From d6f61c9fccab33f4212a27733a41b3197111af53 Mon Sep 17 00:00:00 2001 From: huangweixiong Date: Thu, 2 Jun 2022 15:07:36 +0800 Subject: [PATCH] =?UTF-8?q?=E3=80=90=E5=8D=95=E7=82=B9=E7=99=BB=E5=BD=95?= =?UTF-8?q?=E3=80=91=E4=B8=B4=E6=97=B6=E5=A4=84=E7=90=86=E8=B7=A8=E5=9F=9F?= =?UTF-8?q?=E5=90=8D=E6=83=85=E5=86=B5=E4=B8=8B=E6=B2=A1=E6=9C=89session?= =?UTF-8?q?=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../modules/security/oauth2/Oauth2Filter.java | 22 ++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/renren-admin/src/main/java/io/renren/modules/security/oauth2/Oauth2Filter.java b/renren-admin/src/main/java/io/renren/modules/security/oauth2/Oauth2Filter.java index c86e340b..5dc5b4fe 100644 --- a/renren-admin/src/main/java/io/renren/modules/security/oauth2/Oauth2Filter.java +++ b/renren-admin/src/main/java/io/renren/modules/security/oauth2/Oauth2Filter.java @@ -14,6 +14,7 @@ import io.renren.modules.security.service.SysUserTokenService; import io.renren.modules.security.user.SecurityUser; import io.renren.modules.sys.dao.SysUserDao; import io.renren.modules.sys.entity.SysUserEntity; +import lombok.SneakyThrows; import org.apache.commons.lang3.StringUtils; import org.apache.http.HttpStatus; import org.apache.shiro.authc.AuthenticationException; @@ -67,8 +68,16 @@ public class Oauth2Filter extends AuthenticatingFilter { // return true; // } String currentToken = getRequestToken((HttpServletRequest) request); - if (StringUtils.isBlank(currentToken) || SecurityUser.getUser().getUsername() == null) + if (StringUtils.isBlank(currentToken)) return false; + else if (SecurityUser.getUser().getUsername() == null){ + //跨域名情况下使用,这种方法不大正经,再想想办法 + try { + return executeLogin(request, response); + } catch (Exception e) { + e.printStackTrace(); + } + } //亚威没有测试环境,不验证他了 // if (currentToken == null || !(new TicketManager().LoadTicket((HttpServletRequest) request))) @@ -156,7 +165,7 @@ public class Oauth2Filter extends AuthenticatingFilter { Result r = new Result().error(HttpStatus.SC_UNAUTHORIZED, msg); String json = new Gson().toJson(r); - response.getOutputStream().print(json); + response.getOutputStream().write(json.getBytes("utf-8")); } public boolean login(HttpServletRequest request, HttpServletResponse response) throws Exception { @@ -167,11 +176,14 @@ public class Oauth2Filter extends AuthenticatingFilter { * 获取请求的token */ private String getRequestToken(HttpServletRequest httpRequest) { - //从header中获取token - String token = httpRequest.getHeader(Constant.TOKEN_HEADER); + + + //优先从属性里面取,这里是后台最新的 + String token = (String) httpRequest.getAttribute(Constant.TOKEN_HEADER); if (StringUtils.isBlank(token)) { - token = (String) httpRequest.getAttribute(Constant.TOKEN_HEADER); + //从header中获取token + token = httpRequest.getHeader(Constant.TOKEN_HEADER); } //如果header中不存在token,则从参数中获取token