Separate front and admin login tokens
This commit is contained in:
@@ -111,7 +111,8 @@ public class SecurityConfig
|
||||
.authorizeHttpRequests((requests) -> {
|
||||
permitAllUrl.getUrls().forEach(url -> requests.antMatchers(url).permitAll());
|
||||
// 对于登录login 注册register 验证码captchaImage 允许匿名访问
|
||||
requests.antMatchers("/login", "/register", "/captchaImage").permitAll()
|
||||
requests.antMatchers("/login", "/register", "/captchaImage",
|
||||
"/front/auth/login", "/front/auth/register").permitAll()
|
||||
// 静态资源,可匿名访问
|
||||
.antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll()
|
||||
.antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll()
|
||||
|
||||
@@ -32,7 +32,9 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter
|
||||
throws ServletException, IOException
|
||||
{
|
||||
LoginUser loginUser = tokenService.getLoginUser(request);
|
||||
if (StringUtils.isNotNull(loginUser) && StringUtils.isNull(SecurityUtils.getAuthentication()))
|
||||
if (StringUtils.isNotNull(loginUser)
|
||||
&& isTokenAllowedForRequest(loginUser, request)
|
||||
&& StringUtils.isNull(SecurityUtils.getAuthentication()))
|
||||
{
|
||||
tokenService.verifyToken(loginUser);
|
||||
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(loginUser, null, loginUser.getAuthorities());
|
||||
@@ -41,4 +43,20 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter
|
||||
}
|
||||
chain.doFilter(request, response);
|
||||
}
|
||||
|
||||
private boolean isFrontRequest(HttpServletRequest request)
|
||||
{
|
||||
return request.getRequestURI() != null && request.getRequestURI().startsWith("/front/");
|
||||
}
|
||||
|
||||
private boolean isTokenAllowedForRequest(LoginUser loginUser, HttpServletRequest request)
|
||||
{
|
||||
String loginType = loginUser.getLoginType();
|
||||
boolean frontRequest = isFrontRequest(request);
|
||||
if (frontRequest)
|
||||
{
|
||||
return com.ruoyi.common.constant.Constants.LOGIN_TYPE_FRONT.equals(loginType);
|
||||
}
|
||||
return loginType == null || com.ruoyi.common.constant.Constants.LOGIN_TYPE_ADMIN.equals(loginType);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -95,6 +95,7 @@ public class SysLoginService
|
||||
}
|
||||
AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success")));
|
||||
LoginUser loginUser = (LoginUser) authentication.getPrincipal();
|
||||
loginUser.setLoginType(Constants.LOGIN_TYPE_ADMIN);
|
||||
recordLoginInfo(loginUser.getUserId());
|
||||
// 生成token
|
||||
return tokenService.createToken(loginUser);
|
||||
|
||||
Reference in New Issue
Block a user