diff --git a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/SecurityProperties.java b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/SecurityProperties.java index 7454b5ff6..dfc1113f0 100644 --- a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/SecurityProperties.java +++ b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/SecurityProperties.java @@ -20,6 +20,8 @@ public class SecurityProperties { @NotEmpty(message = "Token Header 不能为空") private String tokenHeader = "Authorization"; + private String jmTokenHeader = "X-Access-Token"; + /** * mock 模式的开关 */ diff --git a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java index e87f5bc44..d6624a1de 100644 --- a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java +++ b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java @@ -21,6 +21,7 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; +import java.util.Optional; /** * Token 过滤器,验证 token 的有效性 @@ -62,6 +63,25 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter { return; } } + // 积木请求头 + String jmTokenHeader = request.getHeader(securityProperties.getJmTokenHeader()); + if (StrUtil.isNotEmpty(jmTokenHeader)) { + try { + OAuth2AccessTokenCheckRespDTO accessToken = oauth2TokenApi.checkAccessToken(jmTokenHeader); + Optional optUser = Optional.ofNullable(accessToken) + .map( + t -> new LoginUser().setId(t.getUserId()) + .setUserType(t.getUserType()) + .setTenantId(t.getTenantId()) + .setScopes(t.getScopes()) + ); + if (optUser.isPresent()) { + SecurityFrameworkUtils.setLoginUser(optUser.get(), request); + } + } catch (ServiceException ignored) { + // do nothing:如果报错,说明认证失败,忽略即可 + } + } // 继续过滤链 chain.doFilter(request, response); @@ -88,11 +108,11 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter { /** * 模拟登录用户,方便日常开发调试 - * + *

* 注意,在线上环境下,一定要关闭该功能!!! * - * @param request 请求 - * @param token 模拟的 token,格式为 {@link SecurityProperties#getMockSecret()} + 用户编号 + * @param request 请求 + * @param token 模拟的 token,格式为 {@link SecurityProperties#getMockSecret()} + 用户编号 * @param userType 用户类型 * @return 模拟的 LoginUser */