mirror of
https://gitee.com/youlaitech/youlai-mall.git
synced 2024-12-23 13:03:43 +08:00
fix(ResourceServerManager.java): 移动端请求不鉴权,只需认证
This commit is contained in:
parent
aad7396bb3
commit
f40157dc62
@ -53,7 +53,7 @@ public class ResourceServerManager implements ReactiveAuthorizationManager<Autho
|
|||||||
|
|
||||||
// 移动端请求无需鉴权,只需认证(即JWT的验签和是否过期判断)
|
// 移动端请求无需鉴权,只需认证(即JWT的验签和是否过期判断)
|
||||||
if (pathMatcher.match(GlobalConstants.APP_API_PATTERN, path)) {
|
if (pathMatcher.match(GlobalConstants.APP_API_PATTERN, path)) {
|
||||||
// 如果token以"bearer "为前缀,则必经过NimbusReactiveJwtDecoder#decode和JwtTimestampValidator#validate等解析和验证通过的,即表示已认证
|
// 如果token以"bearer "为前缀,到这一步说明是经过NimbusReactiveJwtDecoder#decode和JwtTimestampValidator#validate等解析和验证通过的,即已认证
|
||||||
if (StrUtil.isNotBlank(token) && token.startsWith(AuthConstants.AUTHORIZATION_PREFIX)) {
|
if (StrUtil.isNotBlank(token) && token.startsWith(AuthConstants.AUTHORIZATION_PREFIX)) {
|
||||||
return Mono.just(new AuthorizationDecision(true));
|
return Mono.just(new AuthorizationDecision(true));
|
||||||
}else{
|
}else{
|
||||||
|
Loading…
Reference in New Issue
Block a user