security

src/main/java/org/rcisoft/config/SecurityConfig.java

@@ -96,10 +96,29 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
                 .authenticationEntryPoint(new RestAuthenticationEntryPoint())
         ;
         http   //添加前置过滤器
-                .addFilterAfter(jwtAuthenTokenFilter, UsernamePasswordAuthenticationFilter.class);
+                .addFilterBefore(jwtAuthenTokenFilter, UsernamePasswordAuthenticationFilter.class);
         http   //禁用header缓存
                 .headers().cacheControl();
-
+        /***
+         *
+         * 验证流程
+         *      1.  request-> jwtAuthenTokenFilter  通过jwt 获取token 拼接 UserDetail
+         *
+         *          jwtAuthenTokenFilter 将 UsernamePasswordAuthenticationToken 放置 securityContext
+         *
+         *              SecurityContextHolder.getContext().setAuthentication(authentication);
+         *
+         *      2.  jwtAuthenTokenFilter -> spring security
+         *
+         *          排除 permitAll() 等验证
+         *
+         *          验证失败后 authenticationEntryPoint(new RestAuthenticationEntryPoint())
+         *
+         *
+         *
+         *    未知  addFilterBefore  addFilterAfter 顺序问题 未确定原因
+         *
+         */
     }
 
 }

src/main/resources/application-dev.yml

 server:
   port: 8081
-  #context-path: /edu #ContextPath must start with '/' and not end with '/'
+  context-path: /edu #ContextPath must start with '/' and not end with '/
   tomcat:
     max-threads: 300
     #uri-encoding: UTF-8