Merge branch 'for-yx' of http://120.77.240.215:9701/tianlai3/ioc_sixiang_license into for-yx

license/src/main/java/iot/sixiang/license/jwt/JwtFilter.java

@@ -4,6 +4,7 @@ import com.auth0.jwt.interfaces.Claim;
 import com.auth0.jwt.interfaces.DecodedJWT;
 import iot.sixiang.license.xss.XssUtil;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.util.StringUtils;
 
 import javax.servlet.*;
@@ -34,9 +35,9 @@ public class JwtFilter implements Filter {
     public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
         final HttpServletRequest request = (HttpServletRequest) servletRequest;
         final HttpServletResponse response = (HttpServletResponse) servletResponse;
-        response.setHeader("Set-Cookie","cookiename=cookievalue; path=/; Domain=domainvaule; Max-age=seconds; HttpOnly");
+        response.setHeader("Set-Cookie", "cookiename=cookievalue; path=/; Domain=domainvaule; Max-age=seconds; HttpOnly");
         response.setContentType("text/html; charset=utf-8");
-        if ("OPTIONS".equals(request.getMethod()) || "HEAD".equals(request.getMethod())) {
+        if (!"GET".equals(request.getMethod()) && !"POST".equals(request.getMethod())) {
             response.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
             ServletOutputStream outputStream = response.getOutputStream();
             outputStream.write(new String("不安全的请求".getBytes(), StandardCharsets.UTF_8).getBytes());
@@ -48,7 +49,7 @@ public class JwtFilter implements Filter {
         boolean check = true;
         String uri = request.getRequestURI();
 
-        if (uri.contains(url1)|| uri.contains(url2) || uri.contains(url3) || uri.contains(url4) || uri.contains(url7) || uri.contains(url8)) {
+        if (uri.contains(url1) || uri.contains(url2) || uri.contains(url3) || uri.contains(url4) || uri.contains(url7) || uri.contains(url8)) {
             if (uri.contains(url1)) {
                 uri = XssUtil.checkXSS(uri);
                 UserUtils.setUri(uri);
@@ -61,18 +62,18 @@ public class JwtFilter implements Filter {
         }
 
         if (StringUtils.isEmpty(token)) {
-            request.setAttribute("msg","认证信息不能为空");
-            request.getRequestDispatcher("/fail").forward(request, response);
+            request.setAttribute("msg", "认证信息不能为空");
+            request.getRequestDispatcher("/iot_license/fail").forward(request, response);
         } else {
             DecodedJWT jwt = JwtUtil.verifyToken(token);
             if (jwt == null) {
-                request.setAttribute("msg","认证信息非法");
-                request.getRequestDispatcher("/fail").forward(request, response);
+                request.setAttribute("msg", "认证信息非法");
+                request.getRequestDispatcher("/iot_license/fail").forward(request, response);
             } else {
                 Map<String, Claim> userData = jwt.getClaims();
                 if (userData == null) {
-                    request.setAttribute("msg","认证信息非法");
-                    request.getRequestDispatcher("/fail").forward(request, response);
+                    request.setAttribute("msg", "认证信息非法");
+                    request.getRequestDispatcher("/iot_license/fail").forward(request, response);
                     return;
                 }
                 String userId = userData.get("userId").asString();
@@ -88,8 +89,8 @@ public class JwtFilter implements Filter {
                 } else {
                     UserUtils.removeToken(userId);
                     UserUtils.removeTokenExp(userId);
-                    request.setAttribute("msg","token已失效");
-                    request.getRequestDispatcher("/fail").forward(request, response);
+                    request.setAttribute("msg", "token已失效");
+                    request.getRequestDispatcher("/iot_license/fail").forward(request, response);
                 }
             }
         }