move apis from filter to ignore

This commit is contained in:
wfnuser 2019-01-02 20:45:57 +08:00
parent 14b4c64c24
commit b330e4b4d7
3 changed files with 17 additions and 9 deletions

View File

@ -60,7 +60,10 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
public void configure(WebSecurity web) throws Exception {
// TODO: we should use a better way to match the resources
// requests for resource and auth api are always allowed
web.ignoring().antMatchers("/", "/*.html", "/**/*.js", "/**/*.css", "/favicon.ico", "/**/*.html", "/**/*.map", "/**/*.svg", "/console-fe/public/*", "/**/*.png", "/*.png");
web.ignoring()
.antMatchers("/", "/*.html", "/**/*.js", "/**/*.css", "/favicon.ico", "/**/*.html", "/**/*.map", "/**/*.svg", "/console-fe/public/*", "/**/*.png", "/*.png")
.antMatchers("/v1/auth/**")
.antMatchers("/v1/cs/health");
}
@Override
@ -72,8 +75,6 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
} else {
http
.authorizeRequests()
.antMatchers("/v1/cs/health").permitAll()
.antMatchers("/v1/auth/**").permitAll()
.anyRequest().authenticated().and()
// custom token authorize exception handler
.exceptionHandling()
@ -94,7 +95,6 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
return new BCryptPasswordEncoder();
}
@Bean
public GenericFilterBean genericFilterBean() {
return new JwtAuthenticationTokenFilter();
}

View File

@ -32,12 +32,19 @@ public class JwtAuthenticationTokenFilter extends GenericFilterBean {
HttpServletResponse httpRes = (HttpServletResponse) servletResponse;
String jwt = resolveToken(httpReq);
// JWT为空返回401
if (!StringUtils.hasText(jwt)) {
httpRes.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
}
// 验证JWT是否正确
if (this.tokenProvider.validateToken(jwt)) {
else if (this.tokenProvider.validateToken(jwt)) {
//获取用户认证信息
Authentication authentication = this.tokenProvider.getAuthentication(jwt);
//将用户保存到SecurityContext
SecurityContextHolder.getContext().setAuthentication(authentication);
} else {
// 验证失败返回403
httpRes.setStatus(HttpServletResponse.SC_FORBIDDEN);
}
filterChain.doFilter(servletRequest, servletResponse);

View File

@ -20,9 +20,10 @@ public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint {
private static final Logger logger = LoggerFactory.getLogger(JwtAuthenticationEntryPoint.class);
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException)
throws IOException, ServletException {
// 403
response.sendError(HttpServletResponse.SC_FORBIDDEN, "Authentication Failed");
public void commence(HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse,
AuthenticationException e) throws IOException, ServletException {
logger.error("Responding with unauthorized error. Message - {}", e.getMessage());
httpServletResponse.sendError(httpServletResponse.getStatus(), "Invalid token");
}
}