From 4069aa1d01bb4ce98ea154940a46d5c014252897 Mon Sep 17 00:00:00 2001
From: zrj <646384940@qq.com>
Date: Tue, 11 Jun 2024 11:21:41 +0800
Subject: [PATCH] 鉴权调整

---
 blade-auth/src/main/java/org/springblade/auth/handle/TokenFilterHandle.java |   65 +++++++++++++++++++++++++++++---
 1 files changed, 59 insertions(+), 6 deletions(-)

diff --git a/blade-auth/src/main/java/org/springblade/auth/handle/TokenFilterHandle.java b/blade-auth/src/main/java/org/springblade/auth/handle/TokenFilterHandle.java
index 510982e..baaef41 100644
--- a/blade-auth/src/main/java/org/springblade/auth/handle/TokenFilterHandle.java
+++ b/blade-auth/src/main/java/org/springblade/auth/handle/TokenFilterHandle.java
@@ -2,14 +2,17 @@
 
 import com.alibaba.nacos.common.utils.StringUtils;
 import io.jsonwebtoken.Claims;
-import org.springblade.auth.utils.TokenUtil;
 import org.springblade.core.jwt.JwtUtil;
 import org.springblade.core.launch.constant.TokenConstant;
+import org.springblade.core.secure.registry.SecureRegistry;
+import org.springblade.core.tool.utils.CollectionUtil;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.util.AntPathMatcher;
+import org.springframework.util.PathMatcher;
 import org.springframework.web.filter.OncePerRequestFilter;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
@@ -18,6 +21,7 @@
 import java.io.IOException;
 import java.io.OutputStreamWriter;
 import java.io.PrintWriter;
+import java.util.List;
 
 /**
  * token 校验过滤器
@@ -25,10 +29,44 @@
 @Configuration
 public class TokenFilterHandle extends OncePerRequestFilter {
 
+	/**
+	 * 安全框架配置
+	 */
+	@Bean
+	public SecureRegistry secureRegistry() {
+		SecureRegistry secureRegistry = new SecureRegistry();
+		secureRegistry.setEnabled(true);
+		secureRegistry.excludePathPatterns("/oauth/login");
+		secureRegistry.excludePathPatterns("/oauth/authorize");
+		secureRegistry.excludePathPatterns("/oauth/form");
+		secureRegistry.excludePathPatterns("/oauth/token");
+		secureRegistry.excludePathPatterns("/blade-system/menu/routes");
+		secureRegistry.excludePathPatterns("/blade-system/menu/auth-routes");
+		secureRegistry.excludePathPatterns("/blade-system/menu/top-menu");
+		secureRegistry.excludePathPatterns("/blade-system/tenant/info");
+		secureRegistry.excludePathPatterns("/blade-flow/process/resource-view");
+		secureRegistry.excludePathPatterns("/blade-flow/process/diagram-view");
+		secureRegistry.excludePathPatterns("/blade-flow/manager/check-upload");
+		secureRegistry.excludePathPatterns("/doc.html");
+		secureRegistry.excludePathPatterns("/js/**");
+		secureRegistry.excludePathPatterns("/webjars/**");
+		secureRegistry.excludePathPatterns("/swagger-resources/**");
+		secureRegistry.excludePathPatterns("/druid/**");
+		return secureRegistry;
+	}
+
 
 	@Override
 	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
 		throws ServletException, IOException {
+		String requestURI = request.getRequestURI();
+		// 白名单url 放行
+		if (filterWhiteUrl(requestURI)){
+			filterChain.doFilter(request, response);
+			return;
+		}
+
+		// 获取请求头
 		String auth = request.getHeader("Blade-Auth");
 		if (StringUtils.isBlank(auth)) {
 			// 无授权处理
@@ -49,10 +87,6 @@
 					= new UsernamePasswordAuthenticationToken(account, null);
 				authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
 				SecurityContextHolder.getContext().setAuthentication(authenticationToken);
-			}else {
-				// 无授权处理
-				unAuthResponse(response);
-				return;
 			}
 		}else {
 			// 无授权处理
@@ -64,6 +98,25 @@
 	}
 
 	/**
+	 * 白名单url 放行
+	 * @param requestURI
+	 * @return
+	 */
+	private boolean filterWhiteUrl(String requestURI) {
+		List<String> whiteList = secureRegistry().getExcludePatterns();
+		if (CollectionUtil.isNotEmpty(whiteList)) {
+			PathMatcher matcher = new AntPathMatcher();
+			for (String releaseUrl : whiteList) {
+				boolean match = matcher.match(releaseUrl, requestURI);
+				if (match) {
+					return true;
+				}
+			}
+		}
+		return false;
+	}
+
+	/**
 	 * 无授权处理
 	 * @param response
 	 * @throws IOException

--
Gitblit v1.9.3