将 /api/common/version 开放
diff --git a/src/main/kotlin/com/supwisdom/dlpay/security.kt b/src/main/kotlin/com/supwisdom/dlpay/security.kt
index dfe454a..ed682ed 100644
--- a/src/main/kotlin/com/supwisdom/dlpay/security.kt
+++ b/src/main/kotlin/com/supwisdom/dlpay/security.kt
@@ -86,7 +86,7 @@
url = url.replace(context, "")
}
logger.info(url)
- if(!url.startsWith("/api/")&&!url.startsWith("/mobileapi/v1/")){
+ if (!url.startsWith("/api/") && !url.startsWith("/mobileapi/v1/")) {
filterChain.doFilter(request, response)
return
}
@@ -103,7 +103,7 @@
return
}
val claims = getUtil().verifyToken(jwt)
- if(url.equals("/mobileapi/v1/logout")){
+ if (url.equals("/mobileapi/v1/logout")) {
SecurityContextHolder.clearContext()
apiJwtRepository.deleteById(claims[ReservedClaimNames.JWT_ID].toString())
throw JoseException("JWT has not been register")
@@ -120,11 +120,11 @@
}
val tenantId = request.getHeader(Constants.HEADER_TETANTID)
if (tenantId == null) {
- response.status=HttpStatus.UNAUTHORIZED.value()
+ response.status = HttpStatus.UNAUTHORIZED.value()
return
}
if (claims[Constants.JWT_CLAIM_TENANTID] != tenantId) {
- response.status=HttpStatus.UNAUTHORIZED.value()
+ response.status = HttpStatus.UNAUTHORIZED.value()
return
}
val auth = UsernamePasswordAuthenticationToken(claims[Constants.JWT_CLAIM_UID], null,
@@ -137,12 +137,12 @@
// jwt 过期后返回 401
apiJwtRepository.deleteById(e.jwtContext.jwtClaims.jwtId)
}
- response.status=HttpStatus.UNAUTHORIZED.value()
+ response.status = HttpStatus.UNAUTHORIZED.value()
return
} catch (e: JoseException) {
SecurityContextHolder.clearContext()
// jwt 失效后返回 401
- response.status=HttpStatus.UNAUTHORIZED.value()
+ response.status = HttpStatus.UNAUTHORIZED.value()
response.contentType = "application/json;charset=UTF-8"
return
} catch (e:Exception){
@@ -179,6 +179,7 @@
.authorizeRequests()
.antMatchers("/api/auth/**").permitAll()
.antMatchers("/api/notify/**").permitAll()
+ .antMatchers("/api/common/version").permitAll()
.antMatchers("/api/userinfor").hasAnyRole("ADMIN", "THIRD_ADMIN")
.antMatchers("/api/common/**").hasAnyRole("THIRD_COMMON", "THIRD_ADMIN")
.antMatchers("/api/consume/**").hasRole("THIRD_CONSUME")
@@ -195,6 +196,7 @@
return super.authenticationManagerBean()
}
}
+
@Configuration
@Order(2)
class MobileApiSecurityConfigurationAdapter : WebSecurityConfigurerAdapter() {
@@ -214,6 +216,7 @@
override fun configure(auth: AuthenticationManagerBuilder) {
auth.authenticationProvider(userProvider())
}
+
@Bean
fun userProvider(): DaoAuthenticationProvider {
return DaoAuthenticationProvider().apply {
@@ -312,7 +315,7 @@
http.apply(validateCodeSecurityConfig)
.and()
.authorizeRequests()
- .antMatchers("/login", "/login/form","/mobileapi/**").permitAll()
+ .antMatchers("/login", "/login/form", "/mobileapi/**").permitAll()
.antMatchers("/static/**").permitAll()
.antMatchers("/code/image").permitAll()
.antMatchers("/**").hasAnyRole("USER", "ADMIN")