鉴权写入前对权限的非空校验

2021-07-29 17:52:42 +08:00 · 2021-07-29 17:52:42 +08:00 · b804fa68cf
commit b804fa68cf
parent 363e7f40bf
1 changed files with 7 additions and 4 deletions
--- a/manager-api/src/main/java/cn/lili/security/ManagerAuthenticationFilter.java
+++ b/manager-api/src/main/java/cn/lili/security/ManagerAuthenticationFilter.java
@ -61,16 +61,19 @@ public class ManagerAuthenticationFilter extends BasicAuthenticationFilter {
        //获取用户信息，存入context
        UsernamePasswordAuthenticationToken authentication = getAuthentication(jwt, response);
        //自定义权限过滤
-        customAuthentication(request, response, authentication);
-        SecurityContextHolder.getContext().setAuthentication(authentication);
+        if (authentication != null) {
+            customAuthentication(request, response, authentication);
+            SecurityContextHolder.getContext().setAuthentication(authentication);
+        }
        chain.doFilter(request, response);
    }

    /**
     * 自定义权限过滤
     *
-     * @param request
-     * @param authentication
+     * @param request        请求
+     * @param response       响应
+     * @param authentication 用户信息
     */
    private void customAuthentication(HttpServletRequest request, HttpServletResponse response, UsernamePasswordAuthenticationToken authentication) throws NoPermissionException {
        AuthUser authUser = (AuthUser) authentication.getDetails();