From 26f490024ec53046312b541fcd6c7a73313ed1d5 Mon Sep 17 00:00:00 2001 From: Yang <17363321594@163.com> Date: Tue, 9 Dec 2025 20:33:44 +0800 Subject: [PATCH] =?UTF-8?q?=E5=8F=AF=E7=BB=95=E8=BF=87token=EF=BC=8CJwtAut?= =?UTF-8?q?henticationTokenFilter=E5=92=8CSecurityConfig=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../controller/system/NtzyFileController.java | 7 +++++-- .../src/main/resources/application-druid.yml | 4 ++++ .../com/ruoyi/common/annotation/NoToken.java | 17 +++++++++++++++++ .../ruoyi/framework/config/SecurityConfig.java | 1 + .../filter/JwtAuthenticationTokenFilter.java | 15 +++++++++++++++ 5 files changed, 42 insertions(+), 2 deletions(-) create mode 100644 ruoyi-common/src/main/java/com/ruoyi/common/annotation/NoToken.java diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/NtzyFileController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/NtzyFileController.java index e562572a..db3cfe63 100644 --- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/NtzyFileController.java +++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/NtzyFileController.java @@ -2,6 +2,8 @@ package com.ruoyi.web.controller.system; import java.util.List; import javax.servlet.http.HttpServletResponse; + +import com.ruoyi.common.annotation.NoToken; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.GetMapping; @@ -23,7 +25,7 @@ import com.ruoyi.common.core.page.TableDataInfo; /** * 录像拍照文件Controller - * + * * @author ruoyi * @date 2025-12-09 */ @@ -72,9 +74,10 @@ public class NtzyFileController extends BaseController /** * 新增录像拍照文件 */ +// @NoToken @PreAuthorize("@ss.hasPermi('system:file:add')") @Log(title = "录像拍照文件", businessType = BusinessType.INSERT) - @PostMapping + @PostMapping() public AjaxResult add(@RequestBody NtzyFile ntzyFile) { return toAjax(ntzyFileService.insertNtzyFile(ntzyFile)); diff --git a/ruoyi-admin/src/main/resources/application-druid.yml b/ruoyi-admin/src/main/resources/application-druid.yml index 2db86f17..fab840d6 100644 --- a/ruoyi-admin/src/main/resources/application-druid.yml +++ b/ruoyi-admin/src/main/resources/application-druid.yml @@ -9,6 +9,10 @@ spring: url: jdbc:mysql://192.168.1.48:3306/ntzy_camera_system?useUnicode=true&characterEncoding=utf8&zeroDateTimeBehavior=convertToNull&useSSL=true&serverTimezone=GMT%2B8 username: root password: 123456 + + + + # 从库数据源 slave: # 从数据源开关/默认关闭 diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/annotation/NoToken.java b/ruoyi-common/src/main/java/com/ruoyi/common/annotation/NoToken.java new file mode 100644 index 00000000..bb166d9a --- /dev/null +++ b/ruoyi-common/src/main/java/com/ruoyi/common/annotation/NoToken.java @@ -0,0 +1,17 @@ +package com.ruoyi.common.annotation; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +/** + * 自定义注解:标记该接口无需Token校验 + */ +// 注解仅作用于方法上 +@Target({ElementType.METHOD}) +// 运行时生效(才能在拦截器中反射获取) +@Retention(RetentionPolicy.RUNTIME) +public @interface NoToken { + // 注解无需属性,仅作为标记即可 +} \ No newline at end of file diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java index b04beffb..5d2d4238 100644 --- a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java +++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java @@ -112,6 +112,7 @@ public class SecurityConfig permitAllUrl.getUrls().forEach(url -> requests.antMatchers(url).permitAll()); // 对于登录login 注册register 验证码captchaImage 允许匿名访问 requests.antMatchers("/login", "/register", "/captchaImage").permitAll() +// .antMatchers("/system/file/**").permitAll() // 静态资源,可匿名访问 .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll() .antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll() diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/security/filter/JwtAuthenticationTokenFilter.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/security/filter/JwtAuthenticationTokenFilter.java index 75fd00d1..4da7e590 100644 --- a/ruoyi-framework/src/main/java/com/ruoyi/framework/security/filter/JwtAuthenticationTokenFilter.java +++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/security/filter/JwtAuthenticationTokenFilter.java @@ -10,6 +10,7 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; import org.springframework.stereotype.Component; +import org.springframework.util.AntPathMatcher; import org.springframework.web.filter.OncePerRequestFilter; import com.ruoyi.common.core.domain.model.LoginUser; import com.ruoyi.common.utils.SecurityUtils; @@ -27,10 +28,24 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter @Autowired private TokenService tokenService; +// private static final AntPathMatcher PATH_MATCHER = new AntPathMatcher(); + @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException { +// String[] excludePaths = { +// "/system/file/" +// }; +// String requestUri = request.getRequestURI(); +// // 匹配到放行路径则直接跳过Token校验 +// for (String path : excludePaths) { +// if (PATH_MATCHER.match(path, requestUri)) { +// chain.doFilter(request, response); +// return; +// } +// } + LoginUser loginUser = tokenService.getLoginUser(request); if (StringUtils.isNotNull(loginUser) && StringUtils.isNull(SecurityUtils.getAuthentication())) {