遗留问题，无法登录

src/main/java/io/qyi/e5/bean/core/WebExceptionAspect.java

@@ -4,6 +4,7 @@ import com.baomidou.mybatisplus.core.toolkit.StringUtils;
 import com.fasterxml.jackson.core.JsonGenerator;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import io.qyi.e5.util.ResultUtil;
+import lombok.extern.slf4j.Slf4j;
 import org.aspectj.lang.JoinPoint;
 import org.aspectj.lang.annotation.AfterThrowing;
 import org.aspectj.lang.annotation.Aspect;
@@ -26,6 +27,7 @@ import java.io.PrintWriter;
  **/
 @Aspect
 @Component
+@Slf4j
 public class WebExceptionAspect {
     private final Logger logger = LoggerFactory.getLogger(this.getClass());
 
@@ -58,6 +60,11 @@ public class WebExceptionAspect {
      * @param content 输出内容
      */
     public static void writeContent(Integer code, String content, long time) {
+        if (RequestContextHolder.getRequestAttributes()==null) {
+            log.error("writeContent 异常!");
+            return;
+        }
+
         HttpServletResponse response = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes())
                 .getResponse();
         response.setCharacterEncoding("UTF-8");

src/main/java/io/qyi/e5/config/security/SecurityConfig.java

@@ -1,11 +1,17 @@
 package io.qyi.e5.config.security;
 
 import io.qyi.e5.config.security.filter.LinkTokenAuthenticationFilter;
+import io.qyi.e5.config.security.filter.LoginAuthenticationFilter;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.ObjectPostProcessor;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
@@ -20,42 +26,59 @@ import org.springframework.security.web.authentication.UsernamePasswordAuthentic
  **/
 @Configuration
 @EnableWebSecurity //开启wen安全功能
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+@Slf4j
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
     @Autowired
     SecurityAuthenticationHandler securityAuthenticationHandler;
-
-
     @Autowired
-    UsernamePasswordAuthenticationConfig usernamePasswordAuthenticationConfig;
+    UsernamePasswordAuthenticationProvider usernamePasswordAuthenticationProvider;
-
     @Autowired
     UrlAccessDecisionManager myAccessDecisionManager;
-
     @Autowired
     UrlInvocationSecurityMetadataSourceService myInvocationSecurityMetadataSourceService;
 
+    @Value("${web.static.filtrate}")
+    String[] webFiltrate;
 
     @Override
     protected void configure(AuthenticationManagerBuilder auth) throws Exception {
         System.out.println("AuthenticationManagerBuilder auth");
     }
 
+    @Override
+    public void configure(WebSecurity web) throws Exception {
+//        super.configure(web);
+        /*放行静态资源*/
+        web.ignoring().antMatchers(webFiltrate);
+    }
+
     //  通过重载该方法，可配置如何通过拦截器保护请求。
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         System.out.println("HttpSecurity http");
+        /*自定义*/
+        http.csrf().disable();
+        LoginAuthenticationFilter authenticationFilter = new LoginAuthenticationFilter();
+
+        log.info("自定义用户认证处理逻辑");
+//        自定义用户认证处理逻辑时，需要指定AuthenticationManager，否则无法认证
+        authenticationFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
+
+//      指定自定义的认证成功和失败的处理器
+        authenticationFilter.setAuthenticationSuccessHandler(securityAuthenticationHandler);
+        authenticationFilter.setAuthenticationFailureHandler(securityAuthenticationHandler);
+
+//        把自定义的用户名密码认证过滤器和处理器添加到UsernamePasswordAuthenticationFilter过滤器之前
+        http.authenticationProvider(usernamePasswordAuthenticationProvider).addFilterBefore(authenticationFilter, UsernamePasswordAuthenticationFilter.class);
+        http.authorizeRequests().anyRequest().authenticated().withObjectPostProcessor(filterSecurityInterceptorObjectPostProcessor());
+        http.addFilterBefore(new LinkTokenAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
+
         /*关闭创建session*/
         http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
-//        http.authorizeRequests().antMatchers("/user/login", "/user/loginFrom", "/auth2/getGithubUrl").permitAll()// 指定相应的请求 不需要验证
-//                .accessDecisionManager(myAccessDecisionManager)
-        http.authorizeRequests().
-                anyRequest().authenticated().withObjectPostProcessor(filterSecurityInterceptorObjectPostProcessor());
-        http.addFilterBefore(new LinkTokenAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
-        /*自定义*/
-        http.csrf().disable().apply(usernamePasswordAuthenticationConfig);
-        //自定义过滤器
     }
+
     /**
      * 自定义 FilterSecurityInterceptor  ObjectPostProcessor 以替换默认配置达到动态权限的目的
      * @return ObjectPostProcessor

