Source/plt-web/plt-web-parent/plt-web-base/src/main/java/com/vci/starter/web/interceptor/VciSecurityInterceptor.java

@@ -7,6 +7,7 @@
import com.vci.starter.web.enumpck.ResultCodeEnum;
import com.vci.starter.web.pagemodel.BaseResult;
import com.vci.starter.web.pagemodel.SessionInfo;
import com.vci.starter.web.util.ApplicationContextProvider;
import com.vci.starter.web.util.LangBaseUtil;
import com.vci.starter.web.util.VciBaseUtil;
import com.vci.starter.web.util.WebThreadLocalUtil;
@@ -14,10 +15,15 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.AnnotationConfigApplicationContext;
import org.springframework.context.annotation.Configuration;
import org.springframework.stereotype.Component;
import org.springframework.stereotype.Service;
import org.springframework.util.CollectionUtils;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;

import javax.annotation.Resource;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -30,6 +36,7 @@
 * @author weidy
 * @date 2019/11/7 2:32 PM
 */
//@Configuration
public class VciSecurityInterceptor implements HandlerInterceptor {

    /**
@@ -46,8 +53,8 @@
    /**
     * 会话，权限，token的接口
     */
    @Autowired(required = false)
    private VciSessionForLoginI sessionForLoginI;
    @Autowired
    private VciSessionForLoginI vciSessionForLoginI;

    /**
     * 执行拦截
@@ -92,6 +99,11 @@
            //虽然不校验权限，但是如果token不为空，需要更新当前用户
            SessionInfo sessionInfo = getSessionInfo(userToken);

            if(sessionInfo != null){
                //初始化平台的token
                vciSessionForLoginI.initInvocationInfo(sessionInfo);
            }

            return true;
        }
        //获取配置文件中，不校验权限的路径
@@ -119,7 +131,7 @@
                return false;
            }else{
                if(!unCheckUrls.contains(url)){
                    if(sessionForLoginI == null){
                    if(vciSessionForLoginI == null){
                        //说明没办法校验
                        String msg = "请求路径"+ url +"没权限访问";
                        if(logger.isErrorEnabled()) {
@@ -128,9 +140,12 @@
                        sendErrorMsg(response,msg,2);
                        return false;
                    }else{
                        //初始化平台的token
                        vciSessionForLoginI.initInvocationInfo(sessionInfo);

                        String systemPrivateToken = request.getHeader(TokenKeyConstant.SYSTEM_PRIVATE_KEY);
                        try {
                            if (sessionForLoginI.checkRequestRights(request, systemPrivateToken, sessionInfo, handler)) {
                            if (vciSessionForLoginI.checkRequestRights(request, systemPrivateToken, sessionInfo, handler)) {
                                updateRequestTime(url,userToken);
                            }else{
                                return false;
@@ -156,7 +171,11 @@
        SessionInfo sessionInfo = null;
        if(StringUtils.isNotBlank(userToken)){
            try{
                sessionInfo = sessionForLoginI.getSessionInfoByToken(userToken);
                if(vciSessionForLoginI == null){
                    vciSessionForLoginI = ApplicationContextProvider.getBean(VciSessionForLoginI.class);
                }

                sessionInfo = vciSessionForLoginI.getSessionInfoByToken(userToken);
            }catch (Throwable e){
                logger.error("获取token出错",e);
            }
@@ -204,8 +223,8 @@
        while(url1.startsWith("/")){
            url1 = url1.substring(1);
        }
        if(sessionForLoginI != null && !unStorageRequestTimeUrls.contains(url1)){
            sessionForLoginI.updateRequestTime(userToken);
        if(vciSessionForLoginI != null && !unStorageRequestTimeUrls.contains(url1)){
            vciSessionForLoginI.updateRequestTime(userToken);
        }
    }
}