diff --git a/src/main/java/cn/teammodel/security/filter/ApiAuthTokenFilter.java b/src/main/java/cn/teammodel/security/filter/ApiAuthTokenFilter.java index 41b27e0..d8025e3 100644 --- a/src/main/java/cn/teammodel/security/filter/ApiAuthTokenFilter.java +++ b/src/main/java/cn/teammodel/security/filter/ApiAuthTokenFilter.java @@ -1,6 +1,7 @@ package cn.teammodel.security.filter; import cn.teammodel.model.entity.TmdUserDetail; +import cn.teammodel.model.entity.User; import cn.teammodel.security.utils.JwtTokenUtil; import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.StringUtils; @@ -15,6 +16,9 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; /** * 对外的 AI chat 接口的认证过滤器 @@ -25,6 +29,7 @@ import java.io.IOException; public class ApiAuthTokenFilter extends OncePerRequestFilter { JwtTokenUtil jwtTokenUtil = new JwtTokenUtil(); + private List whiteList = new ArrayList<>(Arrays.asList("1530782422","1531391504","1529649295","1531030192","1533091862","1565140494","1530852951","1532621201","1532605781","1563262699","1530782422","1530670067","1566799279","1536118303","1578275404","6711941735","1528783259")); @Override protected void doFilterInternal(HttpServletRequest request, @NotNull HttpServletResponse response, @NotNull FilterChain filterChain) throws ServletException, IOException { @@ -43,6 +48,14 @@ public class ApiAuthTokenFilter extends OncePerRequestFilter { filterChain.doFilter(request, response); return; } + User user = validUserDetail1.getUser(); + if (!whiteList.contains(user.getId()) && !"IES".equals(user.getWebsite())) + { + SecurityContextHolder.clearContext(); // 验证失败不应该在此处抛出异常,应该维护好 context 的值,以便整个过滤器链正常运行 + filterChain.doFilter(request, response); + return; + } + // 组装 authToken 的 jwt 进 authentication UsernamePasswordAuthenticationToken finalAuthentication = new UsernamePasswordAuthenticationToken(validUserDetail1, null, null); context.setAuthentication(finalAuthentication); diff --git a/src/main/java/cn/teammodel/security/filter/AuthInnerTokenFilter.java b/src/main/java/cn/teammodel/security/filter/AuthInnerTokenFilter.java index 0fcc04e..f4f15cc 100644 --- a/src/main/java/cn/teammodel/security/filter/AuthInnerTokenFilter.java +++ b/src/main/java/cn/teammodel/security/filter/AuthInnerTokenFilter.java @@ -1,7 +1,9 @@ package cn.teammodel.security.filter; import cn.teammodel.model.entity.TmdUserDetail; +import cn.teammodel.model.entity.User; import cn.teammodel.security.utils.JwtTokenUtil; +import io.jsonwebtoken.Claims; import lombok.extern.slf4j.Slf4j; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; @@ -15,7 +17,10 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; +import java.util.ArrayList; +import java.util.Arrays; import java.util.Collection; +import java.util.List; /** * x-auth-authToken filter @@ -26,6 +31,7 @@ import java.util.Collection; public class AuthInnerTokenFilter extends OncePerRequestFilter { JwtTokenUtil jwtTokenUtil = new JwtTokenUtil(); + private List whiteList = new ArrayList<>(Arrays.asList("1530782422","1531391504","1529649295","1531030192","1533091862","1565140494","1532621201","1532605781","1563262699","1530782422","1530670067","1578275404","6711941735","1528783259")); @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { SecurityContext context = SecurityContextHolder.getContext(); @@ -39,6 +45,20 @@ public class AuthInnerTokenFilter extends OncePerRequestFilter { filterChain.doFilter(request, response); return; } + User user = tmdUserDetail.getUser(); + if (!whiteList.contains(user.getId()) && !"IES".equals(user.getWebsite())) + { + SecurityContextHolder.clearContext(); // 验证失败不应该在此处抛出异常,应该维护好 context 的值,以便整个过滤器链正常运行 + filterChain.doFilter(request, response); + return; + } + /*if (!"GP".equals(user.getWebsite()) && !"IES".equals(user.getWebsite())) + { + SecurityContextHolder.clearContext(); // 验证失败不应该在此处抛出异常,应该维护好 context 的值,以便整个过滤器链正常运行 + filterChain.doFilter(request, response); + return; + }*/ + // 组装 authToken 的 jwt 进 authentication Collection authorities = authentication.getAuthorities(); UsernamePasswordAuthenticationToken finalAuthentication = new UsernamePasswordAuthenticationToken(tmdUserDetail, null, authorities);