src/main/java/io/qyi/e5/config/security/UsernamePasswordAuthenticationConfig.java

@@ -1,51 +0,0 @@
-package io.qyi.e5.config.security;
-
-import io.qyi.e5.config.security.filter.LinkTokenAuthenticationFilter;
-import io.qyi.e5.config.security.filter.LoginAuthenticationFilter;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.annotation.Bean;
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.web.DefaultSecurityFilterChain;
-import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
-import org.springframework.stereotype.Component;
-
-/**
- * @program: e5
- * @description:
- * @author: 落叶随风
- * @create: 2020-02-28 16:24
- **/
-@Component
-public class UsernamePasswordAuthenticationConfig extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {
-    private final Logger logger = LoggerFactory.getLogger(this.getClass());
-    @Autowired
-    UsernamePasswordAuthenticationProvider usernamePasswordAuthenticationProvider;
-    @Autowired
-    SecurityAuthenticationHandler securityAuthenticationHandler;
-
-
-    @Override
-    public void configure(HttpSecurity http) throws Exception {
-        LoginAuthenticationFilter authenticationFilter = new LoginAuthenticationFilter();
-
-
-        logger.info("自定义用户认证处理逻辑");
-//        自定义用户认证处理逻辑时，需要指定AuthenticationManager，否则无法认证
-        authenticationFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
-
-//      指定自定义的认证成功和失败的处理器
-        authenticationFilter.setAuthenticationSuccessHandler(securityAuthenticationHandler);
-        authenticationFilter.setAuthenticationFailureHandler(securityAuthenticationHandler);
-//        把自定义的用户名密码认证过滤器和处理器添加到UsernamePasswordAuthenticationFilter过滤器之前
-        http.authenticationProvider(usernamePasswordAuthenticationProvider)
-                .addFilterBefore(authenticationFilter, UsernamePasswordAuthenticationFilter.class);
-
-
-    }
-
-}

src/main/java/io/qyi/e5/config/security/filter/LinkTokenAuthenticationFilter.java

@@ -52,7 +52,7 @@ public class LinkTokenAuthenticationFilter extends OncePerRequestFilter {
         log.info("--------------Token鉴权---------------");
         /*设置跨域*/
         HttpServletResponse response = httpServletResponse;
-        response.setHeader("Access-Control-Allow-Origin", "*");
+        response.setHeader("Access-Control-Allow-Origin", "e5.qyi.io");
         response.setHeader("Access-Control-Allow-Credentials", "true");
         response.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST");
         response.setHeader("Access-Control-Max-Age", "3600");

src/main/java/io/qyi/e5/config/security/filter/LoginAuthenticationFilter.java

@@ -1,6 +1,7 @@
 package io.qyi.e5.config.security.filter;
 
 import io.qyi.e5.config.security.UsernamePasswordAuthenticationToken;
+import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationServiceException;
@@ -23,6 +24,7 @@ import java.io.IOException;
  * @author: 落叶随风
  * @create: 2020-02-28 11:56
  **/
+@Slf4j
 public class LoginAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
     protected LoginAuthenticationFilter(String defaultFilterProcessesUrl) {
         super(defaultFilterProcessesUrl);
@@ -34,6 +36,7 @@ public class LoginAuthenticationFilter extends AbstractAuthenticationProcessingF
 
     public LoginAuthenticationFilter() {
         super(new AntPathRequestMatcher("/auth2/receive", "GET"));
+        log.info("注册 LoginAuthenticationFilter");
     }