fix: 跨域放行准则
This commit is contained in:
parent
ae24df4741
commit
c49c96290a
34
src/main/java/com/jsl/oa/config/filter/CorsFilter.java
Normal file
34
src/main/java/com/jsl/oa/config/filter/CorsFilter.java
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
package com.jsl.oa.config.filter;
|
||||||
|
|
||||||
|
import lombok.extern.slf4j.Slf4j;
|
||||||
|
import org.springframework.stereotype.Component;
|
||||||
|
|
||||||
|
import javax.servlet.*;
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
|
||||||
|
@Slf4j
|
||||||
|
@Component
|
||||||
|
public class CorsFilter implements Filter {
|
||||||
|
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) {
|
||||||
|
// 请求头处理
|
||||||
|
HttpServletResponse response = (HttpServletResponse) res;
|
||||||
|
HttpServletRequest request = (HttpServletRequest) req;
|
||||||
|
|
||||||
|
// 允许跨域请求
|
||||||
|
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
|
||||||
|
|
||||||
|
try {
|
||||||
|
chain.doFilter(request, response);
|
||||||
|
} catch (Exception e) {
|
||||||
|
log.error("CORS过滤器放行异常", e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public void init(FilterConfig filterConfig) {}
|
||||||
|
|
||||||
|
public void destroy() {
|
||||||
|
Filter.super.destroy();
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
@ -1,4 +1,4 @@
|
|||||||
package com.jsl.oa.config;
|
package com.jsl.oa.config.filter;
|
||||||
|
|
||||||
import com.google.gson.Gson;
|
import com.google.gson.Gson;
|
||||||
import com.jsl.oa.utils.ErrorCode;
|
import com.jsl.oa.utils.ErrorCode;
|
||||||
@ -7,10 +7,12 @@ import com.jsl.oa.utils.ResultUtil;
|
|||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import org.apache.shiro.authc.ExpiredCredentialsException;
|
import org.apache.shiro.authc.ExpiredCredentialsException;
|
||||||
import org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter;
|
import org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter;
|
||||||
|
import org.springframework.stereotype.Component;
|
||||||
|
|
||||||
import javax.servlet.ServletRequest;
|
import javax.servlet.ServletRequest;
|
||||||
import javax.servlet.ServletResponse;
|
import javax.servlet.ServletResponse;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* <h1>JWT过滤器</h1>
|
* <h1>JWT过滤器</h1>
|
||||||
@ -22,6 +24,7 @@ import javax.servlet.http.HttpServletRequest;
|
|||||||
* @since v1.1.0
|
* @since v1.1.0
|
||||||
*/
|
*/
|
||||||
@Slf4j
|
@Slf4j
|
||||||
|
@Component
|
||||||
public class JwtFilter extends BasicHttpAuthenticationFilter {
|
public class JwtFilter extends BasicHttpAuthenticationFilter {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -61,6 +64,10 @@ public class JwtFilter extends BasicHttpAuthenticationFilter {
|
|||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
protected boolean onAccessDenied(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
|
protected boolean onAccessDenied(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
|
||||||
|
// 添加跨域禁止
|
||||||
|
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
|
||||||
|
httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");
|
||||||
|
// 程序执行
|
||||||
try {
|
try {
|
||||||
// 尝试获取Authorization Header
|
// 尝试获取Authorization Header
|
||||||
String token = getAuthzHeader(request);
|
String token = getAuthzHeader(request);
|
||||||
@ -1,7 +1,5 @@
|
|||||||
package com.jsl.oa.config.shiro;
|
package com.jsl.oa.config.shiro;
|
||||||
|
|
||||||
import com.jsl.oa.services.UserService;
|
|
||||||
import lombok.RequiredArgsConstructor;
|
|
||||||
import org.apache.shiro.authc.AuthenticationException;
|
import org.apache.shiro.authc.AuthenticationException;
|
||||||
import org.apache.shiro.authc.AuthenticationInfo;
|
import org.apache.shiro.authc.AuthenticationInfo;
|
||||||
