From 80bd996d759df035b2824eb1df21b93de39e30ae Mon Sep 17 00:00:00 2001 From: huangqizhen Date: Sun, 15 Dec 2024 17:25:14 +0800 Subject: [PATCH] =?UTF-8?q?=E5=90=8E=E7=AB=AF=E6=95=B4=E5=90=88=E6=A8=A1?= =?UTF-8?q?=E5=9D=97?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pom.xml | 1 + .../java/com/example/demo/Util/RequestWrapper.java | 2 +- .../com/example/demo/domain/entity/Recharge.java | 2 +- .../com/example/demo/security/SecurityConfig.java | 5 +- .../com/example/demo/security/TokenFilter.java | 142 ++++++++++++++++----- .../com/example/demo/security/UploadFilter.java | 21 ++- 6 files changed, 128 insertions(+), 45 deletions(-) diff --git a/pom.xml b/pom.xml index af6a606..4113a6d 100644 --- a/pom.xml +++ b/pom.xml @@ -44,6 +44,7 @@ org.springframework.boot spring-boot-starter-security + org.springframework.boot diff --git a/src/main/java/com/example/demo/Util/RequestWrapper.java b/src/main/java/com/example/demo/Util/RequestWrapper.java index 7baf95f..e9b1f63 100644 --- a/src/main/java/com/example/demo/Util/RequestWrapper.java +++ b/src/main/java/com/example/demo/Util/RequestWrapper.java @@ -26,7 +26,7 @@ public class RequestWrapper extends HttpServletRequestWrapper { // 将body数据存储起来 String bodyStr = getBodyString(request); body = bodyStr.getBytes(Charset.defaultCharset()); -// System.out.println(new String(body, Charset.defaultCharset()) + "+**+*+*+*++*+*+*+"); + System.out.println(new String(body, Charset.defaultCharset()) + "+**+*+*+*++*+*+*+"); } diff --git a/src/main/java/com/example/demo/domain/entity/Recharge.java b/src/main/java/com/example/demo/domain/entity/Recharge.java index b4f65a4..bec91d4 100644 --- a/src/main/java/com/example/demo/domain/entity/Recharge.java +++ b/src/main/java/com/example/demo/domain/entity/Recharge.java @@ -33,5 +33,5 @@ public class Recharge { private Date endDate; private String orderCode; private String token; - +private Integer rateId; } diff --git a/src/main/java/com/example/demo/security/SecurityConfig.java b/src/main/java/com/example/demo/security/SecurityConfig.java index bc554fc..1cd770f 100644 --- a/src/main/java/com/example/demo/security/SecurityConfig.java +++ b/src/main/java/com/example/demo/security/SecurityConfig.java @@ -67,9 +67,8 @@ public class SecurityConfig { ).permitAll() .anyRequest().authenticated() // 其它路径,必须要登录后才能访问 ); - // 配置Token过滤器, 将过滤器加入到执行链中 - http.addFilterBefore(tokenFilter, UsernamePasswordAuthenticationFilter.class); -// http.addFilterBefore(uploadFilter, UsernamePasswordAuthenticationFilter.class); +// http.addFilterBefore(uploadFilter, UsernamePasswordAuthenticationFilter.class); // 确保UploadFilter是第一个 + http.addFilterBefore(tokenFilter, UsernamePasswordAuthenticationFilter.class); // 然后是TokenFilter return http.build(); } diff --git a/src/main/java/com/example/demo/security/TokenFilter.java b/src/main/java/com/example/demo/security/TokenFilter.java index a84f61c..9bcd291 100644 --- a/src/main/java/com/example/demo/security/TokenFilter.java +++ b/src/main/java/com/example/demo/security/TokenFilter.java @@ -52,6 +52,72 @@ // filterChain.doFilter(request, response); // } //} +//package com.example.demo.security; +// +//import com.example.demo.Util.JWTUtil; +//import com.example.demo.Util.RequestWrapper; +//import com.example.demo.Util.TokenPayload; +//import com.example.demo.domain.entity.Admin; +//import com.fasterxml.jackson.databind.ObjectMapper; +//import jakarta.servlet.FilterChain; +//import jakarta.servlet.ServletException; +//import jakarta.servlet.http.HttpServletRequest; +//import jakarta.servlet.http.HttpServletResponse; +//import org.springframework.core.annotation.Order; +//import org.springframework.security.access.prepost.PreFilter; +//import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +//import