From 717dd1ab7c5665e2c814bb5e1808e7a129028b33 Mon Sep 17 00:00:00 2001 From: gaibu <1016771049@qq.com> Date: Fri, 6 Jan 2023 18:23:39 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E7=A7=AF=E6=9C=A8=E6=8A=A5=E8=A1=A8=20A?= =?UTF-8?q?PI=20=E6=95=B0=E6=8D=AE=E9=9B=86=E8=A7=A3=E6=9E=90=E6=97=B6=20t?= =?UTF-8?q?oken=20=E6=9C=AA=E6=AD=A3=E7=A1=AE=E8=A7=A3=E6=9E=90=E7=9A=84?= =?UTF-8?q?=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../security/config/SecurityProperties.java | 2 ++ .../filter/TokenAuthenticationFilter.java | 26 ++++++++++++++++--- 2 files changed, 25 insertions(+), 3 deletions(-) diff --git a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/SecurityProperties.java b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/SecurityProperties.java index 7454b5ff6..dfc1113f0 100644 --- a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/SecurityProperties.java +++ b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/SecurityProperties.java @@ -20,6 +20,8 @@ public class SecurityProperties { @NotEmpty(message = "Token Header 不能为空") private String tokenHeader = "Authorization"; + private String jmTokenHeader = "X-Access-Token"; + /** * mock 模式的开关 */ diff --git a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java index e87f5bc44..d6624a1de 100644 --- a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java +++ b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java @@ -21,6 +21,7 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; +import java.util.Optional; /** * Token 过滤器,验证 token 的有效性 @@ -62,6 +63,25 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter { return; } } + // 积木请求头 + String jmTokenHeader = request.getHeader(securityProperties.getJmTokenHeader()); + if (StrUtil.isNotEmpty(jmTokenHeader)) { + try { + OAuth2AccessTokenCheckRespDTO accessToken = oauth2TokenApi.checkAccessToken(jmTokenHeader); + Optional optUser = Optional.ofNullable(accessToken) + .map( + t -> new LoginUser().setId(t.getUserId()) + .setUserType(t.getUserType()) + .setTenantId(t.getTenantId()) + .setScopes(t.getScopes()) + ); + if (optUser.isPresent()) { + SecurityFrameworkUtils.setLoginUser(optUser.get(), request); + } + } catch (ServiceException ignored) { + // do nothing:如果报错,说明认证失败,忽略即可 + } + } // 继续过滤链 chain.doFilter(request, response); @@ -88,11 +108,11 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter { /** * 模拟登录用户,方便日常开发调试 - * + *

* 注意,在线上环境下,一定要关闭该功能!!! * - * @param request 请求 - * @param token 模拟的 token,格式为 {@link SecurityProperties#getMockSecret()} + 用户编号 + * @param request 请求 + * @param token 模拟的 token,格式为 {@link SecurityProperties#getMockSecret()} + 用户编号 * @param userType 用户类型 * @return 模拟的 LoginUser */