将 /api/common/version 开放
diff --git a/src/main/kotlin/com/supwisdom/dlpay/security.kt b/src/main/kotlin/com/supwisdom/dlpay/security.kt
index 5aad561..a2488e0 100644
--- a/src/main/kotlin/com/supwisdom/dlpay/security.kt
+++ b/src/main/kotlin/com/supwisdom/dlpay/security.kt
@@ -81,7 +81,7 @@
url = url.replace(context, "")
}
logger.info(url)
- if(!url.startsWith("/api/")&&!url.startsWith("/mobileapi/v1/")){
+ if (!url.startsWith("/api/") && !url.startsWith("/mobileapi/v1/")) {
filterChain.doFilter(request, response)
return
}
@@ -98,7 +98,7 @@
return
}
val claims = getUtil().verifyToken(jwt)
- if(url.equals("/mobileapi/v1/logout")){
+ if (url.equals("/mobileapi/v1/logout")) {
SecurityContextHolder.clearContext()
apiJwtRepository.deleteById(claims[ReservedClaimNames.JWT_ID].toString())
throw JoseException("JWT has not been register")
@@ -115,11 +115,11 @@
}
val tenantId = request.getHeader(Constants.HEADER_TETANTID)
if (tenantId == null) {
- response.status=HttpStatus.UNAUTHORIZED.value()
+ response.status = HttpStatus.UNAUTHORIZED.value()
return
}
if (claims[Constants.JWT_CLAIM_TENANTID] != tenantId) {
- response.status=HttpStatus.UNAUTHORIZED.value()
+ response.status = HttpStatus.UNAUTHORIZED.value()
return
}
val auth = UsernamePasswordAuthenticationToken(claims[Constants.JWT_CLAIM_UID], null,
@@ -132,12 +132,12 @@
// jwt 过期后返回 401
apiJwtRepository.deleteById(e.jwtContext.jwtClaims.jwtId)
}
- response.status=HttpStatus.UNAUTHORIZED.value()
+ response.status = HttpStatus.UNAUTHORIZED.value()
return
} catch (e: JoseException) {
SecurityContextHolder.clearContext()
// jwt 失效后返回 401
- response.status=HttpStatus.UNAUTHORIZED.value()
+ response.status = HttpStatus.UNAUTHORIZED.value()
response.contentType = "application/json;charset=UTF-8"
return
}
@@ -168,6 +168,7 @@
.authorizeRequests()
.antMatchers("/api/auth/**").permitAll()
.antMatchers("/api/notify/**").permitAll()
+ .antMatchers("/api/common/version").permitAll()
.antMatchers("/api/userinfor").hasAnyRole("ADMIN", "THIRD_ADMIN")
.antMatchers("/api/common/**").hasAnyRole("THIRD_COMMON", "THIRD_ADMIN")
.antMatchers("/api/consume/**").hasRole("THIRD_CONSUME")
@@ -184,6 +185,7 @@
return super.authenticationManagerBean()
}
}
+
@Configuration
@Order(2)
class MobileApiSecurityConfigurationAdapter : WebSecurityConfigurerAdapter() {
@@ -203,6 +205,7 @@
override fun configure(auth: AuthenticationManagerBuilder) {
auth.authenticationProvider(userProvider())
}
+
@Bean
fun userProvider(): DaoAuthenticationProvider {
return DaoAuthenticationProvider().apply {
@@ -288,7 +291,7 @@
http.apply(validateCodeSecurityConfig)
.and()
.authorizeRequests()
- .antMatchers("/login", "/login/form","/mobileapi/**").permitAll()
+ .antMatchers("/login", "/login/form", "/mobileapi/**").permitAll()
.antMatchers("/static/**").permitAll()
.antMatchers("/code/image").permitAll()
.antMatchers("/**").hasAnyRole("USER", "ADMIN")