org.springframework.security.core.context.SecurityContextHolder; +//import org.springframework.security.core.userdetails.UserDetails; +//import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; +//import org.springframework.stereotype.Component; +//import org.springframework.util.ObjectUtils; +//import org.springframework.util.StringUtils; +//import org.springframework.web.filter.OncePerRequestFilter; +//import java.io.IOException; +//import java.io.InputStream; +// +// +//@Component +//public class TokenFilter extends OncePerRequestFilter { +// +// @Override +// protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) +// throws ServletException, IOException { +// // 使用RequestWrapper包装原始的HttpServletRequest,使其输入流可以被重复读取 +// RequestWrapper requestWrapper = new RequestWrapper(request); +// // 确保请求体只被读取一次 +// boolean hasRequestBody = "POST".equals(requestWrapper.getMethod()); +// System.out.println("/*-/*-/*"+requestWrapper.getBodyString()); +// if (hasRequestBody) { +// // 获取输入流 +// InputStream inputStream = requestWrapper.getInputStream(); +// // 使用Jackson ObjectMapper解析JSON +// ObjectMapper objectMapper = new ObjectMapper(); +// TokenPayload tokenPayload = objectMapper.readValue(inputStream, TokenPayload.class); +// +// // 检查tokenPayload中是否存在token属性,并且这个属性不为空 +// String token = tokenPayload.getToken(); +// if (StringUtils.hasText(token)) { +// try { +// UserDetails userDetails = JWTUtil.getUserDetailsList(token, Admin.class); +// if (!ObjectUtils.isEmpty(userDetails)) { +// // 将这个用户注册到Security中 +// UsernamePasswordAuthenticationToken authenticationToken +// = new UsernamePasswordAuthenticationToken( +// userDetails, null, +// userDetails.getAuthorities()); +// authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(requestWrapper)); +// SecurityContextHolder.getContext().setAuthentication(authenticationToken); +// } +// } catch (Exception e) { +// e.printStackTrace(); +// // Token无效,可以在这里添加相应的处理逻辑,例如返回401状态码等 +// } +// } +// } +// filterChain.doFilter(requestWrapper, response); // 注意这里使用requestWrapper +// } +//} package com.example.demo.security; import com.example.demo.Util.JWTUtil; @@ -63,7 +129,7 @@ import jakarta.servlet.FilterChain; import jakarta.servlet.ServletException; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; -import org.springframework.security.access.prepost.PreFilter; +import org.springframework.core.annotation.Order; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.UserDetails; @@ -75,48 +141,54 @@ import org.springframework.web.filter.OncePerRequestFilter; import java.io.IOException; import java.io.InputStream; - @Component public class TokenFilter extends OncePerRequestFilter { @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { - // 使用RequestWrapper包装原始的HttpServletRequest,使其输入流可以被重复读取 - RequestWrapper requestWrapper = new RequestWrapper(request); - // 确保请求体只被读取一次 - boolean hasRequestBody = "POST".equals(requestWrapper.getMethod()); - System.out.println(hasRequestBody); - if (hasRequestBody) { - // 获取输入流 - InputStream inputStream = requestWrapper.getInputStream(); - // 使用Jackson ObjectMapper解析JSON - ObjectMapper objectMapper = new ObjectMapper(); - TokenPayload tokenPayload = objectMapper.readValue(inputStream, TokenPayload.class); - System.out.println(tokenPayload + "/*/*/*/*/*/*/*"); - // 检查tokenPayload中是否存在token属性,并且这个属性不为空 - String token = tokenPayload.getToken(); - System.out.println(token + "*-*-*-*-*-*-*"); - if (StringUtils.hasText(token)) { - try { - System.out.println(token + "*-*-*-*-*-*-*"); - UserDetails userDetails = JWTUtil.getUserDetailsList(token, Admin.class); - if (!ObjectUtils.isEmpty(userDetails)) { - // 将这个用户注册到Security中 - UsernamePasswordAuthenticationToken authenticationToken - = new