潘钊 / bsth_control · Commits

Commit baeb60fca9ac09a42f1dfa23779321af892e96a1

Authored by 王通
1 parent 3e684046
build: skipped

1.3月31日更新

Inline Side-by-side
Showing 1 changed file with 77 additions and 77 deletions
src/main/java/com/bsth/filter/AuthorityFilter.java
  View file @baeb60f
1 -package com.bsth.filter;  
2 -  
3 -import com.bsth.common.Constants;  
4 -import com.bsth.common.ResponseCode;  
5 -import com.bsth.data.SystemParamCache;  
6 -import com.fasterxml.jackson.databind.ObjectMapper;  
7 -import org.slf4j.Logger;  
8 -import org.slf4j.LoggerFactory;  
9 -  
10 -import javax.servlet.*;  
11 -import javax.servlet.http.HttpServletRequest;  
12 -import javax.servlet.http.HttpServletResponse;  
13 -import java.io.IOException;  
14 -import java.util.HashMap;  
15 -import java.util.Map;  
16 -import java.util.Set;  
17 -  
18 -/**  
19 - * 权限过滤器  
20 - * @author Hill  
21 - */  
22 -public class AuthorityFilter extends BaseFilter {  
23 -  
24 - Logger logger = LoggerFactory.getLogger(this.getClass());  
25 -  
26 - private ObjectMapper mapper = new ObjectMapper();  
27 -  
28 - private final String rootUri = "/";  
29 -  
30 - private final String scheduleReferer = "/real_control/v2";  
31 -  
32 - private String[] pubUrls = new String[]{ "/sockjs/", "/pages/", "/error", "/dictionary/all", "/user/isWeakCipher", "/user/isRealName", "/user/currentUser", "/user/companyData", "/module/findByCurrentUser", "/eci/validate_get_destroy_info", "/business", "/personnel/all_py", "/companyAuthority/all", "/line/all", "/basic/refresh_person_data", "/downloadFile", "/report/lineList" };  
33 -  
34 - @Override  
35 - public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {  
36 - if (!SystemParamCache.getEnableFilterAuthority()) {  
37 - chain.doFilter(request, response);  
38 - return;  
39 - }  
40 -  
41 - String uri = request.getRequestURI(), referer = request.getHeader("Referer");  
42 - Set<String> links = (Set<String>) request.getSession().getAttribute(Constants.RESOURCE_AUTHORITYS);  
43 - if (rootUri.equals(uri) || (referer != null && referer.indexOf(scheduleReferer) > 0) || isPubURL(uri)) {  
44 - chain.doFilter(request, response);  
45 - return;  
46 - }  
47 - if (links != null) {  
48 - boolean matched = false;  
49 - for (String link : links) {  
50 - if (uri.startsWith(link)) {  
51 - matched = true;  
52 - break;  
53 - }  
54 - }  
55 - if (!matched) {  
56 - Map<String, Object> result = new HashMap<>();  
57 - result.put("status", ResponseCode.ERROR);  
58 - result.put("msg", "未授权的访问");  
59 - response.setContentType("text/html;charset=utf-8");  
60 - response.getWriter().write(mapper.writeValueAsString(result));  
61 - return;  
62 - }  
63 - }  
64 -  
65 - chain.doFilter(request, response);  
66 - }  
67 -  
68 - protected boolean isPubURL(String url) {  
69 - for (String pubUrl : pubUrls) {  
70 - if (url.startsWith(pubUrl)) {  
71 - return true;  
72 - }  
73 - }  
74 -  
75 - return false;  
76 - }  
77 -} 1 +package com.bsth.filter;
  2 +
  3 +import com.bsth.common.Constants;
  4 +import com.bsth.common.ResponseCode;
  5 +import com.bsth.data.SystemParamCache;
  6 +import com.fasterxml.jackson.databind.ObjectMapper;
  7 +import org.slf4j.Logger;
  8 +import org.slf4j.LoggerFactory;
  9 +
  10 +import javax.servlet.*;
  11 +import javax.servlet.http.HttpServletRequest;
  12 +import javax.servlet.http.HttpServletResponse;
  13 +import java.io.IOException;
  14 +import java.util.HashMap;
  15 +import java.util.Map;
  16 +import java.util.Set;
  17 +
  18 +/**
  19 + * 权限过滤器
  20 + * @author Hill
  21 + */
  22 +public class AuthorityFilter extends BaseFilter {
  23 +
  24 + Logger logger = LoggerFactory.getLogger(this.getClass());
  25 +
  26 + private ObjectMapper mapper = new ObjectMapper();
  27 +
  28 + private final String rootUri = "/";
  29 +
  30 + private final String scheduleReferer = "/real_control/v2";
  31 +
  32 + private String[] pubUrls = new String[]{ "/sockjs/", "/pages/", "/error", "/dictionary/all", "/user/isWeakCipher", "/user/isRealName", "/user/currentUser", "/user/companyData", "/module/findByCurrentUser", "/eci/validate_get_destroy_info", "/business", "/personnel/all_py", "/companyAuthority/all", "/line/all", "/basic/refresh_person_data", "/downloadFile", "/report/lineList", "/adminUtils", "/metronic_v4.5.4", "/assets" };
  33 +
  34 + @Override
  35 + public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
  36 + if (!SystemParamCache.getEnableFilterAuthority()) {
  37 + chain.doFilter(request, response);
  38 + return;
  39 + }
  40 +
  41 + String uri = request.getRequestURI(), referer = request.getHeader("Referer");
  42 + Set<String> links = (Set<String>) request.getSession().getAttribute(Constants.RESOURCE_AUTHORITYS);
  43 + if (rootUri.equals(uri) || (referer != null && referer.indexOf(scheduleReferer) > 0) || isPubURL(uri)) {
  44 + chain.doFilter(request, response);
  45 + return;
  46 + }
  47 + if (links != null) {
  48 + boolean matched = false;
  49 + for (String link : links) {
  50 + if (uri.startsWith(link)) {
  51 + matched = true;
  52 + break;
  53 + }
  54 + }
  55 + if (!matched) {
  56 + Map<String, Object> result = new HashMap<>();
  57 + result.put("status", ResponseCode.ERROR);
  58 + result.put("msg", "未授权的访问");
  59 + response.setContentType("text/html;charset=utf-8");
  60 + response.getWriter().write(mapper.writeValueAsString(result));
  61 + return;
  62 + }
  63 + }
  64 +
  65 + chain.doFilter(request, response);
  66 + }
  67 +
  68 + protected boolean isPubURL(String url) {
  69 + for (String pubUrl : pubUrls) {
  70 + if (url.startsWith(pubUrl)) {
  71 + return true;
  72 + }
  73 + }
  74 +
  75 + return false;
  76 + }
  77 +}