diff --git a/pom.xml b/pom.xml
index af6a606..4113a6d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -44,6 +44,7 @@
org.springframework.boot
spring-boot-starter-security
+
org.springframework.boot
diff --git a/src/main/java/com/example/demo/Util/RequestWrapper.java b/src/main/java/com/example/demo/Util/RequestWrapper.java
index 7baf95f..e9b1f63 100644
--- a/src/main/java/com/example/demo/Util/RequestWrapper.java
+++ b/src/main/java/com/example/demo/Util/RequestWrapper.java
@@ -26,7 +26,7 @@ public class RequestWrapper extends HttpServletRequestWrapper {
// 将body数据存储起来
String bodyStr = getBodyString(request);
body = bodyStr.getBytes(Charset.defaultCharset());
-// System.out.println(new String(body, Charset.defaultCharset()) + "+**+*+*+*++*+*+*+");
+ System.out.println(new String(body, Charset.defaultCharset()) + "+**+*+*+*++*+*+*+");
}
diff --git a/src/main/java/com/example/demo/domain/entity/Recharge.java b/src/main/java/com/example/demo/domain/entity/Recharge.java
index b4f65a4..bec91d4 100644
--- a/src/main/java/com/example/demo/domain/entity/Recharge.java
+++ b/src/main/java/com/example/demo/domain/entity/Recharge.java
@@ -33,5 +33,5 @@ public class Recharge {
private Date endDate;
private String orderCode;
private String token;
-
+private Integer rateId;
}
diff --git a/src/main/java/com/example/demo/security/SecurityConfig.java b/src/main/java/com/example/demo/security/SecurityConfig.java
index bc554fc..1cd770f 100644
--- a/src/main/java/com/example/demo/security/SecurityConfig.java
+++ b/src/main/java/com/example/demo/security/SecurityConfig.java
@@ -67,9 +67,8 @@ public class SecurityConfig {
).permitAll()
.anyRequest().authenticated() // 其它路径,必须要登录后才能访问
);
- // 配置Token过滤器, 将过滤器加入到执行链中
- http.addFilterBefore(tokenFilter, UsernamePasswordAuthenticationFilter.class);
-// http.addFilterBefore(uploadFilter, UsernamePasswordAuthenticationFilter.class);
+// http.addFilterBefore(uploadFilter, UsernamePasswordAuthenticationFilter.class); // 确保UploadFilter是第一个
+ http.addFilterBefore(tokenFilter, UsernamePasswordAuthenticationFilter.class); // 然后是TokenFilter
return http.build();
}
diff --git a/src/main/java/com/example/demo/security/TokenFilter.java b/src/main/java/com/example/demo/security/TokenFilter.java
index a84f61c..9bcd291 100644
--- a/src/main/java/com/example/demo/security/TokenFilter.java
+++ b/src/main/java/com/example/demo/security/TokenFilter.java
@@ -52,6 +52,72 @@
// filterChain.doFilter(request, response);
// }
//}
+//package com.example.demo.security;
+//
+//import com.example.demo.Util.JWTUtil;
+//import com.example.demo.Util.RequestWrapper;
+//import com.example.demo.Util.TokenPayload;
+//import com.example.demo.domain.entity.Admin;
+//import com.fasterxml.jackson.databind.ObjectMapper;
+//import jakarta.servlet.FilterChain;
+//import jakarta.servlet.ServletException;
+//import jakarta.servlet.http.HttpServletRequest;
+//import jakarta.servlet.http.HttpServletResponse;
+//import org.springframework.core.annotation.Order;
+//import org.springframework.security.access.prepost.PreFilter;
+//import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+//import org.springframework.security.core.context.SecurityContextHolder;
+//import org.springframework.security.core.userdetails.UserDetails;
+//import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+//import org.springframework.stereotype.Component;
+//import org.springframework.util.ObjectUtils;
+//import org.springframework.util.StringUtils;
