修复: token过滤器 TokenIgnore 注解在类上指定方法导致整个类接口都忽略问题

src/main/java/com/cool/core/security/JwtAuthenticationTokenFilter.java

@@ -4,11 +4,11 @@ import cn.hutool.core.convert.Convert;
 import cn.hutool.core.util.ObjectUtil;
 import cn.hutool.core.util.StrUtil;
 import cn.hutool.jwt.JWT;
-import com.cool.core.annotation.TokenIgnore;
 import com.cool.core.cache.CoolCache;
 import com.cool.core.enums.UserTypeEnum;
 import com.cool.core.security.jwt.JwtTokenUtil;
 import com.cool.core.security.jwt.JwtUser;
+import com.cool.core.util.PathUtils;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
@@ -23,9 +23,6 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
 import org.springframework.stereotype.Component;
 import org.springframework.web.filter.OncePerRequestFilter;
-import org.springframework.web.method.HandlerMethod;
-import org.springframework.web.servlet.HandlerExecutionChain;
-import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
 
 /**
  * Token过滤器
@@ -37,28 +34,17 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
 
     final private JwtTokenUtil jwtTokenUtil;
     final private CoolCache coolCache;
-    private final RequestMappingHandlerMapping requestMappingHandlerMapping;
+    final private IgnoredUrlsProperties ignoredUrlsProperties;
-
 
     @Override
     protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
                                     FilterChain chain)
             throws ServletException, IOException {
-        try {
+        String requestURI = request.getRequestURI();
-            HandlerExecutionChain handlerExecutionChain = requestMappingHandlerMapping.getHandler(request);
+        if (PathUtils.isMatch(ignoredUrlsProperties.getAdminAuthUrls(), requestURI)) {
-            if (handlerExecutionChain != null) {
+            // 请求路径在忽略后台鉴权url里支持通配符，放行
-                Object handler = handlerExecutionChain.getHandler();
+            chain.doFilter(request, response);
-                if (handler instanceof HandlerMethod) {
+            return;
-                    HandlerMethod handlerMethod = (HandlerMethod) handler;
-                    if (handlerMethod.getMethodAnnotation(TokenIgnore.class) != null ||
-                            handlerMethod.getBeanType().getAnnotation(TokenIgnore.class) != null) {
-                        chain.doFilter(request, response);
-                        return;
-                    }
-                }
-            }
-        } catch (Exception e) {
-            throw new RuntimeException(e);
         }
         String authToken = request.getHeader("Authorization");
         if (!StrUtil.isEmpty(authToken)) {

src/main/java/com/cool/core/security/JwtSecurityConfig.java

@@ -94,6 +94,10 @@ public class JwtSecurityConfig {
                     for (String path : tokenIgnoreCtr.value()) {
                         ignoredUrlsProperties.getAdminAuthUrls().add(String.join("/", urls) + "/" + path);
                     }
+                    if (tokenIgnoreCtr.value().length == 0) {
+                        // 通配
+                        ignoredUrlsProperties.getAdminAuthUrls().add(String.join("/", urls)+ "/**");
+                    }
                     handlerCtr.add(handlerMethod.getBeanType().getName());
                 });
             }

src/main/java/com/cool/core/util/PathUtils.java

@@ -1,12 +1,15 @@
 package com.cool.core.util;
 
 import cn.hutool.core.io.file.PathUtil;
+import cn.hutool.core.text.AntPathMatcher;
 import com.cool.CoolApplication;
 import java.io.File;
 import java.nio.file.Path;
 import java.nio.file.Paths;
+import java.util.List;
 
 public class PathUtils {
+    private static final AntPathMatcher antPathMatcher = new AntPathMatcher();
 
     public static boolean isAbsolutePath(String pathStr) {
         Path path = Paths.get(pathStr);
@@ -51,4 +54,17 @@ public class PathUtils {
             PathUtil.mkParentDirs(path);
         }
     }
+
+    /**
+     * 判断给定的请求URI是否匹配列表中的任意一个URL模式
+     * 使用Ant风格的路径匹配来处理URL模式，提供了一种通配符匹配的方法
+     *
+     * @param urls 待匹配的URL模式列表
+     * @param requestURI 请求的URI
+     * @return 如果请求URI匹配列表中的任意一个URL模式，则返回true；否则返回false
+     */
+    public static boolean isMatch(List<String> urls, String requestURI) {
+        return urls.stream()
+            .anyMatch(url -> antPathMatcher.match(url, requestURI));
+    }
 }

src/main/java/com/cool/modules/base/service/sys/impl/BaseSysLogServiceImpl.java

@@ -1,7 +1,6 @@
 package com.cool.modules.base.service.sys.impl;
 
 import cn.hutool.core.date.DateUtil;
-import cn.hutool.core.text.AntPathMatcher;
 import cn.hutool.core.util.StrUtil;
 import cn.hutool.json.JSONObject;
 import cn.hutool.json.JSONUtil;
@@ -10,6 +9,7 @@ import com.cool.core.config.LogProperties;
 import com.cool.core.security.IgnoredUrlsProperties;
 import com.cool.core.util.CoolSecurityUtil;
 import com.cool.core.util.IPUtils;
+import com.cool.core.util.PathUtils;
 import com.cool.modules.base.entity.sys.BaseSysLogEntity;
 import com.cool.modules.base.entity.sys.BaseSysUserEntity;
 import com.cool.modules.base.entity.sys.table.BaseSysLogEntityTableDef;
@@ -43,8 +43,6 @@ public class BaseSysLogServiceImpl extends BaseServiceImpl<BaseSysLogMapper, Bas
 
 	private final Executor logTaskExecutor;
 
-	private static final AntPathMatcher antPathMatcher = new AntPathMatcher();
-
 	@Override
 	public Object page(
 		JSONObject requestParams, Page<BaseSysLogEntity> page, QueryWrapper queryWrapper) {
@@ -83,8 +81,7 @@ public class BaseSysLogServiceImpl extends BaseServiceImpl<BaseSysLogMapper, Bas
 	}
 
 	private boolean isIgnoreUrl(String requestURI) {
-		return ignoredUrlsProperties.getLogUrls().stream()
+		return PathUtils.isMatch(ignoredUrlsProperties.getLogUrls(), requestURI);
-            .anyMatch(url -> antPathMatcher.match(url, requestURI));
 	}
 
 	public void recordAsync(String ipAddr, String requestURI, JSONObject requestParams) {