🐛 修复过滤器匹配 BUG.

xiaor186 · Aug 22, 2019 · c7d1b7f · c7d1b7f
1 parent debaa5e
commit c7d1b7f
Show file tree

Hide file tree

Showing 5 changed files with 35 additions and 7 deletions.
diff --git a/src/main/java/im/zhaojun/common/shiro/RestPathMatchingFilterChainResolver.java b/src/main/java/im/zhaojun/common/shiro/RestPathMatchingFilterChainResolver.java
@@ -1,5 +1,6 @@
 package im.zhaojun.common.shiro;
 
+import im.zhaojun.common.util.WebHelper;
 import org.apache.shiro.web.filter.mgt.FilterChainManager;
 import org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver;
 import org.slf4j.Logger;
@@ -28,8 +29,14 @@ public FilterChain getChain(ServletRequest request, ServletResponse response, Fi
 
             String[] pathPatternArray = pathPattern.split("==");
 
+            boolean httpMethodMatchFlag = true;
+
+            if (pathPatternArray.length > 1) {
+                httpMethodMatchFlag = pathPatternArray[1].equals(WebHelper.getRequestHTTPMethod());
+            }
+
             // 只用过滤器链的 URL 部分与请求的 URL 进行匹配
-            if (pathMatches(pathPatternArray[0], requestURI)) {
+            if (pathMatches(pathPatternArray[0], requestURI) && httpMethodMatchFlag) {
                 if (log.isTraceEnabled()) {
                     log.trace("Matched path pattern [" + pathPattern + "] for requestURI [" + requestURI + "].  " +
                             "Utilizing corresponding filter chain...");

diff --git a/src/main/java/im/zhaojun/common/shiro/filter/RestAuthorizationFilter.java b/src/main/java/im/zhaojun/common/shiro/filter/RestAuthorizationFilter.java
@@ -26,20 +26,26 @@ public class RestAuthorizationFilter extends PermissionsAuthorizationFilter {
 
     @Override
     protected boolean pathsMatch(String path, ServletRequest request) {
+        boolean flag;
         String requestURI = this.getPathWithinApplication(request);
 
         String[] strings = path.split("==");
 
         if (strings.length <= 1) {
             // 普通的 URL, 正常处理
-            return this.pathsMatch(strings[0], requestURI);
+            flag =  this.pathsMatch(strings[0], requestURI);
         } else {
             // 获取当前请求的 http method.
             String httpMethod = WebUtils.toHttp(request).getMethod().toUpperCase();
 
             // 匹配当前请求的 http method 与 过滤器链中的的是否一致
-            return httpMethod.equals(strings[1].toUpperCase()) && this.pathsMatch(strings[0], requestURI);
+            flag =  httpMethod.equals(strings[1].toUpperCase()) && this.pathsMatch(strings[0], requestURI);
         }
+
+        if (flag) {
+            log.debug("URL : [{}] matching authc filter : [{}]", requestURI, path);
+        }
+        return flag;
     }
 
     /**

diff --git a/src/main/java/im/zhaojun/common/shiro/filter/RestFormAuthenticationFilter.java b/src/main/java/im/zhaojun/common/shiro/filter/RestFormAuthenticationFilter.java
@@ -22,19 +22,25 @@ public class RestFormAuthenticationFilter extends FormAuthenticationFilter {
 
     @Override
     protected boolean pathsMatch(String path, ServletRequest request) {
+        boolean flag;
         String requestURI = this.getPathWithinApplication(request);
 
         String[] strings = path.split("==");
 
         if (strings.length <= 1) {
             // 普通的 URL, 正常处理
-            return this.pathsMatch(strings[0], requestURI);
+            flag = this.pathsMatch(strings[0], requestURI);
         } else {
             // 获取当前请求的 http method.
             String httpMethod = WebUtils.toHttp(request).getMethod().toUpperCase();
             // 匹配当前请求的 url 和 http method 与过滤器链中的的是否一致
-            return httpMethod.equals(strings[1].toUpperCase()) && this.pathsMatch(strings[0], requestURI);
+            flag = httpMethod.equals(strings[1].toUpperCase()) && this.pathsMatch(strings[0], requestURI);
         }
+
+        if (flag) {
+            log.debug("URL : [{}] matching perms filter : [{}]", requestURI, path);
+        }
+        return flag;
     }
 
     /**

diff --git a/src/main/java/im/zhaojun/common/util/WebHelper.java b/src/main/java/im/zhaojun/common/util/WebHelper.java
@@ -48,4 +48,13 @@ public static void redirectUrl(String redirectUrl) {
         }
     }
 
+    /**
+     * 获取当前请求的 Http Method
+     * @return
+     */
+    public static String getRequestHTTPMethod() {
+        HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
+        return request.getMethod();
+    }
+
 }
diff --git a/src/main/java/im/zhaojun/system/service/ShiroService.java b/src/main/java/im/zhaojun/system/service/ShiroService.java
@@ -61,7 +61,7 @@ public Map<String, String> getUrlPermsMap() {
         for (Menu menu : menuList) {
             String url = menu.getUrl();
             if (url != null) {
-                String perms = "perms[" + menu.getPerms() + "]";
+                String perms = "authc, perms[" + menu.getPerms() + "]";
                 filterChainDefinitionMap.put(url, perms);
             }
         }
@@ -74,7 +74,7 @@ public Map<String, String> getUrlPermsMap() {
                         && !"".equals(operator.getHttpMethod())) {
                     url += ("==" + operator.getHttpMethod());
                 }
-                String perms = "perms[" + operator.getPerms() + "]";
+                String perms = "authc, perms[" + operator.getPerms() + "]";
                 filterChainDefinitionMap.put(url, perms);
             }
         }