fix:添加白名单

2025-12-05 15:44:24 +08:00
parent 412fe873bc
commit 79b4d0cf09
7 changed files with 63 additions and 8 deletions
--- a/capability/src/main/java/com/sdm/capability/filter/AuthFilter.java
+++ b/capability/src/main/java/com/sdm/capability/filter/AuthFilter.java
@@ -2,22 +2,31 @@ package com.sdm.capability.filter;

 import com.sdm.common.common.ThreadLocalContext;
 //import com.sdm.ability.service.UserService;
+import com.sdm.common.config.WhitelistProperties;
 import jakarta.servlet.*;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.util.AntPathMatcher;

 import java.io.IOException;
+import java.util.List;

@Slf4j
 public class AuthFilter implements Filter {
-//    @Resource
-//    private UserService userService;
+    @Autowired
+    private WhitelistProperties whitelistProperties;
+
+    private List<String> excludedPaths;
+    private final AntPathMatcher pathMatcher = new AntPathMatcher();

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        Filter.super.init(filterConfig);
+        // 从初始化参数中读取白名单
+        excludedPaths = whitelistProperties.getPaths();
        log.info("----------- AuthFilter init ----------");
    }

@@ -25,6 +34,14 @@ public class AuthFilter implements Filter {
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (servletRequest instanceof HttpServletRequest) {
            HttpServletRequest req = (HttpServletRequest) servletRequest;
+            String path = req.getRequestURI().substring(req.getContextPath().length());
+            // 检查当前请求是否在白名单中
+            for (String excludedPath : excludedPaths) {
+                if (pathMatcher.match(excludedPath, path)) {
+                    filterChain.doFilter(servletRequest, servletResponse);
+                    return;
+                }
+            }
            if(!ThreadLocalContext.verifyRequest(req))
            {
                HttpServletResponse response = (HttpServletResponse) servletResponse;
--- a/capability/src/main/resources/application-dev.yml
+++ b/capability/src/main/resources/application-dev.yml
@@ -108,6 +108,7 @@ security:
  whitelist:
    paths:
      - /pbs/jobFileCallback
+      - /flow/approveHandleNotice

 #logging:
 #  config: ./config/logback.xml