jczz_unified_auth.git

			@@ -2,14 +2,17 @@

			import com.alibaba.nacos.common.utils.StringUtils;
			import io.jsonwebtoken.Claims;
			import org.springblade.auth.utils.TokenUtil;
			import org.springblade.core.jwt.JwtUtil;
			import org.springblade.core.launch.constant.TokenConstant;
			import org.springblade.core.secure.registry.SecureRegistry;
			import org.springblade.core.tool.utils.CollectionUtil;
			import org.springframework.context.annotation.Bean;
			import org.springframework.context.annotation.Configuration;
			import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
			import org.springframework.security.core.context.SecurityContext;
			import org.springframework.security.core.context.SecurityContextHolder;
			import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
			import org.springframework.util.AntPathMatcher;
			import org.springframework.util.PathMatcher;
			import org.springframework.web.filter.OncePerRequestFilter;
			import javax.servlet.FilterChain;
			import javax.servlet.ServletException;
			@@ -18,6 +21,7 @@
			import java.io.IOException;
			import java.io.OutputStreamWriter;
			import java.io.PrintWriter;
			import java.util.List;

			/**
			* token 校验过滤器
			@@ -25,10 +29,44 @@
			@Configuration
			public class TokenFilterHandle extends OncePerRequestFilter {

			/**
			* 安全框架配置
			*/
			@Bean
			public SecureRegistry secureRegistry() {
			SecureRegistry secureRegistry = new SecureRegistry();
			secureRegistry.setEnabled(true);
			secureRegistry.excludePathPatterns("/oauth/login");
			secureRegistry.excludePathPatterns("/oauth/authorize");
			secureRegistry.excludePathPatterns("/oauth/form");
			secureRegistry.excludePathPatterns("/oauth/token");
			secureRegistry.excludePathPatterns("/blade-system/menu/routes");
			secureRegistry.excludePathPatterns("/blade-system/menu/auth-routes");
			secureRegistry.excludePathPatterns("/blade-system/menu/top-menu");
			secureRegistry.excludePathPatterns("/blade-system/tenant/info");
			secureRegistry.excludePathPatterns("/blade-flow/process/resource-view");
			secureRegistry.excludePathPatterns("/blade-flow/process/diagram-view");
			secureRegistry.excludePathPatterns("/blade-flow/manager/check-upload");
			secureRegistry.excludePathPatterns("/doc.html");
			secureRegistry.excludePathPatterns("/js/**");
			secureRegistry.excludePathPatterns("/webjars/**");
			secureRegistry.excludePathPatterns("/swagger-resources/**");
			secureRegistry.excludePathPatterns("/druid/**");
			return secureRegistry;
			}


			@Override
			protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
			throws ServletException, IOException {
			String requestURI = request.getRequestURI();
			// 白名单url 放行
			if (filterWhiteUrl(requestURI)){
			filterChain.doFilter(request, response);
			return;
			}

			// 获取请求头
			String auth = request.getHeader("Blade-Auth");
			if (StringUtils.isBlank(auth)) {
			// 无授权处理
			@@ -49,10 +87,6 @@
			= new UsernamePasswordAuthenticationToken(account, null);
			authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
			SecurityContextHolder.getContext().setAuthentication(authenticationToken);
			}else {
			// 无授权处理
			unAuthResponse(response);
			return;
			}
			}else {
			// 无授权处理
			@@ -64,6 +98,25 @@
			}

			/**
			* 白名单url 放行
			* @param requestURI
			* @return
			*/
			private boolean filterWhiteUrl(String requestURI) {
			List<String> whiteList = secureRegistry().getExcludePatterns();
			if (CollectionUtil.isNotEmpty(whiteList)) {
			PathMatcher matcher = new AntPathMatcher();
			for (String releaseUrl : whiteList) {
			boolean match = matcher.match(releaseUrl, requestURI);
			if (match) {
			return true;
			}
			}
			}
			return false;
			}

			/**
			* 无授权处理
			* @param response
			* @throws IOException