From dc22358d8624d3f5a2c27ee6c27e0bdbfe705fe9 Mon Sep 17 00:00:00 2001
From: jiangping <jp@doumee.com>
Date: 星期一, 20 五月 2024 11:21:14 +0800
Subject: [PATCH] Merge remote-tracking branch 'origin/master'
---
server/system_service/src/main/java/com/doumee/config/cloudfilter/LoginHandlerInterceptor.java | 68 +++++++++++++++++++++-------------
1 files changed, 42 insertions(+), 26 deletions(-)
diff --git a/server/system_service/src/main/java/com/doumee/config/cloudfilter/LoginHandlerInterceptor.java b/server/system_service/src/main/java/com/doumee/config/cloudfilter/LoginHandlerInterceptor.java
index 8fb8aee..f06ee51 100644
--- a/server/system_service/src/main/java/com/doumee/config/cloudfilter/LoginHandlerInterceptor.java
+++ b/server/system_service/src/main/java/com/doumee/config/cloudfilter/LoginHandlerInterceptor.java
@@ -1,6 +1,7 @@
package com.doumee.config.cloudfilter;
import com.alibaba.fastjson.JSONObject;
+import com.doumee.config.annotation.CloudRequiredPermission;
import com.doumee.config.annotation.LoginNoRequired;
import com.doumee.core.constants.ResponseStatus;
import com.doumee.core.exception.BusinessException;
@@ -13,8 +14,11 @@
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
+import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import java.util.Arrays;
+import java.util.Enumeration;
public class LoginHandlerInterceptor implements HandlerInterceptor {
@@ -28,43 +32,55 @@
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
- HandlerMethod handlerMethod = (HandlerMethod) handler;
- Class<?> beanType = handlerMethod.getBeanType();
- if (!beanType.isAnnotationPresent(LoginNoRequired.class) && !handlerMethod.hasMethodAnnotation(LoginNoRequired.class)) {
- //鑾峰彇token
- String token = request.getHeader(Constants.HEADER_USER_TOKEN); // 浠� http 璇锋眰澶翠腑鍙栧嚭 token
- if (StringUtils.isNotBlank(token)) {
- LoginUserInfo user = checkLogin(request,response);
- if (!handlerMethod.hasMethodAnnotation(RequiresPermissions.class)) {
- RequiresPermissions p = handlerMethod.getMethodAnnotation(RequiresPermissions.class);
- if(p.value()!=null && p.value().length>0){
- boolean hasPermission = false;
- for(String s :p.value()){
- if(user.getPermissions()!=null){
- for(String t :user.getPermissions()){
- if(StringUtils.equals(t,s)){
- hasPermission = true;
- break;
+ if(handler instanceof HandlerMethod){
+ HandlerMethod handlerMethod = (HandlerMethod) handler;
+ Class<?> beanType = handlerMethod.getBeanType();
+ if (!beanType.isAnnotationPresent(LoginNoRequired.class) && !handlerMethod.hasMethodAnnotation(LoginNoRequired.class)) {
+ //鑾峰彇token
+ Cookie[] cookies = request.getCookies();
+ String token = request.getHeader(Constants.HEADER_USER_TOKEN); // 浠� http 璇锋眰澶翠腑鍙栧嚭 token
+ if(StringUtils.isBlank(token)){
+ for(Cookie c :cookies){
+ if(StringUtils.equals(c.getName(),Constants.HEADER_USER_TOKEN)){
+ token = c.getValue();
+ }
+ }
+ }
+ if (StringUtils.isNotBlank(token)) {
+ LoginUserInfo user = checkLogin(token);
+ if (handlerMethod.hasMethodAnnotation(CloudRequiredPermission.class)) {
+ CloudRequiredPermission p = handlerMethod.getMethodAnnotation(CloudRequiredPermission.class);
+ if(p.value()!=null && p.value().length>0){
+ boolean hasPermission = false;
+ for(String s :p.value()){
+ if(user.getPermissions()!=null){
+ for(String t :user.getPermissions()){
+ if(StringUtils.equals(t,s)){
+ hasPermission = true;
+ break;
+ }
}
}
}
+ if(!hasPermission) {
+ //娌℃湁鎿嶄綔鏉冮檺
+ throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"娌℃湁璇ユ搷浣滄潈闄�");
+ }
}
- if(!hasPermission) {
- //娌℃湁鎿嶄綔鏉冮檺
- throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"娌℃湁璇ユ搷浣滄潈闄�");
- }
- }
+ }
+ } else {
+ throw new BusinessException(ResponseStatus.NO_LOGIN.getCode(),"鏈櫥褰�");
}
- } else {
- throw new BusinessException(ResponseStatus.NO_LOGIN.getCode(),"鏈櫥褰�");
}
+ }else{
+ throw new BusinessException(ResponseStatus.NO_LOGIN.getCode(),"鏈櫥褰�");
}
+
return true;
}
- private LoginUserInfo checkLogin(HttpServletRequest request, HttpServletResponse response) {
- String token = request.getHeader(Constants.HEADER_USER_TOKEN);
+ private LoginUserInfo checkLogin(String token) {
if (token == null || token.isEmpty()) {
throw new BusinessException(ResponseStatus.NO_LOGIN.getCode(),"鏈櫥褰�");
}
--
Gitblit v1.9.3