fix(ResourceServerManager.java): 移动端请求不鉴权,只需认证

This commit is contained in:
郝先瑞 2021-06-20 21:42:56 +08:00
parent aad7396bb3
commit f40157dc62

View File

@ -53,7 +53,7 @@ public class ResourceServerManager implements ReactiveAuthorizationManager<Autho
// 移动端请求无需鉴权只需认证即JWT的验签和是否过期判断 // 移动端请求无需鉴权只需认证即JWT的验签和是否过期判断
if (pathMatcher.match(GlobalConstants.APP_API_PATTERN, path)) { if (pathMatcher.match(GlobalConstants.APP_API_PATTERN, path)) {
// 如果token以"bearer "为前缀则必经过NimbusReactiveJwtDecoder#decode和JwtTimestampValidator#validate等解析和验证通过的表示已认证 // 如果token以"bearer "为前缀到这一步说明是经过NimbusReactiveJwtDecoder#decode和JwtTimestampValidator#validate等解析和验证通过的已认证
if (StrUtil.isNotBlank(token) && token.startsWith(AuthConstants.AUTHORIZATION_PREFIX)) { if (StrUtil.isNotBlank(token) && token.startsWith(AuthConstants.AUTHORIZATION_PREFIX)) {
return Mono.just(new AuthorizationDecision(true)); return Mono.just(new AuthorizationDecision(true));
}else{ }else{