SpringSecurity与Shiro框架整合的跨域配置问题

时间:2025-03-10 09:25:08
  • @Component
  • @Slf4j
  • @Scope("prototype")
  • public class OAuth2Filter extends AuthenticatingFilter {
  • @Autowired
  • private ThreadLocalToken localToken;
  • @Value("${-expire}")
  • private int cacheExpire;
  • @Autowired
  • private RedisTemplate redisTemplate;
  • @Autowired
  • private JwtUtil jwtUtil;
  • /**
  • * 返回封装好的token对象
  • * @param servletRequest
  • * @param servletResponse
  • * @return
  • * @throws Exception
  • */
  • @Override
  • protected AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
  • HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
  • String token = getRequestToken(httpServletRequest);
  • if((token)){
  • return null;
  • }
  • return new OAuth2Token(token);
  • }
  • /**
  • * 放行options请求
  • * @param request
  • * @param response
  • * @param mappedValue
  • * @return
  • */
  • @Override
  • protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
  • ("这是isAccessAllowed方法");
  • HttpServletRequest httpServletRequest = (HttpServletRequest) request;
  • if (().equals(RequestMethod.OPTIONS.name())){
  • ("这是isAccessAllowed方法中的true");
  • return true;
  • }
  • ("这是isAccessAllowed方法中的true");
  • return false;
  • }
  • @Override
  • protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
  • ("这是onAccessDenied方法");
  • HttpServletRequest httpServletRequest = (HttpServletRequest)servletRequest;
  • HttpServletResponse httpServletResponse = (HttpServletResponse)servletResponse;
  • ("text/html");
  • ("UTF-8");
  • ("Access-Control-Allow-Headers", "Accept,Origin,X-Requested-With,Content-Type,X-Auth-Token,token");
  • ("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, PATCH, DELETE, OPTIONS, TRACES");
  • // ("Access-Control-Max-Age", "3600");
  • ("Access-Control-Allow-Credentials", "true");
  • ("Access-Control-Allow-Origin", ("Origin"));
  • ();
  • String token = getRequestToken(httpServletRequest);
  • if((token)){
  • ("这是onAccessDenied方法-----token是空的");
  • (HttpStatus.SC_UNAUTHORIZED);
  • ().println("无效的令牌!");
  • return false;
  • }
  • try{
  • ("这是onAccessDenied方法-----检查token");
  • (token);
  • }catch (TokenExpiredException tokenExpiredException){
  • if((token)){
  • ("这是onAccessDenied方法-----token过期刷新");
  • redisTemplate.delete(token);
  • int userId = (token);
  • token = (userId);
  • ().set(token,userId+"",cacheExpire, );
  • (token);
  • }else{
  • (HttpStatus.SC_UNAUTHORIZED);
  • ().println("令牌已经过期!");
  • return false;
  • }
  • }catch (Exception exception){
  • (HttpStatus.SC_UNAUTHORIZED);
  • ().println("无效的令牌!");
  • return false;
  • }
  • boolean bool = executeLogin(servletRequest,servletResponse);
  • return bool;
  • }
  • @Override
  • protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) {
  • ("这是onLoginFailure方法");
  • HttpServletRequest httpServletRequest = (HttpServletRequest)request;
  • HttpServletResponse httpServletResponse = (HttpServletResponse)response;
  • ("text/html");
  • ("UTF-8");
  • ("Access-Control-Allow-Headers", "Accept,Origin,X-Requested-With,Content-Type,X-Auth-Token,token");
  • ("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, PATCH, DELETE, OPTIONS, TRACES");
  • // ("Access-Control-Max-Age", "3600");
  • ("Access-Control-Allow-Credentials", "true");
  • ("Access-Control-Allow-Origin", ("Origin"));
  • try{
  • ().print(());
  • }catch (IOException ioException){
  • }
  • return false;
  • }
  • private String getRequestToken(HttpServletRequest httpServletRequest){
  • String token = ("token");
  • ("Oauth2filter---getRequestToken---header "+token);
  • if((token)){
  • token = ("token");
  • ("Oauth2filter---getRequestToken---param "+token);
  • }
  • return token;
  • }
  • @Override
  • public void doFilterInternal(ServletRequest request, ServletResponse response, FilterChain chain) throws ServletException, IOException {
  • ("这是doFilterInternal方法");
  • HttpServletRequest httpServletRequest = (HttpServletRequest)request;
  • HttpServletResponse httpServletResponse = (HttpServletResponse)response;
  • ("text/html");
  • ("UTF-8");
  • ("Access-Control-Allow-Headers", "Accept,Origin,X-Requested-With,Content-Type,X-Auth-Token,token");
  • ("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, PATCH, DELETE, OPTIONS, TRACES");
  • // ("Access-Control-Max-Age", "3600");
  • ("Access-Control-Allow-Credentials", "true");
  • ("Access-Control-Allow-Origin", ("Origin"));
  • super.doFilterInternal(request, response, chain);
  • }
  • }

    • 相关文章