iot后端
blame | 历史 | 原始文档
cuikaidong
2025-06-12 44e283b774bb1168d0c17dfe5070a1ca8e2274cd 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141

package org.jeecg.modules.shiro.authc.interceptor;


 


import com.alibaba.fastjson.JSON;


import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;


import lombok.extern.slf4j.Slf4j;


import org.jeecg.common.api.vo.Result;


import org.jeecg.common.aspect.annotation.OnlineAuth;


import org.jeecg.common.system.util.JwtUtil;


import org.jeecg.common.util.oConvertUtils;


import org.jeecg.modules.system.entity.SysPermission;


import org.jeecg.modules.system.service.ISysPermissionService;


import org.springframework.beans.factory.annotation.Autowired;


import org.springframework.web.method.HandlerMethod;


import org.springframework.web.servlet.HandlerInterceptor;


 


import javax.servlet.http.HttpServletRequest;


import javax.servlet.http.HttpServletResponse;


import java.io.IOException;


import java.io.PrintWriter;


import java.util.ArrayList;


import java.util.List;


 


/**


 * Online 自定义请求拦截器


 *


 * @author: taoyan


 * @date: 2020年03月20日


 */


@Slf4j


public class OnlineInterceptor implements HandlerInterceptor {


 


    @Autowired


    private ISysPermissionService sysPermissionService;


 


    /**


     * online表单菜单地址


     */


    private static final String ONLINE_FORM = "/online/cgform";


 


    /**


     * online功能测试地址 前缀


     */


    private static final String[] ONLINE_TEST_PRE = {"/online/cgformErpList", "/online/cgformList", "/online/cgformTreeList"};


 


    @Override


    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {


        // 请求的方法是否有注解


        boolean anno = handler.getClass().isAssignableFrom(HandlerMethod.class);


        if (anno) {


            OnlineAuth onlineAuth = ((HandlerMethod) handler).getMethodAnnotation(OnlineAuth.class);


            if (onlineAuth != null) {


                String requestPath = request.getRequestURI().substring(request.getContextPath().length());


                requestPath = filterUrl(requestPath);


                //1.通过前端请求地址得到code


                String authKey = onlineAuth.value();


                String code = requestPath.substring(requestPath.lastIndexOf(authKey) + authKey.length());


                log.info("拦截请求(" + request.getMethod() + "):" + requestPath + ",");


                if ("form".equals(authKey) && "DELETE".equals(request.getMethod())) {


                    code = code.substring(0, code.lastIndexOf("/"));


                }


                List<String> possibleUrl = new ArrayList<>();


                //获取可能的表单地址


                for (String pre : ONLINE_TEST_PRE) {


                    possibleUrl.add(pre + code);


                }


                //查询菜单


                LambdaQueryWrapper<SysPermission> query = new LambdaQueryWrapper<SysPermission>();


                query.eq(SysPermission::getDelFlag, 0);


                query.in(SysPermission::getUrl, possibleUrl);


                List<SysPermission> permissionList = sysPermissionService.list(query);


 


                String username = JwtUtil.getUserNameByToken(request);


                if (permissionList == null || permissionList.size() == 0) {


                    //没有配置菜单 找online表单菜单地址


                    boolean hasPermission = sysPermissionService.hasPermission(username, ONLINE_FORM);


                    if (!hasPermission) {


                        backError(response, authKey);


                        return false;


                    }


                } else {


                    //找到菜单了


                    boolean has = false;


                    for (SysPermission p : permissionList) {


                        has = has || sysPermissionService.hasPermission(username, p);


                    }


                    if (!has) {


                        backError(response, authKey);


                        return false;


                    }


                }


            }


        }


        return true;


    }


 


    /**


     * 地址过滤


     *


     * @param requestPath


     * @return


     */


    private String filterUrl(String requestPath) {


        String url = "";


        if (oConvertUtils.isNotEmpty(requestPath)) {


            url = requestPath.replace("\\", "/");


            url = requestPath.replace("//", "/");


            if (url.indexOf("//") >= 0) {


                url = filterUrl(url);


            }


        }


        return url;


    }


 


    /**


     * 返回一个错误信息


     *


     * @param response


     * @param authKey


     */


    private void backError(HttpServletResponse response, String authKey) {


        PrintWriter writer = null;


        response.setCharacterEncoding("UTF-8");


        response.setContentType("application/json; charset=utf-8");


        response.setHeader("auth", "fail");


        try {


            writer = response.getWriter();


            if ("exportXls".equals(authKey)) {


                writer.print("");


            } else {


                Result<?> result = Result.error("无权限访问(操作)");


                writer.print(JSON.toJSON(result));


            }


        } catch (IOException e) {


            log.error(e.getMessage());


        } finally {


            if (writer != null) {


                writer.close();


            }


        }


    }


}