修复服务器域名白名单规则

2024-03-26 21:08:31 +08:00
parent 0ecf57ab74
commit ef978d1c5d
2 changed files with 4 additions and 7 deletions
--- a/src/main/java/com/gxwebsoft/common/core/security/JwtAuthenticationFilter.java
+++ b/src/main/java/com/gxwebsoft/common/core/security/JwtAuthenticationFilter.java
@@ -60,11 +60,9 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
        final SignCheckUtil checkUtil = new SignCheckUtil();
        String key = "WhiteDomain:" + jwtSubject.getTenantId();
        List<String> whiteDomains = redisUtil.get(key, List.class);
-        if (whiteDomains != null) {
        if (!checkUtil.checkWhiteDomains(whiteDomains, request.getServerName())) {
          throw new UsernameNotFoundException("The requested domain name is not on the whitelist");
        }
-        }

        User user = userService.getByUsername(jwtSubject.getUsername(), jwtSubject.getTenantId());
        if (user == null) {
--- a/src/main/java/com/gxwebsoft/common/core/utils/SignCheckUtil.java
+++ b/src/main/java/com/gxwebsoft/common/core/utils/SignCheckUtil.java
@@ -183,10 +183,9 @@ public class SignCheckUtil {
      return true;
    }
    // 服务器域名白名单列表
-    whiteDomains.add("oa.gxwebsoft.com");
-    whiteDomains.add("admin.gxwebsoft.com");
-    whiteDomains.add("adm.wsdns.cn");
+    whiteDomains.add("server.gxwebsoft.com");
    for(String item: whiteDomains){
+//      System.out.println(">>>  domainName = " + domainName);
      if(Objects.equals(item, domainName)){
        return true;
      }