From 493c02980b0cbfc7a288fc59d97af352134832d0 Mon Sep 17 00:00:00 2001
From: ZhengJie <201507802@qq.com>
Date: Wed, 6 May 2020 22:09:58 +0800
Subject: [PATCH] =?UTF-8?q?[=E4=BB=A3=E7=A0=81=E5=AE=8C=E5=96=84](v2.5):?=
 =?UTF-8?q?=20v2.5=20beta=20TokenFilter=20Token=20=E9=AA=8C=E8=AF=81?=
 =?UTF-8?q?=E9=80=BB=E8=BE=91=E4=BC=98=E5=8C=96?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

对于已放行的接口不去验证 Token

Closes #338

2.5 Beta 详情：https://www.ydyno.com/archives/1225.html
---
 .../security/security/TokenFilter.java        | 35 +++++++++----------
 1 file changed, 17 insertions(+), 18 deletions(-)

diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/security/security/TokenFilter.java b/eladmin-system/src/main/java/me/zhengjie/modules/security/security/TokenFilter.java
index 4acf8dc9..d24c3e12 100644
--- a/eladmin-system/src/main/java/me/zhengjie/modules/security/security/TokenFilter.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/security/security/TokenFilter.java
@@ -15,6 +15,7 @@
  */
 package me.zhengjie.modules.security.security;
 
+import cn.hutool.core.util.StrUtil;
 import io.jsonwebtoken.ExpiredJwtException;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
@@ -47,24 +48,22 @@ public class TokenFilter extends GenericFilterBean {
       throws IOException, ServletException {
       HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
       String token = resolveToken(httpServletRequest);
-      String requestRri = httpServletRequest.getRequestURI();
-      // 验证 token 是否存在
-      OnlineUserDto onlineUserDto = null;
-      SecurityProperties properties = SpringContextHolder.getBean(SecurityProperties.class);
-      try {
-         OnlineUserService onlineUserService = SpringContextHolder.getBean(OnlineUserService.class);
-         onlineUserDto = onlineUserService.getOne(properties.getOnlineKey() + token);
-      } catch (ExpiredJwtException e) {
-         log.error(e.getMessage());
-      }
-      if (onlineUserDto != null && StringUtils.hasText(token)) {
-         Authentication authentication = tokenProvider.getAuthentication(token);
-         SecurityContextHolder.getContext().setAuthentication(authentication);
-         // Token 续期
-         tokenProvider.checkRenewal(token);
-         log.debug("set Authentication to security context for '{}', uri: {}", authentication.getName(), requestRri);
-      } else {
-         log.debug("no valid JWT token found, uri: {}", requestRri);
+      // 对于 Token 为空的不需要去查 Redis
+      if(StrUtil.isNotBlank(token)){
+         OnlineUserDto onlineUserDto = null;
+         SecurityProperties properties = SpringContextHolder.getBean(SecurityProperties.class);
+         try {
+            OnlineUserService onlineUserService = SpringContextHolder.getBean(OnlineUserService.class);
+            onlineUserDto = onlineUserService.getOne(properties.getOnlineKey() + token);
+         } catch (ExpiredJwtException e) {
+            log.error(e.getMessage());
+         }
+         if (onlineUserDto != null && StringUtils.hasText(token)) {
+            Authentication authentication = tokenProvider.getAuthentication(token);
+            SecurityContextHolder.getContext().setAuthentication(authentication);
+            // Token 续期
+            tokenProvider.checkRenewal(token);
+         }
       }
       filterChain.doFilter(servletRequest, servletResponse);
    }