import org.apache.shiro.authc.AuthenticationToken;
|
import org.apache.shiro.authc.AuthenticationToken;
|
||||||
@ -10,11 +8,8 @@ import org.apache.shiro.realm.AuthorizingRealm;
|
|||||||
import org.apache.shiro.subject.PrincipalCollection;
|
import org.apache.shiro.subject.PrincipalCollection;
|
||||||
import org.jetbrains.annotations.NotNull;
|
import org.jetbrains.annotations.NotNull;
|
||||||
|
|
||||||
@RequiredArgsConstructor
|
|
||||||
public class MyRealm extends AuthorizingRealm {
|
public class MyRealm extends AuthorizingRealm {
|
||||||
|
|
||||||
private final UserService userService;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 授权
|
* 授权
|
||||||
*
|
*
|
||||||
|
|||||||
@ -1,6 +1,7 @@
|
|||||||
package com.jsl.oa.config.shiro;
|
package com.jsl.oa.config.shiro;
|
||||||
|
|
||||||
import com.jsl.oa.config.JwtFilter;
|
import com.jsl.oa.config.filter.CorsFilter;
|
||||||
|
import com.jsl.oa.config.filter.JwtFilter;
|
||||||
import com.jsl.oa.services.UserService;
|
import com.jsl.oa.services.UserService;
|
||||||
import lombok.RequiredArgsConstructor;
|
import lombok.RequiredArgsConstructor;
|
||||||
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
|
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
|
||||||
@ -29,7 +30,7 @@ public class ShiroConfiguration {
|
|||||||
filterChainDefinitionMap.put("/unauthorized", "anon"); // 未授权接口允许匿名访问
|
filterChainDefinitionMap.put("/unauthorized", "anon"); // 未授权接口允许匿名访问
|
||||||
filterChainDefinitionMap.put("/", "anon"); // 首页允许匿名访问
|
filterChainDefinitionMap.put("/", "anon"); // 首页允许匿名访问
|
||||||
filterChainDefinitionMap.put("/info/header-image/get", "anon"); // 信息接口允许匿名访问
|
filterChainDefinitionMap.put("/info/header-image/get", "anon"); // 信息接口允许匿名访问
|
||||||
filterChainDefinitionMap.put("/**/**", "jwt"); // 其他接口一律拦截(需要Token)
|
filterChainDefinitionMap.put("/**/**", "authc"); // 其他接口一律拦截(需要Token)
|
||||||
|
|
||||||
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
|
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
|
||||||
|
|
||||||
@ -38,7 +39,8 @@ public class ShiroConfiguration {
|
|||||||
|
|
||||||
// 添加JWT过滤器
|
// 添加JWT过滤器
|
||||||
Map<String, Filter> filters = new LinkedHashMap<>();
|
Map<String, Filter> filters = new LinkedHashMap<>();
|
||||||
filters.put("jwt", new JwtFilter()); // 配置自定义的JWT过滤器
|
filters.put("authc", new JwtFilter()); // 配置自定义的JWT过滤器
|
||||||
|
filters.put("anon", new CorsFilter()); // 配置自定义的CORS过滤器
|
||||||
shiroFilterFactoryBean.setFilters(filters);
|
shiroFilterFactoryBean.setFilters(filters);
|
||||||
return shiroFilterFactoryBean;
|
return shiroFilterFactoryBean;
|
||||||
}
|
}
|
||||||
@ -52,6 +54,6 @@ public class ShiroConfiguration {
|
|||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
public MyRealm myRealm() {
|
public MyRealm myRealm() {
|
||||||
return new MyRealm(userService);
|
return new MyRealm();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,6 +1,7 @@
|
|||||||
package com.jsl.oa.utils;
|
package com.jsl.oa.utils;
|
||||||
|
|
||||||
import com.jsl.oa.common.constant.SafeConstants;
|
import com.jsl.oa.common.constant.SafeConstants;
|
||||||
|
import com.jsl.oa.config.filter.JwtFilter;
|
||||||
import io.jsonwebtoken.Claims;
|
import io.jsonwebtoken.Claims;
|
||||||
import io.jsonwebtoken.Jws;
|
import io.jsonwebtoken.Jws;
|
||||||
import io.jsonwebtoken.Jwts;
|
import io.jsonwebtoken.Jwts;
|
||||||
@ -19,7 +20,7 @@ import java.util.regex.Pattern;
|
|||||||
*
|
*
|
||||||
* @author 筱锋xiao_lfeng
|
* @author 筱锋xiao_lfeng
|
||||||
* @version v1.1.0
|
* @version v1.1.0
|
||||||
* @see com.jsl.oa.config.JwtFilter
|
* @see JwtFilter
|
||||||
* @since v1.1.0
|
* @since v1.1.0
|
||||||
*/
|
*/
|
||||||
@Slf4j
|
@Slf4j
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user