clunt
/
RuoYi-Cloud
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

在网关白名单中的接口方法,一旦被携带正确token访问时,可能涉及处理有访问权限时的逻辑,固携带token时,则不跳过不需要验证的路径。

This commit is contained in:
Yates 2022-06-29 14:03:35 +00:00 committed by Gitee
parent 1e16852a3c
commit 515fa1356c
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java
View File

@ -45,13 +45,14 @@ public class AuthFilter implements GlobalFilter, Ordered
ServerHttpRequest request = exchange.getRequest(); ServerHttpRequest request = exchange.getRequest();
ServerHttpRequest.Builder mutate = request.mutate(); ServerHttpRequest.Builder mutate = request.mutate();
String token = getToken(request);
String url = request.getURI().getPath(); String url = request.getURI().getPath();
// 跳过不需要验证的路径 // 跳过不需要验证的路径
if (StringUtils.matches(url, ignoreWhite.getWhites())) if (StringUtils.matches(url, ignoreWhite.getWhites()) && StringUtils.isEmpty(token))
{ {
return chain.filter(exchange); return chain.filter(exchange);
} }
String token = getToken(request);
if (StringUtils.isEmpty(token)) if (StringUtils.isEmpty(token))
{ {
return unauthorizedResponse(exchange, "令牌不能为空"); return unauthorizedResponse(exchange, "令牌不能为空");