| | |
|---|
| | | public void pointCut() { |
|---|
| | | } |
|---|
| | | |
|---|
| | | private final static String ADMIN = "c3284d0f94606de1fd2af172aba15bf3"; |
|---|
| | | |
|---|
| | | |
|---|
| | | @Resource |
|---|
| | | private UserService userService; |
|---|
| | | |
|---|
| | |
|---|
| | | @SneakyThrows |
|---|
| | | @Before("pointCut()") |
|---|
| | | public void before(JoinPoint joinPoint) { |
|---|
| | | Class<?> clazz = joinPoint.getTarget().getClass(); |
|---|
| | | String clazzName = joinPoint.getTarget().getClass().getName(); |
|---|
| | | // 获取访问的方法名 |
|---|
| | | String methodName = joinPoint.getSignature().getName(); |
|---|
| | | // 获取方法所有参数及其类型 |
|---|
| | | Class[] argClz = ((MethodSignature) joinPoint.getSignature()).getParameterTypes(); |
|---|
| | | // 获取访问的方法对象 |
|---|
| | | Method method = clazz.getDeclaredMethod(methodName, argClz); |
|---|
| | | //获取类上请求地址 |
|---|
| | | RequestMapping annotation = clazz.getAnnotation(RequestMapping.class); |
|---|
| | | StringBuilder builder = new StringBuilder(); |
|---|
| | | String apiInfo=null; |
|---|
| | | builder.append(annotation.value()[0]); |
|---|
| | | //获取方法上注解 |
|---|
| | | if (method.isAnnotationPresent(PostMapping.class)) { |
|---|
| | | PostMapping post = method.getAnnotation(PostMapping.class); |
|---|
| | | builder.append(post.value()[0]); |
|---|
| | | } |
|---|
| | | if (method.isAnnotationPresent(GetMapping.class)) { |
|---|
| | | GetMapping get = method.getAnnotation(GetMapping.class); |
|---|
| | | builder.append(get.value()[0]); |
|---|
| | | } |
|---|
| | | if (method.isAnnotationPresent(DeleteMapping.class)) { |
|---|
| | | DeleteMapping delete = method.getAnnotation(DeleteMapping.class); |
|---|
| | | builder.append(delete.value()[0]); |
|---|
| | | } |
|---|
| | | if (method.isAnnotationPresent(PutMapping.class)) { |
|---|
| | | PutMapping put = method.getAnnotation(PutMapping.class); |
|---|
| | | builder.append(put.value()[0]); |
|---|
| | | } |
|---|
| | | if (method.isAnnotationPresent(ApiOperation.class)) { |
|---|
| | | ApiOperation api = method.getAnnotation(ApiOperation.class); |
|---|
| | | apiInfo=api.value(); |
|---|
| | | } |
|---|
| | | HttpServletRequest request = ServletUtils.getRequest(); |
|---|
| | | Map<String, Object> userInfo = userService.getUserInfo(request.getHeader("X-Token")); |
|---|
| | | if(Objects.nonNull(userInfo)){ |
|---|
| | | String roleId = String.valueOf(userInfo.get("roleId")); |
|---|
| | | Map<String, Object> urlType = roleService.getUrlType(builder.toString()); |
|---|
| | | log.info("拦截请求----------------》"+builder); |
|---|
| | | boolean b = roleService.hasUrl(String.valueOf(urlType.get("type")), String.valueOf(urlType.get("menuId")), roleId); |
|---|
| | | if(!b){ |
|---|
| | | log.warn("用户/id:"+userInfo.get("name")+"/"+userInfo.get("id")+"---------权限不足,已拦截!"); |
|---|
| | | //throw new AuthException("400","无权限"); |
|---|
| | | } |
|---|
| | | }else { |
|---|
| | | throw new AuthException("401","登陆过期"); |
|---|
| | | if (Objects.nonNull(userInfo)) { |
|---|
| | | if (Objects.equals(userInfo.get("sessionLayerId"), ADMIN)) { |
|---|
| | | log.info("超级管理员,无需拦截!"); |
|---|
| | | return; |
|---|
| | | } |
|---|
| | | Class<?> clazz = joinPoint.getTarget().getClass(); |
|---|
| | | String clazzName = joinPoint.getTarget().getClass().getName(); |
|---|
| | | // 获取访问的方法名 |
|---|
| | | String methodName = joinPoint.getSignature().getName(); |
|---|
| | | // 获取方法所有参数及其类型 |
|---|
| | | Class[] argClz = ((MethodSignature) joinPoint.getSignature()).getParameterTypes(); |
|---|
| | | // 获取访问的方法对象 |
|---|
| | | Method method = clazz.getDeclaredMethod(methodName, argClz); |
|---|
| | | //获取类上请求地址 |
|---|
| | | RequestMapping annotation = clazz.getAnnotation(RequestMapping.class); |
|---|
| | | StringBuilder builder = new StringBuilder(); |
|---|
| | | String apiInfo = null; |
|---|
| | | builder.append(annotation.value()[0]); |
|---|
| | | //获取方法上注解 |
|---|
| | | if (method.isAnnotationPresent(PostMapping.class)) { |
|---|
| | | PostMapping post = method.getAnnotation(PostMapping.class); |
|---|
| | | builder.append(post.value()[0]); |
|---|
| | | } |
|---|
| | | if (method.isAnnotationPresent(GetMapping.class)) { |
|---|
| | | GetMapping get = method.getAnnotation(GetMapping.class); |
|---|
| | | builder.append(get.value()[0]); |
|---|
| | | } |
|---|
| | | if (method.isAnnotationPresent(DeleteMapping.class)) { |
|---|
| | | DeleteMapping delete = method.getAnnotation(DeleteMapping.class); |
|---|
| | | builder.append(delete.value()[0]); |
|---|
| | | } |
|---|
| | | if (method.isAnnotationPresent(PutMapping.class)) { |
|---|
| | | PutMapping put = method.getAnnotation(PutMapping.class); |
|---|
| | | builder.append(put.value()[0]); |
|---|
| | | } |
|---|
| | | if (method.isAnnotationPresent(ApiOperation.class)) { |
|---|
| | | ApiOperation api = method.getAnnotation(ApiOperation.class); |
|---|
| | | apiInfo = api.value(); |
|---|
| | | } |
|---|
| | | String roleId = String.valueOf(userInfo.get("roleId")); |
|---|
| | | Map<String, Object> urlType = roleService.getUrlType(builder.toString()); |
|---|
| | | log.info("拦截请求----------------》" + builder); |
|---|
| | | boolean b = roleService.hasUrl(String.valueOf(urlType.get("type")), String.valueOf(urlType.get("menuId")), roleId); |
|---|
| | | if (!b) { |
|---|
| | | log.warn("用户/id:" + userInfo.get("name") + "/" + userInfo.get("id") + "---------权限不足,已拦截!"); |
|---|
| | | throw new AuthException("400","无权限"); |
|---|
| | | } |
|---|
| | | } else { |
|---|
| | | throw new AuthException("401", "登陆过期!"); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | } |
|---|
