在网关白名单中的接口方法，一旦被携带正确token访问时，可能涉及处理有访问权限时的逻辑，固携带token时，则不跳过不需要验证的路径。

3 years ago · 515fa1356c
parent 1e16852a3c
commit 515fa1356c
1 changed files with 3 additions and 2 deletions
--- a/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java
+++ b/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java
@ -45,13 +45,14 @@ public class AuthFilter implements GlobalFilter, Ordered
        ServerHttpRequest request = exchange.getRequest();
        ServerHttpRequest.Builder mutate = request.mutate();

+        String token = getToken(request);
        String url = request.getURI().getPath();
        // 跳过不需要验证的路径
-        if (StringUtils.matches(url, ignoreWhite.getWhites()))
+        if (StringUtils.matches(url, ignoreWhite.getWhites()) && StringUtils.isEmpty(token))
        {
            return chain.filter(exchange);
        }
-        String token = getToken(request);
+        
        if (StringUtils.isEmpty(token))
        {
            return unauthorizedResponse(exchange, "令牌不能为空");