1. 增加 API 访问日志、异常日志表

2. 调整过滤器的顺序

src/main/java/cn/iocoder/dashboard/framework/web/config/WebConfiguration.java

@@ -1,11 +1,12 @@
 package cn.iocoder.dashboard.framework.web.config;
 
+import cn.iocoder.dashboard.framework.web.core.enums.FilterOrderEnum;
 import cn.iocoder.dashboard.framework.web.core.filter.RequestBodyCacheFilter;
 import cn.iocoder.dashboard.framework.web.core.filter.XssFilter;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.core.annotation.Order;
 import org.springframework.util.PathMatcher;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.cors.CorsConfiguration;
@@ -15,10 +16,8 @@ import org.springframework.web.servlet.config.annotation.PathMatchConfigurer;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 import javax.annotation.Resource;
+import javax.servlet.Filter;
 
-/**
- * Web 配置类
- */
 @Configuration
 @EnableConfigurationProperties({WebProperties.class, XssProperties.class})
 public class WebConfiguration implements WebMvcConfigurer {
@@ -39,8 +38,7 @@ public class WebConfiguration implements WebMvcConfigurer {
      * 创建 CorsFilter Bean，解决跨域问题
      */
     @Bean
-    @Order(Integer.MIN_VALUE)
-    public CorsFilter corsFilter() {
+    public FilterRegistrationBean<CorsFilter> corsFilterBean() {
         // 创建 CorsConfiguration 对象
         CorsConfiguration config = new CorsConfiguration();
         config.setAllowCredentials(true);
@@ -50,25 +48,29 @@ public class WebConfiguration implements WebMvcConfigurer {
         // 创建 UrlBasedCorsConfigurationSource 对象
         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
         source.registerCorsConfiguration("/**", config); // 对接口配置跨域设置
-        return new CorsFilter(source);
+        return createFilterBean(new CorsFilter(source), FilterOrderEnum.CORS_FILTER);
     }
 
     /**
      * 创建 RequestBodyCacheFilter Bean，可重复读取请求内容
      */
     @Bean
-    @Order(Integer.MIN_VALUE)
-    public RequestBodyCacheFilter requestBodyCacheFilter() {
-        return new RequestBodyCacheFilter();
+    public FilterRegistrationBean<RequestBodyCacheFilter> requestBodyCacheFilter() {
+        return createFilterBean(new RequestBodyCacheFilter(), FilterOrderEnum.REQUEST_BODY_CACHE_FILTER);
     }
 
     /**
      * 创建 XssFilter Bean，解决 Xss 安全问题
      */
     @Bean
-    @Order(Integer.MIN_VALUE + 1000) // 需要保证在 RequestBodyCacheFilter 后面
-    public XssFilter xssFilter(XssProperties properties, PathMatcher pathMatcher) {
-        return new XssFilter(properties, pathMatcher);
+    public FilterRegistrationBean<XssFilter> xssFilter(XssProperties properties, PathMatcher pathMatcher) {
+        return createFilterBean(new XssFilter(properties, pathMatcher), FilterOrderEnum.XSS_FILTER);
+    }
+
+    private static <T extends Filter> FilterRegistrationBean<T> createFilterBean(T filter, Integer order) {
+        FilterRegistrationBean<T> bean = new FilterRegistrationBean<>(filter);
+        bean.setOrder(order);
+        return bean;
     }
 
 }

src/main/java/cn/iocoder/dashboard/framework/web/core/enums/FilterOrderEnum.java

@@ -0,0 +1,22 @@
+package cn.iocoder.dashboard.framework.web.core.enums;
+
+/**
+ * 过滤器顺序的枚举类，保证过滤器按照符合我们的预期
+ *
+ * @author 芋道源码
+ */
+public interface FilterOrderEnum {
+
+    int CORS_FILTER = Integer.MIN_VALUE;
+
+    int REQUEST_BODY_CACHE_FILTER = Integer.MIN_VALUE + 500;
+
+    // OrderedRequestContextFilter 默认为 -105，用于国际化上下文等等
+
+    int API_ACCESS_LOG_FILTER = -104; // 需要保证在 RequestBodyCacheFilter 后面
+
+    int XSS_FILTER = -103;  // 需要保证在 RequestBodyCacheFilter 后面
+
+    // Spring Security Filter 默认为 -100，可见 SecurityProperties 配置属性类
+
+}

src/main/java/cn/iocoder/dashboard/framework/web/core/filter/RequestBodyCacheFilter.java

@@ -1,7 +1,6 @@
 package cn.iocoder.dashboard.framework.web.core.filter;
 
-import cn.hutool.core.util.StrUtil;
-import org.springframework.http.MediaType;
+import cn.iocoder.dashboard.util.servlet.ServletUtils;
 import org.springframework.web.filter.OncePerRequestFilter;
 import org.springframework.web.util.ContentCachingRequestWrapper;
 
@@ -29,7 +28,7 @@ public class RequestBodyCacheFilter extends OncePerRequestFilter {
     @Override
     protected boolean shouldNotFilter(HttpServletRequest request) {
         // 只处理 json 请求内容
-        return !StrUtil.startWithIgnoreCase(request.getContentType(), MediaType.APPLICATION_JSON_VALUE);
+        return !ServletUtils.isJsonRequest(request);
     }
 
 }

src/main/java/cn/iocoder/dashboard/framework/web/core/filter/XssRequestWrapper.java

@@ -6,6 +6,7 @@ import cn.hutool.core.util.ArrayUtil;
 import cn.hutool.core.util.ReflectUtil;
 import cn.hutool.core.util.StrUtil;
 import cn.hutool.http.HTMLFilter;
+import cn.iocoder.dashboard.util.servlet.ServletUtils;
 import org.springframework.http.MediaType;
 
 import javax.servlet.ReadListener;
@@ -56,7 +57,7 @@ public class XssRequestWrapper extends HttpServletRequestWrapper {
     @Override
     public ServletInputStream getInputStream() throws IOException {
         // 如果非 json 请求，不进行 Xss 处理
-        if (!StrUtil.startWithIgnoreCase(super.getContentType(), MediaType.APPLICATION_JSON_VALUE)) {
+        if (!ServletUtils.isJsonRequest(this)) {
             return super.getInputStream();
         }