Update TokenFilter.java

木子李·De 3 years ago
parent 066b0173aa
commit 36cc3c7f82

@ -7,14 +7,18 @@ import com.anji.plus.gaea.cache.CacheHelper;
import com.anji.plus.gaea.utils.JwtBean; import com.anji.plus.gaea.utils.JwtBean;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.Ordered; import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order; import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import javax.annotation.PostConstruct;
import javax.servlet.*; import javax.servlet.*;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import java.io.IOException; import java.io.IOException;
import java.util.List;
import java.util.regex.Pattern;
/** /**
* *
@ -28,11 +32,44 @@ public class TokenFilter implements Filter {
@Autowired @Autowired
private JwtBean jwtBean; private JwtBean jwtBean;
/**跳过token验证和权限验证的url清单*/
@Value("#{'${customer.skip-authenticate-urls}'.split(',')}")
private List<String> skipAuthenticateUrls;
private Pattern SKIP_AUTHENTICATE_PATTERN;
@Override @Override
public void init(FilterConfig filterConfig) throws ServletException { public void init(FilterConfig filterConfig) throws ServletException {
Filter.super.init(filterConfig); Filter.super.init(filterConfig);
} }
/**
* @param skipUrlList
* @return
*/
private Pattern fitByList(List<String> skipUrlList){
if(skipUrlList == null || skipUrlList.size() == 0){
return Pattern.compile(".*().*");
}
StringBuffer patternString = new StringBuffer();
patternString.append(".*(");
skipUrlList.stream().forEach(url ->{
patternString.append(url.trim());
patternString.append("|");
});
if(skipUrlList.size()>0){
patternString.deleteCharAt(patternString.length()-1);
}
patternString.append(").*");
return Pattern.compile(patternString.toString());
}
@PostConstruct
private void postConstruct() {
SKIP_AUTHENTICATE_PATTERN = fitByList(skipAuthenticateUrls);
}
@Override @Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletRequest request = (HttpServletRequest) servletRequest;
@ -43,47 +80,48 @@ public class TokenFilter implements Filter {
response.sendRedirect("/index.html"); response.sendRedirect("/index.html");
return; return;
} }
if (!uri.startsWith("/login")
&& !uri.startsWith("/static")
&& !uri.startsWith("/file/download/")
&& !uri.contains("index.html")) {
//获取token
String authorization = request.getHeader("Authorization");
if (StringUtils.isBlank(authorization)) {
error(response);
return;
}
String username = jwtBean.getUsername(authorization); // 不需要token验证和权限验证的url直接放行
// String uuid = jwtBean.getUUID(authorization); boolean skipAuthenticate = SKIP_AUTHENTICATE_PATTERN.matcher(uri).matches();
if(skipAuthenticate){
filterChain.doFilter(request, response);
return;
}
if (!cacheHelper.exist(username)) { //获取token
error(response); String authorization = request.getHeader("Authorization");
return; if (StringUtils.isBlank(authorization)) {
} error(response);
return;
}
//延长有效期 String username = jwtBean.getUsername(authorization);
cacheHelper.stringSetExpire(username, authorization, 3600); // String uuid = jwtBean.getUUID(authorization);
if (!cacheHelper.exist(username)) {
error(response);
return;
}
//在线体验版本 //延长有效期
if (username.equals("guest") cacheHelper.stringSetExpire(username, authorization, 3600);
&& !uri.endsWith("/dataSet/testTransform")
&& !uri.endsWith("/reportDashboard/getData") //在线体验版本
&& !uri.startsWith("/dict") if (username.equals("guest")
&& !uri.startsWith("/dict") && !uri.endsWith("/dataSet/testTransform")
&& !uri.endsWith("/reportDashboard/getData")
&& !uri.startsWith("/dict")
&& !uri.startsWith("/dict")
) {
//不允许删除
String method = request.getMethod();
if ("post".equalsIgnoreCase(method)
|| "put".equalsIgnoreCase(method)
|| "delete".equalsIgnoreCase(method)
) { ) {
//不允许删除 ResponseBean responseBean = ResponseBean.builder().code("50001").message("在线体验版本,不允许此操作。请自行下载本地运行").build();
String method = request.getMethod(); response.getWriter().print(JSONObject.toJSONString(responseBean));
if ("post".equalsIgnoreCase(method) return;
|| "put".equalsIgnoreCase(method)
|| "delete".equalsIgnoreCase(method)
) {
ResponseBean responseBean = ResponseBean.builder().code("50001").message("在线体验版本,不允许此操作。请自行下载本地运行").build();
response.getWriter().print(JSONObject.toJSONString(responseBean));
return;
}
} }
} }

Loading…
Cancel
Save