lesingle-edu-reading-platform-backend/src/main/java/com/lesingle/edu/common/aspect/TraceIdAspect.java

@@ -1,59 +0,0 @@
-package com.lesingle.edu.common.aspect;
-
-import lombok.extern.slf4j.Slf4j;
-import org.aspectj.lang.ProceedingJoinPoint;
-import org.aspectj.lang.annotation.Around;
-import org.aspectj.lang.annotation.Aspect;
-import org.slf4j.MDC;
-import org.springframework.core.Ordered;
-import org.springframework.core.annotation.Order;
-import org.springframework.stereotype.Component;
-import org.springframework.web.context.request.RequestContextHolder;
-import org.springframework.web.context.request.ServletRequestAttributes;
-
-import jakarta.servlet.http.HttpServletRequest;
-import java.util.UUID;
-
-/**
- * TraceId 切面
- * 在 Controller 执行前生成 traceId 并放入 MDC，便于日志链路追踪
- */
-@Slf4j
-@Aspect
-@Component
-@Order(Ordered.HIGHEST_PRECEDENCE)
-public class TraceIdAspect {
-
-    /**
-     * MDC 中 traceId 的 key
-     */
-    private static final String TRACE_ID_KEY = "traceId";
-
-    /**
-     * 切点：Controller 层所有方法
-     */
-    @Around("execution(* com.lesingle.edu.controller..*.*(..))")
-    public Object around(ProceedingJoinPoint joinPoint) throws Throwable {
-        // 生成 traceId（使用 UUID，前 8 位大写）
-        String traceId = generateTraceId();
-
-        // 放入 MDC 上下文
-        MDC.put(TRACE_ID_KEY, traceId);
-
-        try {
-            // 执行目标方法
-            return joinPoint.proceed();
-        } finally {
-            // 清理 MDC，防止内存泄漏
-            MDC.clear();
-        }
-    }
-
-    /**
-     * 生成 traceId
-     * 使用 UUID 的前 8 位，保证唯一性的同时保持简洁
-     */
-    private String generateTraceId() {
-        return UUID.randomUUID().toString().replace("-", "").substring(0, 8).toUpperCase();
-    }
-}

lesingle-edu-reading-platform-backend/src/main/java/com/lesingle/edu/common/config/SecurityConfig.java

@@ -1,5 +1,6 @@
 package com.lesingle.edu.common.config;
 
+import com.lesingle.edu.common.filter.TraceIdFilter;
 import com.lesingle.edu.common.security.JwtAuthenticationFilter;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
@@ -30,7 +31,7 @@ import java.util.List;
 @RequiredArgsConstructor
 public class SecurityConfig {
 
-    private final JwtAuthenticationFilter jwtAuthenticationFilter;
+    private final TraceIdFilter traceIdFilter;
 
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
@@ -52,8 +53,7 @@ public class SecurityConfig {
                         // All other requests require authentication
                         .anyRequest().authenticated()
                 )
-                // 添加 JWT 过滤器到 UsernamePasswordAuthenticationFilter 之前
+                .addFilterBefore(traceIdFilter, UsernamePasswordAuthenticationFilter.class);
-                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
 
         return http.build();
     }

lesingle-edu-reading-platform-backend/src/main/java/com/lesingle/edu/common/filter/TraceIdFilter.java

@@ -0,0 +1,57 @@
+package com.lesingle.edu.common.filter;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.extern.slf4j.Slf4j;
+import org.slf4j.MDC;
+import org.springframework.core.Ordered;
+import org.springframework.core.annotation.Order;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+import java.util.UUID;
+
+/**
+ * 链路追踪过滤器
+ * 为每个请求生成唯一的 traceId，放入 MDC 上下文，便于日志链路追踪
+ */
+@Slf4j
+@Component
+@Order(Ordered.HIGHEST_PRECEDENCE + 1)  // 最优先执行，确保 traceId 在所有过滤器之前生成
+public class TraceIdFilter extends OncePerRequestFilter {
+
+    /**
+     * MDC 中 traceId 的 key
+     */
+    private static final String TRACE_ID_KEY = "traceId";
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request,
+                                    HttpServletResponse response,
+                                    FilterChain filterChain) throws ServletException, IOException {
+        // 生成 traceId（使用 UUID，前 8 位）
+        String traceId = generateTraceId();
+
+        // 放入 MDC 上下文
+        MDC.put(TRACE_ID_KEY, traceId);
+
+        try {
+            // 执行过滤器链
+            filterChain.doFilter(request, response);
+        } finally {
+            // 清理 MDC，防止内存泄漏
+            MDC.clear();
+        }
+    }
+
+    /**
+     * 生成 traceId
+     * 使用 UUID 的前 8 位，保证唯一性的同时保持简洁
+     */
+    private String generateTraceId() {
+        return UUID.randomUUID().toString().replace("-", "").substring(0, 8).toUpperCase();
+    }
+}

lesingle-edu-reading-platform-backend/src/main/java/com/lesingle/edu/common/security/JwtAuthenticationFilter.java

@@ -18,6 +18,8 @@ import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.core.Ordered;
+import org.springframework.core.annotation.Order;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
@@ -37,6 +39,7 @@ import java.util.Map;
 @Slf4j
 @Component
 @RequiredArgsConstructor
+@Order(Ordered.HIGHEST_PRECEDENCE + 10)  // 在 TraceIdFilter 之后执行
 public class JwtAuthenticationFilter extends OncePerRequestFilter {
 
     private final JwtTokenProvider jwtTokenProvider;
@@ -49,17 +52,13 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
     @Override
     protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
                                     FilterChain filterChain) throws ServletException, IOException {
-        log.debug("JwtAuthenticationFilter doFilterInternal called for: {}", request.getRequestURI());
         try {
             String token = resolveToken(request);
-            log.debug("Token extracted: {}", token != null ? "present" : "null");
             if (StringUtils.hasText(token)) {
-                log.debug("Token validation starting...");
                 // 验证 token 并获取错误原因
                 String tokenErrorReason = jwtTokenProvider.validateTokenWithReason(token);
                 if (tokenErrorReason != null) {
                     // token 无效，返回 401 错误
-                    log.debug("Token validation failed: {}", tokenErrorReason);
                     sendError(response, HttpStatus.UNAUTHORIZED, getErrorMessage(tokenErrorReason));
                     return;
                 }