+//import org.springframework.web.filter.OncePerRequestFilter;
+//import java.io.IOException;
+//import java.io.InputStream;
+//
+//
+//@Component
+//public class TokenFilter extends OncePerRequestFilter {
+//
+// @Override
+// protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+// throws ServletException, IOException {
+// // 使用RequestWrapper包装原始的HttpServletRequest,使其输入流可以被重复读取
+// RequestWrapper requestWrapper = new RequestWrapper(request);
+// // 确保请求体只被读取一次
+// boolean hasRequestBody = "POST".equals(requestWrapper.getMethod());
+// System.out.println("/*-/*-/*"+requestWrapper.getBodyString());
+// if (hasRequestBody) {
+// // 获取输入流
+// InputStream inputStream = requestWrapper.getInputStream();
+// // 使用Jackson ObjectMapper解析JSON
+// ObjectMapper objectMapper = new ObjectMapper();
+// TokenPayload tokenPayload = objectMapper.readValue(inputStream, TokenPayload.class);
+//
+// // 检查tokenPayload中是否存在token属性,并且这个属性不为空
+// String token = tokenPayload.getToken();
+// if (StringUtils.hasText(token)) {
+// try {
+// UserDetails userDetails = JWTUtil.getUserDetailsList(token, Admin.class);
+// if (!ObjectUtils.isEmpty(userDetails)) {
+// // 将这个用户注册到Security中
+// UsernamePasswordAuthenticationToken authenticationToken
+// = new UsernamePasswordAuthenticationToken(
+// userDetails, null,
+// userDetails.getAuthorities());
+// authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(requestWrapper));
+// SecurityContextHolder.getContext().setAuthentication(authenticationToken);
+// }
+// } catch (Exception e) {
+// e.printStackTrace();
+// // Token无效,可以在这里添加相应的处理逻辑,例如返回401状态码等
+// }
+// }
+// }
+// filterChain.doFilter(requestWrapper, response); // 注意这里使用requestWrapper
+// }
+//}
package com.example.demo.security;
import com.example.demo.Util.JWTUtil;
@@ -63,7 +129,7 @@ import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
-import org.springframework.security.access.prepost.PreFilter;
+import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
@@ -75,48 +141,54 @@ import org.springframework.web.filter.OncePerRequestFilter;
import java.io.IOException;
import java.io.InputStream;
-
@Component
public class TokenFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
- // 使用RequestWrapper包装原始的HttpServletRequest,使其输入流可以被重复读取
- RequestWrapper requestWrapper = new RequestWrapper(request);
- // 确保请求体只被读取一次
- boolean hasRequestBody = "POST".equals(requestWrapper.getMethod());
- System.out.println(hasRequestBody);
- if (hasRequestBody) {
- // 获取输入流
- InputStream inputStream = requestWrapper.getInputStream();
- // 使用Jackson ObjectMapper解析JSON
- ObjectMapper objectMapper = new ObjectMapper();
- TokenPayload tokenPayload = objectMapper.readValue(inputStream, TokenPayload.class);
- System.out.println(tokenPayload + "/*/*/*/*/*/*/*");
- // 检查tokenPayload中是否存在token属性,并且这个属性不为空
- String token = tokenPayload.getToken();
- System.out.println(token + "*-*-*-*-*-*-*");
- if (StringUtils.hasText(token)) {
- try {
- System.out.println(token + "*-*-*-*-*-*-*");
- UserDetails userDetails = JWTUtil.getUserDetailsList(token, Admin.class);
- if (!ObjectUtils.isEmpty(userDetails)) {
- // 将这个用户注册到Security中
- UsernamePasswordAuthenticationToken authenticationToken
- = new UsernamePasswordAuthenticationToken(
- userDetails, null,
- userDetails.getAuthorities());
- authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(requestWrapper));
- SecurityContextHolder.getContext().setAuthentication(authenticationToken);
+ // 检查是否是上传请求
