jwt白名单鉴权

src/main/java/com/cmeeting/ad/filter/RobotJwtAuthenticationTokenFilter.java

@@ -13,6 +13,7 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
 import org.springframework.stereotype.Component;
+import org.springframework.util.AntPathMatcher;
 import org.springframework.web.filter.OncePerRequestFilter;
 
 import javax.annotation.Resource;
@@ -21,6 +22,8 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
+import java.util.Arrays;
+import java.util.List;
 
 /**
  * @Author 王长伟
@@ -42,8 +45,26 @@ public class RobotJwtAuthenticationTokenFilter extends OncePerRequestFilter {
     @Resource
     private RedisUtils redisUtil;
 
+    // 定义白名单路径（无需JWT验证的接口）
+    private static final List<String> WHITE_LIST = Arrays.asList(
+            "/user/**"    // 登录接口
+    );
+
+    // 判断路径是否在白名单中（支持Ant风格路径匹配）
+    private boolean isWhiteListPath(String requestURI) {
+        return WHITE_LIST.stream()
+                .anyMatch(pattern -> new AntPathMatcher().match(pattern, requestURI));
+    }
+
     @Override
     protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
+        // 检查请求路径是否在白名单中
+        String requestURI = request.getRequestURI();
+        if (isWhiteListPath(requestURI)) {
+            chain.doFilter(request, response); // 放行，不验证JWT
+            return;
+        }
+
         String token = jwtUtil.getToken(request);
         if (StringUtils.isNotBlank(token)) {
             Object o = redisUtil.get(token);