bug修复
This commit is contained in:
@@ -15,6 +15,7 @@ import org.springframework.security.config.annotation.web.configurers.AbstractHt
|
||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.core.annotation.Order;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||
import org.springframework.web.cors.CorsConfiguration;
|
||||
@@ -33,13 +34,15 @@ public class SecurityConfig {
|
||||
private final JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
|
||||
|
||||
@Bean
|
||||
@Order(1)
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.csrf(AbstractHttpConfigurer::disable)
|
||||
.csrf(csrf -> csrf.disable())
|
||||
.cors(cors -> cors.configurationSource(corsConfigurationSource()))
|
||||
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
||||
.exceptionHandling(ex -> ex.authenticationEntryPoint(jwtAuthenticationEntryPoint))
|
||||
.authorizeHttpRequests(auth -> auth
|
||||
.requestMatchers("/api/auth/**").permitAll()
|
||||
.requestMatchers("/api/public/**").permitAll()
|
||||
.requestMatchers("/api/oauth/**").permitAll()
|
||||
.requestMatchers("/swagger-ui/**", "/v3/api-docs/**").permitAll()
|
||||
@@ -47,6 +50,7 @@ public class SecurityConfig {
|
||||
.requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
|
||||
.requestMatchers("/api/admin/**").hasRole("ADMIN")
|
||||
.requestMatchers("/api/app/**").hasAnyRole("USER", "ADMIN")
|
||||
.requestMatchers("/api/article/**", "/api/comment/**", "/api/user/**").hasAnyRole("USER", "ADMIN")
|
||||
.anyRequest().permitAll()
|
||||
)
|
||||
.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
|
||||
|
||||
+10
-1
@@ -1,6 +1,7 @@
|
||||
package fun.nojava.framework.security;
|
||||
|
||||
import fun.nojava.common.constant.SecurityConstants;
|
||||
import fun.nojava.common.enums.UserType;
|
||||
import jakarta.servlet.FilterChain;
|
||||
import jakarta.servlet.ServletException;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
@@ -38,12 +39,13 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
|
||||
|
||||
Long userId = jwtTokenProvider.getUserIdFromToken(token);
|
||||
String role = jwtTokenProvider.getRoleFromToken(token);
|
||||
String roleName = normalizeRole(role);
|
||||
|
||||
UsernamePasswordAuthenticationToken authentication =
|
||||
new UsernamePasswordAuthenticationToken(
|
||||
userId,
|
||||
null,
|
||||
List.of(new SimpleGrantedAuthority("ROLE_" + role))
|
||||
List.of(new SimpleGrantedAuthority("ROLE_" + roleName))
|
||||
);
|
||||
|
||||
SecurityContextHolder.getContext().setAuthentication(authentication);
|
||||
@@ -59,4 +61,11 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
private String normalizeRole(String role) {
|
||||
if ("0".equals(role) || "1".equals(role)) {
|
||||
return UserType.fromCode(Integer.parseInt(role)).name();
|
||||
}
|
||||
return role;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
package fun.nojava.framework.security;
|
||||
|
||||
import fun.nojava.common.constant.SecurityConstants;
|
||||
import fun.nojava.common.enums.UserType;
|
||||
import fun.nojava.framework.config.JwtProperties;
|
||||
import io.jsonwebtoken.*;
|
||||
import io.jsonwebtoken.security.Keys;
|
||||
@@ -22,10 +23,11 @@ public class JwtTokenProvider {
|
||||
public String generateAccessToken(Long userId, Integer role) {
|
||||
Date now = new Date();
|
||||
Date expiryDate = new Date(now.getTime() + jwtProperties.getAccessTokenExpire() * 1000);
|
||||
String roleName = UserType.fromCode(role).name();
|
||||
|
||||
return Jwts.builder()
|
||||
.subject(String.valueOf(userId))
|
||||
.claim("role", String.valueOf(role))
|
||||
.claim("role", roleName)
|
||||
.issuedAt(now)
|
||||
.expiration(expiryDate)
|
||||
.signWith(jwtProperties.getSigningKey())
|
||||
|
||||
Reference in New Issue
Block a user