.init(filterConfig);
     }
 
+    /** 根据名单，生成正则
+     * @param skipUrlList
+     * @return
+     */
+    private Pattern fitByList(List<String> skipUrlList){
+        if(skipUrlList == null || skipUrlList.size() == 0){
+            return Pattern.compile(".*().*");
+        }
+        StringBuffer patternString = new StringBuffer();
+        patternString.append(".*(");
+
+        skipUrlList.stream().forEach(url ->{
+            patternString.append(url.trim());
+            patternString.append("|");
+        });
+        if(skipUrlList.size()>0){
+            patternString.deleteCharAt(patternString.length()-1);
+        }
+        patternString.append(").*");
+
+        return Pattern.compile(patternString.toString());
+    }
+
+    @PostConstruct
+    private void postConstruct() {
+        SKIP_AUTHENTICATE_PATTERN = fitByList(skipAuthenticateUrls);
+    }
+
     @Override
     public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
         HttpServletRequest request = (HttpServletRequest) servletRequest;
@@ -43,10 +80,13 @@ public class TokenFilter implements Filter {
             response.sendRedirect("/index.html");
             return;
         }
-        if (!uri.startsWith("/login")
+
-                && !uri.startsWith("/static")
+        // 不需要token验证和权限验证的url，直接放行
-                && !uri.startsWith("/file/download/")
+        boolean skipAuthenticate = SKIP_AUTHENTICATE_PATTERN.matcher(uri).matches();
-                && !uri.contains("index.html")) {
+        if(skipAuthenticate){
+            filterChain.doFilter(request, response);
+            return;
+        }
 
         //获取token
         String authorization = request.getHeader("Authorization");
@@ -66,7 +106,6 @@ public class TokenFilter implements Filter {
         //延长有效期
         cacheHelper.stringSetExpire(username, authorization, 3600);
 
-
         //在线体验版本
         if (username.equals("guest")
                 && !uri.endsWith("/dataSet/testTransform")
@@ -85,7 +124,6 @@ public class TokenFilter implements Filter {
                 return;
             }
         }
-        }
 
         //执行
         filterChain.doFilter(request, response);