Merge branch 'springboot3_sas' of https://github.com/jeecgboot/jeecg-boot into springboot3_sas

2024-07-03 12:23:13 +08:00 · 2024-07-03 12:23:13 +08:00 · 0c034031d1
parent 491a038b5a e93dcc1a7e
commit 0c034031d1
2 changed files with 37 additions and 5 deletions
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/JeecgRedisOAuth2AuthorizationService.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/JeecgRedisOAuth2AuthorizationService.java
@ -43,7 +43,7 @@ public class JeecgRedisOAuth2AuthorizationService implements OAuth2Authorization

 		if (isState(authorization)) {
 			String token = authorization.getAttribute("state");
-			redisTemplate.setValueSerializer(RedisSerializer.java());
+//			redisTemplate.setValueSerializer(RedisSerializer.java());
 			redisTemplate.opsForValue().set(buildKey(OAuth2ParameterNames.STATE, token), authorization, TIMEOUT,
 					TimeUnit.MINUTES);
 		}
@ -54,7 +54,7 @@ public class JeecgRedisOAuth2AuthorizationService implements OAuth2Authorization
 			OAuth2AuthorizationCode authorizationCodeToken = authorizationCode.getToken();
 			long between = ChronoUnit.MINUTES.between(authorizationCodeToken.getIssuedAt(),
 					authorizationCodeToken.getExpiresAt());
-			redisTemplate.setValueSerializer(RedisSerializer.java());
+//			redisTemplate.setValueSerializer(RedisSerializer.java());
 			redisTemplate.opsForValue().set(buildKey(OAuth2ParameterNames.CODE, authorizationCodeToken.getTokenValue()),
 					authorization, between, TimeUnit.MINUTES);
 		}
@ -62,7 +62,7 @@ public class JeecgRedisOAuth2AuthorizationService implements OAuth2Authorization
 		if (isRefreshToken(authorization)) {
 			OAuth2RefreshToken refreshToken = authorization.getRefreshToken().getToken();
 			long between = ChronoUnit.SECONDS.between(refreshToken.getIssuedAt(), refreshToken.getExpiresAt());
-			redisTemplate.setValueSerializer(RedisSerializer.java());
+//			redisTemplate.setValueSerializer(RedisSerializer.java());
 			redisTemplate.opsForValue().set(buildKey(OAuth2ParameterNames.REFRESH_TOKEN, refreshToken.getTokenValue()),
 					authorization, between, TimeUnit.SECONDS);
 		}
@ -70,7 +70,7 @@ public class JeecgRedisOAuth2AuthorizationService implements OAuth2Authorization
 		if (isAccessToken(authorization)) {
 			OAuth2AccessToken accessToken = authorization.getAccessToken().getToken();
 			long between = ChronoUnit.SECONDS.between(accessToken.getIssuedAt(), accessToken.getExpiresAt());
-			redisTemplate.setValueSerializer(RedisSerializer.java());
+//			redisTemplate.setValueSerializer(RedisSerializer.java());
 			redisTemplate.opsForValue().set(buildKey(OAuth2ParameterNames.ACCESS_TOKEN, accessToken.getTokenValue()),
 					authorization, between, TimeUnit.SECONDS);

@ -125,7 +125,7 @@ public class JeecgRedisOAuth2AuthorizationService implements OAuth2Authorization
 	public OAuth2Authorization findByToken(String token, @Nullable OAuth2TokenType tokenType) {
 		Assert.hasText(token, "token cannot be empty");
 		Assert.notNull(tokenType, "tokenType cannot be empty");
-		redisTemplate.setValueSerializer(RedisSerializer.java());
+//		redisTemplate.setValueSerializer(RedisSerializer.java());
 		return (OAuth2Authorization) redisTemplate.opsForValue().get(buildKey(tokenType.getValue(), token));
 	}

--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ignore/IgnoreAuthPostProcessor.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ignore/IgnoreAuthPostProcessor.java
@ -7,10 +7,15 @@ import org.springframework.aop.framework.Advised;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.ApplicationListener;
 import org.springframework.context.event.ContextRefreshedEvent;
+import org.springframework.security.web.DefaultSecurityFilterChain;
+import org.springframework.security.web.FilterChainProxy;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.stereotype.Component;
 import org.springframework.util.CollectionUtils;
 import org.springframework.web.bind.annotation.*;

+import java.lang.reflect.Field;
 import java.lang.reflect.Method;
 import java.util.*;

@ -45,6 +50,9 @@ public class IgnoreAuthPostProcessor implements ApplicationListener<ContextRefre
        log.info("Init Token ignoreAuthUrls Config [ 集合 ]  ：{}", ignoreAuthUrls);
        if (!CollectionUtils.isEmpty(ignoreAuthUrls)) {
            InMemoryIgnoreAuth.set(ignoreAuthUrls);
+
+            // 添加免登录url
+            addIgnoreUrl(ignoreAuthUrls);
        }

        // 计算方法的耗时
@ -110,4 +118,28 @@ public class IgnoreAuthPostProcessor implements ApplicationListener<ContextRefre
    private String prefix(String seg) {
        return seg.startsWith("/") ? seg : "/"+seg;
    }
+
+    private void addIgnoreUrl(List<String> urls){
+        FilterChainProxy obj = applicationContext.getBean(FilterChainProxy.class);
+        if (Objects.isNull(obj)) {
+            return;
+        }
+        List<SecurityFilterChain> filterChains = (List<SecurityFilterChain>) getProperty(obj,"filterChains");
+
+        if (!CollectionUtils.isEmpty(filterChains)) {
+            for (String url : urls) {
+                filterChains.add(0, new DefaultSecurityFilterChain(new AntPathRequestMatcher(url, null)));
+            }
+        }
+    }
+
+    private Object getProperty(Object obj, String fieldName) {
+        try {
+            Field field = obj.getClass().getDeclaredField(fieldName);
+            field.setAccessible(true);
+            return field.get(obj);
+        } catch (Exception e) {
+            return null;
+        }
+    }
 }