|
|
@@ -153,11 +153,11 @@ public class WebFluxUserRequestInfoFilter implements GlobalFilter {
|
|
|
String token = exchange.getRequest().getHeaders().getFirst("Authorization");
|
|
|
if (Strings.isNullOrEmpty(token)) {
|
|
|
// 三级等保,若小程序请求不带token,则走该校验方法
|
|
|
- if (isWxAppletRequest(exchange.getRequest()) && !isEncryptedRequest(exchange.getRequest())) {
|
|
|
- exchange.getResponse().setStatusCode(HttpStatus.FORBIDDEN);
|
|
|
- return exchange.getResponse().setComplete();
|
|
|
+ if (isWxAppletRequest(exchange.getRequest()) && isEncryptedRequest(exchange.getRequest())) {
|
|
|
+ return chain.filter(exchange);
|
|
|
}
|
|
|
- return chain.filter(exchange);
|
|
|
+ exchange.getResponse().setStatusCode(HttpStatus.FORBIDDEN);
|
|
|
+ return exchange.getResponse().setComplete();
|
|
|
}
|
|
|
// 由于漏洞扫描发现退出登陆后,token在一定时间范围内还是有效,故此处做黑名单限制,
|
|
|
// 前端退出登陆时调用下/keycloak/userLogout接口,本接口仅做token存入黑名单操作,不涉及具体业务
|
lijiaqi