UsernamePasswordAuthenticationToken( - userDetails, null, - userDetails.getAuthorities()); - authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(requestWrapper)); - SecurityContextHolder.getContext().setAuthentication(authenticationToken); + // 检查是否是上传请求 + boolean isUploadRequest = request.getRequestURI().startsWith("/upload"); + System.out.println(request.getRequestURI()); + System.out.println(isUploadRequest); + if (isUploadRequest) { + // 如果是上传请求,直接将请求传递给下一个过滤器或目标资源 + filterChain.doFilter(request, response); + return; + } else { + // 使用RequestWrapper包装原始的HttpServletRequest,使其输入流可以被重复读取 + RequestWrapper requestWrapper = new RequestWrapper(request); + // 确保请求体只被读取一次 + boolean hasRequestBody = "POST".equals(requestWrapper.getMethod()); + if (hasRequestBody) { + // 获取输入流 + InputStream inputStream = requestWrapper.getInputStream(); + // 使用Jackson ObjectMapper解析JSON + ObjectMapper objectMapper = new ObjectMapper(); + TokenPayload tokenPayload = objectMapper.readValue(inputStream, TokenPayload.class); + + // 检查tokenPayload中是否存在token属性,并且这个属性不为空 + String token = tokenPayload.getToken(); + if (StringUtils.hasText(token)) { + try { + UserDetails userDetails = JWTUtil.getUserDetailsList(token, Admin.class); + if (!ObjectUtils.isEmpty(userDetails)) { + // 将这个用户注册到Security中 + UsernamePasswordAuthenticationToken authenticationToken + = new UsernamePasswordAuthenticationToken( + userDetails, null, + userDetails.getAuthorities()); + authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(requestWrapper)); + SecurityContextHolder.getContext().setAuthentication(authenticationToken); + } + } catch (Exception e) { + e.printStackTrace(); + // Token无效,可以在这里添加相应的处理逻辑,例如返回401状态码等 } - } catch (Exception e) { - e.printStackTrace(); - // Token无效,可以在这里添加相应的处理逻辑,例如返回401状态码等 } } - System.out.println(token + "*-*-*-*-*-*"); + // 非上传请求,继续执行过滤器链 + filterChain.doFilter(requestWrapper, response); } - filterChain.doFilter(requestWrapper, response); // 注意这里使用requestWrapper } -} +} \ No newline at end of file diff --git a/src/main/java/com/example/demo/security/UploadFilter.java b/src/main/java/com/example/demo/security/UploadFilter.java index a529cd0..f607fa6 100644 --- a/src/main/java/com/example/demo/security/UploadFilter.java +++ b/src/main/java/com/example/demo/security/UploadFilter.java @@ -4,21 +4,34 @@ //import jakarta.servlet.ServletException; //import jakarta.servlet.http.HttpServletRequest; //import jakarta.servlet.http.HttpServletResponse; +//import org.springframework.core.annotation.Order; +//import org.springframework.stereotype.Component; //import org.springframework.web.filter.OncePerRequestFilter; +//import org.springframework.web.multipart.MultipartResolver; // //import java.io.IOException; // +// +//@Component //public class UploadFilter extends OncePerRequestFilter { // +// private final MultipartResolver multipartResolver; +// +// public UploadFilter(MultipartResolver multipartResolver) { +// this.multipartResolver = multipartResolver; +// } +// // @Override // protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) // throws ServletException, IOException { // // // 检查请求是否为上传请求,这里假设上传请求的路径以 "/upload" 开头 // boolean isUploadRequest = request.getRequestURI().startsWith("/upload"); -// -// if (isUploadRequest) { -// // 如果是上传请求,直接将请求传递给下一个过滤器或目标资源 +// System.out.println(isUploadRequest); +// System.out.println("MultipartResolver: " + multipartResolver); +// if (isUploadRequest ) { +// System.out.println("执行upload-------------------------------"); +// // 如果是上传请求且Content-Type为multipart/form-data,直接将请求传递给下一个过滤器或目标资源 // filterChain.doFilter(request, response); // } else { // // 如果不是上传请求,执行一些自定义逻辑 @@ -28,6 +41,4 @@ // filterChain.doFilter(request, response); // } // } -// -// //} \ No newline at end of file