潘钊 / bsth_control · Commits

Commit baeb60fca9ac09a42f1dfa23779321af892e96a1

Authored by 王通
1 parent 3e684046
build: skipped

1.3月31日更新

Inline Side-by-side
Showing 1 changed file with 77 additions and 77 deletions
src/main/java/com/bsth/filter/AuthorityFilter.java
  View file @baeb60f
1   -package com.bsth.filter;
2   -
3   -import com.bsth.common.Constants;
4   -import com.bsth.common.ResponseCode;
5   -import com.bsth.data.SystemParamCache;
6   -import com.fasterxml.jackson.databind.ObjectMapper;
7   -import org.slf4j.Logger;
8   -import org.slf4j.LoggerFactory;
9   -
10   -import javax.servlet.*;
11   -import javax.servlet.http.HttpServletRequest;
12   -import javax.servlet.http.HttpServletResponse;
13   -import java.io.IOException;
14   -import java.util.HashMap;
15   -import java.util.Map;
16   -import java.util.Set;
17   -
18   -/**
19   - * 权限过滤器
20   - * @author Hill
21   - */
22   -public class AuthorityFilter extends BaseFilter {
23   -
24   - Logger logger = LoggerFactory.getLogger(this.getClass());
25   -
26   - private ObjectMapper mapper = new ObjectMapper();
27   -
28   - private final String rootUri = "/";
29   -
30   - private final String scheduleReferer = "/real_control/v2";
31   -
32   - private String[] pubUrls = new String[]{ "/sockjs/", "/pages/", "/error", "/dictionary/all", "/user/isWeakCipher", "/user/isRealName", "/user/currentUser", "/user/companyData", "/module/findByCurrentUser", "/eci/validate_get_destroy_info", "/business", "/personnel/all_py", "/companyAuthority/all", "/line/all", "/basic/refresh_person_data", "/downloadFile", "/report/lineList" };
33   -
34   - @Override
35   - public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
36   - if (!SystemParamCache.getEnableFilterAuthority()) {
37   - chain.doFilter(request, response);
38   - return;
39   - }
40   -
41   - String uri = request.getRequestURI(), referer = request.getHeader("Referer");
42   - Set<String> links = (Set<String>) request.getSession().getAttribute(Constants.RESOURCE_AUTHORITYS);
43   - if (rootUri.equals(uri) || (referer != null && referer.indexOf(scheduleReferer) > 0) || isPubURL(uri)) {
44   - chain.doFilter(request, response);
45   - return;
46   - }
47   - if (links != null) {
48   - boolean matched = false;
49   - for (String link : links) {
50   - if (uri.startsWith(link)) {
51   - matched = true;
52   - break;
53   - }
54   - }
55   - if (!matched) {
56   - Map<String, Object> result = new HashMap<>();
57   - result.put("status", ResponseCode.ERROR);
58   - result.put("msg", "未授权的访问");
59   - response.setContentType("text/html;charset=utf-8");
60   - response.getWriter().write(mapper.writeValueAsString(result));
61   - return;
62   - }
63   - }
64   -
65   - chain.doFilter(request, response);
66   - }
67   -
68   - protected boolean isPubURL(String url) {
69   - for (String pubUrl : pubUrls) {
70   - if (url.startsWith(pubUrl)) {
71   - return true;
72   - }
73   - }
74   -
75   - return false;
76   - }
77   -}
  1 +package com.bsth.filter;
  2 +
  3 +import com.bsth.common.Constants;
  4 +import com.bsth.common.ResponseCode;
  5 +import com.bsth.data.SystemParamCache;
  6 +import com.fasterxml.jackson.databind.ObjectMapper;
  7 +import org.slf4j.Logger;
  8 +import org.slf4j.LoggerFactory;
  9 +
  10 +import javax.servlet.*;
  11 +import javax.servlet.http.HttpServletRequest;
  12 +import javax.servlet.http.HttpServletResponse;
  13 +import java.io.IOException;
  14 +import java.util.HashMap;
  15 +import java.util.Map;
  16 +import java.util.Set;
  17 +
  18 +/**
  19 + * 权限过滤器
  20 + * @author Hill
  21 + */
  22 +public class AuthorityFilter extends BaseFilter {
  23 +
  24 + Logger logger = LoggerFactory.getLogger(this.getClass());
  25 +
  26 + private ObjectMapper mapper = new ObjectMapper();
  27 +
  28 + private final String rootUri = "/";
  29 +
  30 + private final String scheduleReferer = "/real_control/v2";
  31 +
  32 + private String[] pubUrls = new String[]{ "/sockjs/", "/pages/", "/error", "/dictionary/all", "/user/isWeakCipher", "/user/isRealName", "/user/currentUser", "/user/companyData", "/module/findByCurrentUser", "/eci/validate_get_destroy_info", "/business", "/personnel/all_py", "/companyAuthority/all", "/line/all", "/basic/refresh_person_data", "/downloadFile", "/report/lineList", "/adminUtils", "/metronic_v4.5.4", "/assets" };
  33 +
  34 + @Override
  35 + public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
  36 + if (!SystemParamCache.getEnableFilterAuthority()) {
  37 + chain.doFilter(request, response);
  38 + return;
  39 + }
  40 +
  41 + String uri = request.getRequestURI(), referer = request.getHeader("Referer");
  42 + Set<String> links = (Set<String>) request.getSession().getAttribute(Constants.RESOURCE_AUTHORITYS);
  43 + if (rootUri.equals(uri) || (referer != null && referer.indexOf(scheduleReferer) > 0) || isPubURL(uri)) {
  44 + chain.doFilter(request, response);
  45 + return;
  46 + }
  47 + if (links != null) {
  48 + boolean matched = false;
  49 + for (String link : links) {
  50 + if (uri.startsWith(link)) {
  51 + matched = true;
  52 + break;
  53 + }
  54 + }
  55 + if (!matched) {
  56 + Map<String, Object> result = new HashMap<>();
  57 + result.put("status", ResponseCode.ERROR);
  58 + result.put("msg", "未授权的访问");
  59 + response.setContentType("text/html;charset=utf-8");
  60 + response.getWriter().write(mapper.writeValueAsString(result));
  61 + return;
  62 + }
  63 + }
  64 +
  65 + chain.doFilter(request, response);
  66 + }
  67 +
  68 + protected boolean isPubURL(String url) {
  69 + for (String pubUrl : pubUrls) {
  70 + if (url.startsWith(pubUrl)) {
  71 + return true;
  72 + }
  73 + }
  74 +
  75 + return false;
  76 + }
  77 +}
... ...