|
|
|
@ -59,22 +59,28 @@ public class JWTAuthorizationFilter extends BasicAuthenticationFilter {
|
|
|
|
protected void doFilterInternal(HttpServletRequest request,
|
|
|
|
protected void doFilterInternal(HttpServletRequest request,
|
|
|
|
HttpServletResponse response,
|
|
|
|
HttpServletResponse response,
|
|
|
|
FilterChain chain) throws IOException, ServletException {
|
|
|
|
FilterChain chain) throws IOException, ServletException {
|
|
|
|
|
|
|
|
boolean checkAccessTokenOrTokenHeader = false;
|
|
|
|
// Token when verifying client interaction.
|
|
|
|
// Token when verifying client interaction.
|
|
|
|
String accessToken = request.getParameter(ACCESS_TOKEN);
|
|
|
|
String accessToken = request.getParameter(ACCESS_TOKEN);
|
|
|
|
|
|
|
|
String tokenHeader = request.getHeader(JwtTokenUtil.TOKEN_HEADER);
|
|
|
|
if (StringUtil.isNotBlank(accessToken)) {
|
|
|
|
if (StringUtil.isNotBlank(accessToken)) {
|
|
|
|
tokenManager.validateToken(accessToken);
|
|
|
|
tokenManager.validateToken(accessToken);
|
|
|
|
Authentication authentication = this.tokenManager.getAuthentication(accessToken);
|
|
|
|
Authentication authentication = this.tokenManager.getAuthentication(accessToken);
|
|
|
|
SecurityContextHolder.getContext().setAuthentication(authentication);
|
|
|
|
SecurityContextHolder.getContext().setAuthentication(authentication);
|
|
|
|
chain.doFilter(request, response);
|
|
|
|
checkAccessTokenOrTokenHeader = true;
|
|
|
|
return;
|
|
|
|
} else if (checkTokenHeader(tokenHeader)) {
|
|
|
|
|
|
|
|
// If there is no Authorization information in the request header, it will be released directly.
|
|
|
|
|
|
|
|
checkAccessTokenOrTokenHeader = true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// If there is no Authorization information in the request header, it will be released directly.
|
|
|
|
if (checkAccessTokenOrTokenHeader) {
|
|
|
|
String tokenHeader = request.getHeader(JwtTokenUtil.TOKEN_HEADER);
|
|
|
|
|
|
|
|
if (tokenHeader == null || !tokenHeader.startsWith(JwtTokenUtil.TOKEN_PREFIX)) {
|
|
|
|
|
|
|
|
chain.doFilter(request, response);
|
|
|
|
chain.doFilter(request, response);
|
|
|
|
return;
|
|
|
|
} else {
|
|
|
|
|
|
|
|
filterInternal(request, response, chain, tokenHeader);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// If there is a Token in the request header, it is parsed and the authentication information is set.
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
private void filterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain,
|
|
|
|
|
|
|
|
String tokenHeader) throws IOException, ServletException {
|
|
|
|
try {
|
|
|
|
try {
|
|
|
|
SecurityContextHolder.getContext().setAuthentication(getAuthentication(tokenHeader));
|
|
|
|
SecurityContextHolder.getContext().setAuthentication(getAuthentication(tokenHeader));
|
|
|
|
} catch (Exception ex) {
|
|
|
|
} catch (Exception ex) {
|
|
|
|
@ -96,11 +102,15 @@ public class JWTAuthorizationFilter extends BasicAuthenticationFilter {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
private boolean checkTokenHeader(String tokenHeader) {
|
|
|
|
|
|
|
|
return tokenHeader == null || !tokenHeader.startsWith(JwtTokenUtil.TOKEN_PREFIX);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
/**
|
|
|
|
* Obtain user information from Token and create a new Token.
|
|
|
|
* Obtain user information from Token and create a new Token.
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* @param tokenHeader token header
|
|
|
|
* @param tokenHeader tokenHeader
|
|
|
|
* @return username password authentication token
|
|
|
|
* @return UsernamePasswordAuthenticationToken
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|
private UsernamePasswordAuthenticationToken getAuthentication(String tokenHeader) {
|
|
|
|
private UsernamePasswordAuthenticationToken getAuthentication(String tokenHeader) {
|
|
|
|
String token = tokenHeader.replace(JwtTokenUtil.TOKEN_PREFIX, "");
|
|
|
|
String token = tokenHeader.replace(JwtTokenUtil.TOKEN_PREFIX, "");
|
|
|
|
|
WuLang
3 years ago
committed by
GitHub