|
@@ -27,6 +27,7 @@ import org.springframework.web.filter.OncePerRequestFilter;
|
|
|
import java.io.IOException;
|
|
import java.io.IOException;
|
|
|
import java.nio.charset.StandardCharsets;
|
|
import java.nio.charset.StandardCharsets;
|
|
|
import java.time.Duration;
|
|
import java.time.Duration;
|
|
|
|
|
+import java.util.Set;
|
|
|
|
|
|
|
|
/**
|
|
/**
|
|
|
* JWT 认证过滤器 — 对应 Python security.py + dependencies.py 中的 JWT 校验逻辑
|
|
* JWT 认证过滤器 — 对应 Python security.py + dependencies.py 中的 JWT 校验逻辑
|
|
@@ -47,9 +48,24 @@ public class JwtAuthFilter extends OncePerRequestFilter {
|
|
|
@Value("${jwt.sliding-expire:true}")
|
|
@Value("${jwt.sliding-expire:true}")
|
|
|
private boolean slidingExpire;
|
|
private boolean slidingExpire;
|
|
|
|
|
|
|
|
|
|
+ /** SecurityConfig 中与 whitelist 保持同步 — 带过期 token 访问这些 URL 不拦截 */
|
|
|
|
|
+ private static final Set<String> WHITE_LIST_PATHS = Set.of(
|
|
|
|
|
+ "/system/auth/login", "/system/auth/login/mini", "/system/auth/login/sms",
|
|
|
|
|
+ "/system/auth/sms-code", "/system/auth/captcha/get", "/system/auth/logout",
|
|
|
|
|
+ "/system/auth/token/refresh", "/system/auth/auto-login",
|
|
|
|
|
+ "/system/user/register", "/system/user/forget/password",
|
|
|
|
|
+ "/payment/notify/health", "/payment/notify/alipay"
|
|
|
|
|
+ );
|
|
|
|
|
+
|
|
|
@Override
|
|
@Override
|
|
|
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
|
|
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
|
|
|
FilterChain filterChain) throws ServletException, IOException {
|
|
FilterChain filterChain) throws ServletException, IOException {
|
|
|
|
|
+ // 白名单 URL → 直接放行,不管 token 状态
|
|
|
|
|
+ if (isWhitelisted(request)) {
|
|
|
|
|
+ filterChain.doFilter(request, response);
|
|
|
|
|
+ return;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
String token = extractToken(request);
|
|
String token = extractToken(request);
|
|
|
|
|
|
|
|
// 无 token → 放行(permitAll 策略,由后续 @PreAuthorize 或 endpoint 自行检查)
|
|
// 无 token → 放行(permitAll 策略,由后续 @PreAuthorize 或 endpoint 自行检查)
|
|
@@ -165,6 +181,14 @@ public class JwtAuthFilter extends OncePerRequestFilter {
|
|
|
filterChain.doFilter(request, response);
|
|
filterChain.doFilter(request, response);
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+ private boolean isWhitelisted(HttpServletRequest request) {
|
|
|
|
|
+ String uri = request.getRequestURI();
|
|
|
|
|
+ for (String path : WHITE_LIST_PATHS) {
|
|
|
|
|
+ if (uri.contains(path)) return true;
|
|
|
|
|
+ }
|
|
|
|
|
+ return false;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
/** 写入 401 + code 10401 错误响应(对应 Python security.py L48) */
|
|
/** 写入 401 + code 10401 错误响应(对应 Python security.py L48) */
|
|
|
private void writeAuthError(HttpServletResponse response, ErrorCode errorCode) throws IOException {
|
|
private void writeAuthError(HttpServletResponse response, ErrorCode errorCode) throws IOException {
|
|
|
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
|
|
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
|
