fix:网关鉴权逻辑修改

src/main/java/com/inspur/smsb/gateway/config/AnonymousPathProperties.java

@@ -4,6 +4,7 @@ import lombok.Setter;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.stereotype.Component;
+import org.springframework.util.AntPathMatcher;
 
 import java.util.List;
 
@@ -20,9 +21,20 @@ public class AnonymousPathProperties {
     @Setter
     private List<String> paths;
 
+    private final AntPathMatcher antPathMatcher = new AntPathMatcher();
+
     public String[] getPaths() {
-        paths.forEach(path -> log.info("anonymous path: {}", path));
         String[] pathArray = new String[paths.size()];
         return paths.toArray(pathArray);
     }
+
+    public boolean checkAnonymousPath(String path){
+        // 判断该路径是否在白名单里，如果是直接放行
+        for (String url : paths) {
+            if (antPathMatcher.match(url, path)) {
+                return true;
+            }
+        }
+        return false;
+    }
 }

src/main/java/com/inspur/smsb/gateway/filter/WebFluxUserRequestInfoFilter.java

@@ -1,13 +1,13 @@
 package com.inspur.smsb.gateway.filter;
 
 import com.alibaba.cola.dto.Response;
-import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONArray;
 import com.alibaba.fastjson.JSONObject;
-import com.fasterxml.jackson.core.JsonProcessingException;
 import com.alibaba.nacos.common.utils.MD5Utils;
+import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.google.common.base.Strings;
+import com.inspur.smsb.gateway.config.AnonymousPathProperties;
 import com.inspur.smsb.gateway.dto.KeycloakGroupsDto;
 import com.inspur.smsb.gateway.dto.KeycloakUserDto;
 import com.inspur.smsb.gateway.utils.HttpClientUtil;
@@ -33,7 +33,11 @@ import java.security.NoSuchAlgorithmException;
 import java.text.ParseException;
 import java.time.LocalDateTime;
 import java.time.format.DateTimeFormatter;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
 import java.util.stream.Collectors;
 
 /**
@@ -74,6 +78,9 @@ public class WebFluxUserRequestInfoFilter implements GlobalFilter {
     @Resource
     private ObjectMapper objectMapper;
 
+    @Resource
+    private AnonymousPathProperties anonymousPathProperties;
+
     private static final DateTimeFormatter TIME_FORMATTER = DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss");
 
     @Override
@@ -152,6 +159,13 @@ public class WebFluxUserRequestInfoFilter implements GlobalFilter {
             try {
                 String token = exchange.getRequest().getHeaders().getFirst("Authorization");
                 if (Strings.isNullOrEmpty(token)) {
+
+                    String pathUrl = String.valueOf(exchange.getRequest().getPath());
+                    // 如果匹配到完全放开的路径，则直接放行
+                    boolean anonymousPathCheck = this.anonymousPathProperties.checkAnonymousPath(pathUrl);
+                    if(anonymousPathCheck){
+                        return chain.filter(exchange);
+                    }
                     // 三级等保，若小程序请求不带token，则走该校验方法
                     if (isWxAppletRequest(exchange.getRequest()) && isEncryptedRequest(exchange.getRequest())) {
                         return chain.filter(exchange);