3 éve · f22b9df412
--- a/src/main/java/com/diagbot/config/AuthExceptionEntryPoint.java
+++ b/src/main/java/com/diagbot/config/AuthExceptionEntryPoint.java
@@ -1,9 +1,13 @@
 
				 package com.diagbot.config;
			
 
				 
			
 
				+import com.diagbot.facade.SysUserFacade;
			
 
				 import com.diagbot.util.StringUtil;
			
 
				 import com.fasterxml.jackson.databind.ObjectMapper;
			
 
				+import org.springframework.beans.factory.annotation.Autowired;
			
 
				 import org.springframework.security.core.AuthenticationException;
			
 
				 import org.springframework.security.web.AuthenticationEntryPoint;
			
 
				+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
			
 
				+import org.springframework.stereotype.Component;
			
 
				 
			
 
				 import javax.servlet.ServletException;
			
 
				 import javax.servlet.http.HttpServletRequest;
			
@@ -16,22 +20,32 @@ import java.util.Map;
 
				  * @Author songxl
			
 
				  * @Date 2021/11/30
			
 
				  */
			
 
				+@Component
			
 
				 public class AuthExceptionEntryPoint implements AuthenticationEntryPoint {
			
 
				-
			
 
				+    @Autowired
			
 
				+    private SysUserFacade userFacade;
			
 
				 
			
 
				     @Override
			
 
				     public void commence(HttpServletRequest request, HttpServletResponse response,
			
 
				                          AuthenticationException authException)
			
 
				             throws ServletException {
			
 
				         Map map = new HashMap();
			
 
				-        if (StringUtil.isNotEmpty(authException.getMessage())&&authException.getMessage().contains("Access token expired")) {
			
 
				+        if (StringUtil.isNotEmpty(authException.getMessage()) && authException.getMessage().contains("Access token expired")) {
			
 
				             map.put("code", "10020011");
			
 
				             map.put("msg", "登录超时。为确保您的账户安全，系统已自动退出，请重新登录。");
			
 
				             response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
			
 
				-        }else {
			
 
				+        } else {
			
 
				+            //登录前的获取登录页面的请求接口不知道什么原因会抛出未认证（Full authentication is required to access this resource）
			
 
				+            //如果抛出未认证在这个调用这个服务接口返回消息
			
 
				             response.setStatus(HttpServletResponse.SC_OK);
			
 
				-            map.put("code", "00000001");
			
 
				-            map.put("msg", authException.getMessage());
			
 
				+            if (matchers("/sys/user/getHospitalMark", request)) {
			
 
				+                map.put("code", "0");
			
 
				+                map.put("msg", "");
			
 
				+                map.put("data", userFacade.getHospitalMark());
			
 
				+            } else {
			
 
				+                map.put("code", "00000001");
			
 
				+                map.put("msg", authException.getMessage());
			
 
				+            }
			
 
				         }
			
 
				         response.setContentType("application/json");
			
 
				         try {
			
@@ -41,4 +55,13 @@ public class AuthExceptionEntryPoint implements AuthenticationEntryPoint {
 
				             throw new ServletException();
			
 
				         }
			
 
				     }
			
 
				+
			
 
				+
			
 
				+    private boolean matchers(String url, HttpServletRequest request) {
			
 
				+        AntPathRequestMatcher matcher = new AntPathRequestMatcher(url);
			
 
				+        if (matcher.matches(request)) {
			
 
				+            return true;
			
 
				+        }
			
 
				+        return false;
			
 
				+    }
			
 
				 }
			
--- a/src/main/java/com/diagbot/config/ResourceServerConfigurer.java
+++ b/src/main/java/com/diagbot/config/ResourceServerConfigurer.java
@@ -30,12 +30,14 @@ import java.io.IOException;
 
				 @ComponentScan({"com.diagbot.config"})
			
 
				 public class ResourceServerConfigurer extends ResourceServerConfigurerAdapter {
			
 
				     Logger log = LoggerFactory.getLogger(ResourceServerConfigurer.class);
			
 
				+    @Autowired
			
 
				+    private AuthExceptionEntryPoint authExceptionEntryPoint;
			
 
				 
			
 
				     @Override
			
 
				     public void configure(HttpSecurity http) throws Exception {
			
 
				         http.cors()
			
 
				                 .and()
			
 
				-                .exceptionHandling().authenticationEntryPoint(new AuthExceptionEntryPoint())
			
 
				+                .exceptionHandling().authenticationEntryPoint(authExceptionEntryPoint)
			
 
				                 .and()
			
 
				                 .csrf().disable()
			
 
				                 .authorizeRequests()
			
@@ -283,12 +285,14 @@ public class ResourceServerConfigurer extends ResourceServerConfigurerAdapter {
 
				                 .antMatchers("/**").authenticated();
			
 
				         //                .antMatchers("/**").permitAll();
			
 
				     }
			
 
				+
			
 
				     @Override
			
 
				     public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
			
 
				         log.info("Configuring ResourceServerSecurityConfigurer");
			
 
				         resources.resourceId("user-service").tokenStore(new JwtTokenStore(jwtTokenEnhancerClient()));
			
 
				-        resources.authenticationEntryPoint(new AuthExceptionEntryPoint());
			
 
				+        resources.authenticationEntryPoint(authExceptionEntryPoint);
			
 
				     }
			
 
				+
			
 
				     @Autowired
			
 
				     private CustomAccessTokenConverter customAccessTokenConverter;