PLTWEB.git - Gitblit

			@@ -4,9 +4,12 @@
			import com.vci.starter.web.annotation.controller.VciUnCheckRight;
			import com.vci.starter.web.autoconfigure.SpringMVCConfig;
			import com.vci.starter.web.constant.TokenKeyConstant;
			import com.vci.starter.web.constant.VConstant;
			import com.vci.starter.web.enumpck.ResultCodeEnum;
			import com.vci.starter.web.pagemodel.BaseResult;
			import com.vci.starter.web.pagemodel.SessionInfo;
			import com.vci.starter.web.redis.RedisService;
			import com.vci.starter.web.util.ApplicationContextProvider;
			import com.vci.starter.web.util.LangBaseUtil;
			import com.vci.starter.web.util.VciBaseUtil;
			import com.vci.starter.web.util.WebThreadLocalUtil;
			@@ -14,6 +17,7 @@
			import org.slf4j.Logger;
			import org.slf4j.LoggerFactory;
			import org.springframework.beans.factory.annotation.Autowired;
			import org.springframework.context.annotation.Configuration;
			import org.springframework.util.CollectionUtils;
			import org.springframework.web.method.HandlerMethod;
			import org.springframework.web.servlet.HandlerInterceptor;
			@@ -30,6 +34,7 @@
			* @author weidy
			* @date 2019/11/7 2:32 PM
			*/
			//@Configuration
			public class VciSecurityInterceptor implements HandlerInterceptor {

			/**
			@@ -46,8 +51,11 @@
			/**
			* 会话，权限，token的接口
			*/
			@Autowired(required = false)
			private VciSessionForLoginI sessionForLoginI;
			@Autowired
			private VciSessionForLoginI vciSessionForLoginI;

			@Autowired
			private RedisService redisService;

			/**
			* 执行拦截
			@@ -69,7 +77,7 @@
			if(StringUtils.isBlank(userToken)){
			userToken = request.getParameter(TokenKeyConstant.USER_TOKEN_KEY);
			}
			if(!(handler instanceof HandlerMethod)){
			if(!(handler instanceof HandlerMethod)){
			return true;
			}

			@@ -91,6 +99,11 @@
			if(unCheckLogin){
			//虽然不校验权限，但是如果token不为空，需要更新当前用户
			SessionInfo sessionInfo = getSessionInfo(userToken);

			if(sessionInfo != null){
			//初始化平台的token
			vciSessionForLoginI.initInvocationInfo(sessionInfo);
			}

			return true;
			}
			@@ -115,11 +128,16 @@
			if(logger.isErrorEnabled()) {
			logger.error("token值非法，或过期，或者用户已经被踢下线," + userToken);
			}
			//删除缓存中统计的用户信息
			if(redisService == null){
			redisService = ApplicationContextProvider.getBean(RedisService.class);
			}
			redisService.decreOnlineUser(VConstant.CURRENT_LOGGED_USERS_KEY);
			sendErrorMsg(response,"token值非法，或过期，或者用户已经被踢下线," + userToken,1);
			return false;
			}else{
			if(!unCheckUrls.contains(url)){
			if(sessionForLoginI == null){
			if(vciSessionForLoginI == null){
			//说明没办法校验
			String msg = "请求路径"+ url +"没权限访问";
			if(logger.isErrorEnabled()) {
			@@ -129,11 +147,11 @@
			return false;
			}else{
			//初始化平台的token
			sessionForLoginI.initInvocationInfo(sessionInfo);
			vciSessionForLoginI.initInvocationInfo(sessionInfo);

			String systemPrivateToken = request.getHeader(TokenKeyConstant.SYSTEM_PRIVATE_KEY);
			try {
			if (sessionForLoginI.checkRequestRights(request, systemPrivateToken, sessionInfo, handler)) {
			if (vciSessionForLoginI.checkRequestRights(request, systemPrivateToken, sessionInfo, handler)) {
			updateRequestTime(url,userToken);
			}else{
			return false;
			@@ -159,7 +177,11 @@
			SessionInfo sessionInfo = null;
			if(StringUtils.isNotBlank(userToken)){
			try{
			sessionInfo = sessionForLoginI.getSessionInfoByToken(userToken);
			if(vciSessionForLoginI == null){
			vciSessionForLoginI = ApplicationContextProvider.getBean(VciSessionForLoginI.class);
			}

			sessionInfo = vciSessionForLoginI.getSessionInfoByToken(userToken);
			}catch (Throwable e){
			logger.error("获取token出错",e);
			}
			@@ -207,8 +229,8 @@
			while(url1.startsWith("/")){
			url1 = url1.substring(1);
			}
			if(sessionForLoginI != null && !unStorageRequestTimeUrls.contains(url1)){
			sessionForLoginI.updateRequestTime(userToken);
			if(vciSessionForLoginI != null && !unStorageRequestTimeUrls.contains(url1)){
			vciSessionForLoginI.updateRequestTime(userToken);
			}
			}
			}