+ boolean isUploadRequest = request.getRequestURI().startsWith("/upload");
+ System.out.println(request.getRequestURI());
+ System.out.println(isUploadRequest);
+ if (isUploadRequest) {
+ // 如果是上传请求,直接将请求传递给下一个过滤器或目标资源
+ filterChain.doFilter(request, response);
+ return;
+ } else {
+ // 使用RequestWrapper包装原始的HttpServletRequest,使其输入流可以被重复读取
+ RequestWrapper requestWrapper = new RequestWrapper(request);
+ // 确保请求体只被读取一次
+ boolean hasRequestBody = "POST".equals(requestWrapper.getMethod());
+ if (hasRequestBody) {
+ // 获取输入流
+ InputStream inputStream = requestWrapper.getInputStream();
+ // 使用Jackson ObjectMapper解析JSON
+ ObjectMapper objectMapper = new ObjectMapper();
+ TokenPayload tokenPayload = objectMapper.readValue(inputStream, TokenPayload.class);
+
+ // 检查tokenPayload中是否存在token属性,并且这个属性不为空
+ String token = tokenPayload.getToken();
+ if (StringUtils.hasText(token)) {
+ try {
+ UserDetails userDetails = JWTUtil.getUserDetailsList(token, Admin.class);
+ if (!ObjectUtils.isEmpty(userDetails)) {
+ // 将这个用户注册到Security中
+ UsernamePasswordAuthenticationToken authenticationToken
+ = new UsernamePasswordAuthenticationToken(
+ userDetails, null,
+ userDetails.getAuthorities());
+ authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(requestWrapper));
+ SecurityContextHolder.getContext().setAuthentication(authenticationToken);
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ // Token无效,可以在这里添加相应的处理逻辑,例如返回401状态码等
}
- } catch (Exception e) {
- e.printStackTrace();
- // Token无效,可以在这里添加相应的处理逻辑,例如返回401状态码等
}
}
- System.out.println(token + "*-*-*-*-*-*");
+ // 非上传请求,继续执行过滤器链
+ filterChain.doFilter(requestWrapper, response);
}
- filterChain.doFilter(requestWrapper, response); // 注意这里使用requestWrapper
}
-}
+}
\ No newline at end of file
diff --git a/src/main/java/com/example/demo/security/UploadFilter.java b/src/main/java/com/example/demo/security/UploadFilter.java
index a529cd0..f607fa6 100644
--- a/src/main/java/com/example/demo/security/UploadFilter.java
+++ b/src/main/java/com/example/demo/security/UploadFilter.java
@@ -4,21 +4,34 @@
//import jakarta.servlet.ServletException;
//import jakarta.servlet.http.HttpServletRequest;
//import jakarta.servlet.http.HttpServletResponse;
+//import org.springframework.core.annotation.Order;
+//import org.springframework.stereotype.Component;
//import org.springframework.web.filter.OncePerRequestFilter;
+//import org.springframework.web.multipart.MultipartResolver;
//
//import java.io.IOException;
//
+//
+//@Component
//public class UploadFilter extends OncePerRequestFilter {
//
+// private final MultipartResolver multipartResolver;
+//
+// public UploadFilter(MultipartResolver multipartResolver) {
+// this.multipartResolver = multipartResolver;
+// }
+//
// @Override
// protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
// throws ServletException, IOException {
//
// // 检查请求是否为上传请求,这里假设上传请求的路径以 "/upload" 开头
// boolean isUploadRequest = request.getRequestURI().startsWith("/upload");
-//
-// if (isUploadRequest) {
-// // 如果是上传请求,直接将请求传递给下一个过滤器或目标资源
+// System.out.println(isUploadRequest);
+// System.out.println("MultipartResolver: " + multipartResolver);
+// if (isUploadRequest ) {
+// System.out.println("执行upload-------------------------------");
+// // 如果是上传请求且Content-Type为multipart/form-data,直接将请求传递给下一个过滤器或目标资源
// filterChain.doFilter(request, response);
// } else {
// // 如果不是上传请求,执行一些自定义逻辑
@@ -28,6 +41,4 @@
// filterChain.doFilter(request, response);
// }
// }
-//
-//
//}
\ No newline at end of file