From bf554738cd7d25fcd581860ba07abac550dd10dd Mon Sep 17 00:00:00 2001 From: "Captain.B" Date: Sat, 10 Oct 2020 14:44:37 +0800 Subject: [PATCH] =?UTF-8?q?refactor:=20=E5=88=A0=E9=99=A4=E4=B8=8D?= =?UTF-8?q?=E7=94=A8=E7=9A=84=E4=BB=A3=E7=A0=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../io/metersphere/config/ShiroConfig.java | 2 -- .../io/metersphere/security/LoginFilter.java | 36 ------------------- 2 files changed, 38 deletions(-) delete mode 100644 backend/src/main/java/io/metersphere/security/LoginFilter.java diff --git a/backend/src/main/java/io/metersphere/config/ShiroConfig.java b/backend/src/main/java/io/metersphere/config/ShiroConfig.java index 4a3b00c4a9..b64a53dc34 100644 --- a/backend/src/main/java/io/metersphere/config/ShiroConfig.java +++ b/backend/src/main/java/io/metersphere/config/ShiroConfig.java @@ -35,7 +35,6 @@ public class ShiroConfig implements EnvironmentAware { @Bean public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager sessionManager) { ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); -// shiroFilterFactoryBean.getFilters().put("authc", new LoginFilter()); shiroFilterFactoryBean.setLoginUrl("/login"); shiroFilterFactoryBean.setSecurityManager(sessionManager); shiroFilterFactoryBean.setUnauthorizedUrl("/403"); @@ -44,7 +43,6 @@ public class ShiroConfig implements EnvironmentAware { shiroFilterFactoryBean.getFilters().put("apikey", new ApiKeyFilter()); Map filterChainDefinitionMap = shiroFilterFactoryBean.getFilterChainDefinitionMap(); ShiroUtils.loadBaseFilterChain(filterChainDefinitionMap); -// filterChainDefinitionMap.put("/**", "apikey, authc"); filterChainDefinitionMap.put("/**", "apikey"); return shiroFilterFactoryBean; } diff --git a/backend/src/main/java/io/metersphere/security/LoginFilter.java b/backend/src/main/java/io/metersphere/security/LoginFilter.java deleted file mode 100644 index fac3991bb4..0000000000 --- a/backend/src/main/java/io/metersphere/security/LoginFilter.java +++ /dev/null @@ -1,36 +0,0 @@ -package io.metersphere.security; - -import com.alibaba.fastjson.JSONObject; -import io.metersphere.controller.ResultHolder; -import org.apache.shiro.web.filter.authc.FormAuthenticationFilter; - -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -public class LoginFilter extends FormAuthenticationFilter { - - @Override - protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) { - if (((HttpServletRequest) request).getMethod().toUpperCase().equals("OPTIONS")) { - return true; - } - return super.isAccessAllowed(request, response, mappedValue); - } - - @Override - protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception { - HttpServletRequest httpServletRequest = (HttpServletRequest) request; - if (httpServletRequest.getServletPath().endsWith("login")) { - return super.onAccessDenied(request, response); - } - HttpServletResponse httpServletResponse = (HttpServletResponse) response; - httpServletResponse.setCharacterEncoding("UTF-8"); - httpServletResponse.setContentType("application/json"); - httpServletResponse.setHeader("authentication-status", "invalid"); - ResultHolder result = ResultHolder.error("Authentication Status Invalid"); - httpServletResponse.getWriter().write(JSONObject.toJSON(result).toString()); - return true; - } -}