PLTWEB.git - Gitblit

			@@ -72,36 +72,32 @@
			if(!(handler instanceof HandlerMethod)){
			return true;
			}
			List<String> unCheckUrls = new ArrayList<>();
			if(springMVCConfig !=null && springMVCConfig.getUnCheckUrls() !=null){
			unCheckUrls = springMVCConfig.getUnCheckUrls();
			}
			SessionInfo sessionInfo = null;
			if(StringUtils.isNotBlank(userToken)){
			try{
			sessionInfo = sessionForLoginI.getSessionInfoByToken(userToken);
			}catch (Throwable e){
			logger.error("获取token出错",e);
			//sendErrorMsg(response,"获取token的信息出错，" + userToken + "," + LangBaseUtil.getErrorMsg(e),1);
			//return false;
			}
			if(sessionInfo!=null){
			WebThreadLocalUtil.getCurrentUserSessionInfoInThread().set(sessionInfo);
			}
			}

			boolean unCheckLogin = false;
			if(handler instanceof HandlerMethod) {
			HandlerMethod hm = (HandlerMethod)handler;
			Method method = hm.getMethod();
			//设置了不校验的会直接返回true
			if (method.isAnnotationPresent(VciUnCheckRight.class)) {
			return true;
			unCheckLogin = true;
			}
			if (method.getDeclaringClass().isAnnotationPresent(VciUnCheckRight.class)) {
			return true;
			unCheckLogin = true;
			}
			}
			if(url.endsWith(".md")){
			unCheckLogin = true;
			}
			if(unCheckLogin){
			//虽然不校验权限，但是如果token不为空，需要更新当前用户
			SessionInfo sessionInfo = getSessionInfo(userToken);

			return true;
			}
			//获取配置文件中，不校验权限的路径
			List<String> unCheckUrls = new ArrayList<>();
			if(springMVCConfig !=null && springMVCConfig.getUnCheckUrls() !=null){
			unCheckUrls = springMVCConfig.getUnCheckUrls();
			}
			if(StringUtils.isBlank(userToken) && !unCheckUrls.contains(url)){
			//说明是没有用户信息的，而且也必须要校验是否登录的情况
			@@ -111,14 +107,15 @@
			}
			sendErrorMsg(response,"没有登录系统，请先登录",1);
			return false;
			//被T下线由websocket直接提醒
			//被踢下线由websocket直接提醒
			}else{
			SessionInfo sessionInfo = getSessionInfo(userToken);
			if(sessionInfo == null){
			//也是说明不存在，被T下线时也获取不到session的信息了
			//也是说明不存在，被踢下线时也获取不到session的信息了
			if(logger.isErrorEnabled()) {
			logger.error("token值非法，或者用户已经被踢下线," + userToken);
			logger.error("token值非法，或过期，或者用户已经被踢下线," + userToken);
			}
			sendErrorMsg(response,"token值非法，或者用户已经被踢下线," + userToken,1);
			sendErrorMsg(response,"token值非法，或过期，或者用户已经被踢下线," + userToken,1);
			return false;
			}else{
			if(!unCheckUrls.contains(url)){
			@@ -131,6 +128,9 @@
			sendErrorMsg(response,msg,2);
			return false;
			}else{
			//初始化平台的token
			sessionForLoginI.initInvocationInfo(sessionInfo);

			String systemPrivateToken = request.getHeader(TokenKeyConstant.SYSTEM_PRIVATE_KEY);
			try {
			if (sessionForLoginI.checkRequestRights(request, systemPrivateToken, sessionInfo, handler)) {
			@@ -155,6 +155,22 @@
			return true;
			}

			private SessionInfo getSessionInfo(String userToken){
			SessionInfo sessionInfo = null;
			if(StringUtils.isNotBlank(userToken)){
			try{
			sessionInfo = sessionForLoginI.getSessionInfoByToken(userToken);
			}catch (Throwable e){
			logger.error("获取token出错",e);
			}
			if(sessionInfo!=null){
			WebThreadLocalUtil.setCurrentUserSessionInfoInThread(sessionInfo);
			WebThreadLocalUtil.setTokenInThread(TokenKeyConstant.TOKEN_KEY_PREFIX_IN_REDIS+sessionInfo.getToken());
			}
			}
			return sessionInfo;
			}

			/**
			* 返回错误信息
			* @param response 相应对象