fix: token 校验 filter 最好放到 LogoutFilter 之前

cadecode · cadecode · commit fbfedc034b43 · 2023-09-11T11:26:08.000+08:00
diff --git a/framework/framework_base/src/main/java/com/github/cadecode/uniboot/framework/base/config/SecurityConfig.java b/framework/framework_base/src/main/java/com/github/cadecode/uniboot/framework/base/config/SecurityConfig.java
@@ -30,7 +30,7 @@
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.access.expression.WebExpressionVoter;
-import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.authentication.logout.LogoutFilter;
 import org.springframework.web.filter.OncePerRequestFilter;
 
 import javax.servlet.FilterChain;
@@ -98,8 +98,8 @@ protected void configure(HttpSecurity http) throws Exception {
         http.authorizeRequests()
                 .accessDecisionManager(new UnanimousBased(
                         Arrays.asList(new WebExpressionVoter(), dataBaseRoleVoter)));
-        // 配置 Token 校验过滤器
-        http.addFilterBefore(tokenAuthFilter, UsernamePasswordAuthenticationFilter.class);
+        // 配置 token 校验过滤器
+        http.addFilterBefore(tokenAuthFilter, LogoutFilter.class);
         // 配置 trace id 过滤器
         http.addFilterBefore(new TraceInfoFilter(), TokenAuthFilter.class);
         log.info("Config Security over，AuthModel:{}", properties.getAuthModel());
