搜索查询

+package com.tianbo.warehouse.annotation;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Retention(RetentionPolicy.RUNTIME)
+@Target(ElementType.METHOD)
+public @interface RequestRequire {
+    /**
+     * 请求当前接口所需要的参数,多个以小写的逗号隔开
+     * @return
+     */
+    public String require() default "";
+
+    /**
+     *传递参数的对象类型
+     */
+    public Class<?> parameter() default Object.class;
+}

+package com.tianbo.warehouse.annotation;
+
+import org.apache.commons.lang.StringUtils;
+import org.aspectj.lang.ProceedingJoinPoint;
+import org.aspectj.lang.annotation.Around;
+import org.aspectj.lang.annotation.Aspect;
+import org.aspectj.lang.annotation.Pointcut;
+import org.aspectj.lang.reflect.MethodSignature;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint;
+import org.springframework.stereotype.Component;
+
+import java.lang.reflect.Field;
+import java.lang.reflect.Method;
+
+/**
+ * controller层增强类，用于检测字符参数为空的情况，为空如""和null 都返回Null，为以后逻辑适配用
+ * @author mrz
+ * @date 9:52 2019/04/15
+ * @params pjp
+ * @throws
+ * @return java.lang.Object
+ **/
+@Component
+@Aspect
+public class RequestRequireAOP {
+
+    private static final Logger logger = LoggerFactory.getLogger(RequestRequireAOP.class);
+
+    static final String split = ",";
+
+    @Pointcut("@annotation(com.tianbo.warehouse.annotation.RequestRequire)")
+    public void controllerInteceptor() {
+
+    }
+
+    @Around("controllerInteceptor()")
+    public Object around(ProceedingJoinPoint pjp) throws Throwable {
+
+        // 获取注解的方法参数列表
+        Object[] args = pjp.getArgs();
+
+        // 获取被注解的方法
+        MethodInvocationProceedingJoinPoint mjp = (MethodInvocationProceedingJoinPoint) pjp;
+        MethodSignature signature = (MethodSignature) mjp.getSignature();
+        Method method = signature.getMethod();
+
+        // 获取方法上的注解
+        RequestRequire require = method.getAnnotation(RequestRequire.class);
+
+        for(int i =0;i<args.length; i++){
+            //class相等表示是同一个对象
+            if (args[i].getClass().getName().equals("java.lang.String")) {
+
+                    if (null==args[i] || ((String)args[i]).isEmpty()){
+                        args[i] = null;
+                    }
+            }
+        }
+
+        // 如果没有报错，放行
+        return pjp.proceed(args);
+    }
+}

@@ -2,6 +2,7 @@ package com.tianbo.warehouse.controller;
 
 
 import com.github.pagehelper.PageInfo;
 import com.github.pagehelper.PageInfo;
 import com.tianbo.warehouse.annotation.LogAnnotation;
 import com.tianbo.warehouse.annotation.LogAnnotation;
+import com.tianbo.warehouse.annotation.RequestRequire;
 import com.tianbo.warehouse.annotation.UserPasswordMd5;
 import com.tianbo.warehouse.annotation.UserPasswordMd5;
 import com.tianbo.warehouse.controller.response.ResultJson;
 import com.tianbo.warehouse.controller.response.ResultJson;
 import com.tianbo.warehouse.model.USERS;
 import com.tianbo.warehouse.model.USERS;
@@ -32,6 +33,7 @@ public class UserController {
     @ApiOperation(value = "查询用户列表及信息", notes = "查询用户列表及单个用户信息")
     @ApiOperation(value = "查询用户列表及信息", notes = "查询用户列表及单个用户信息")
     @ApiImplicitParams({@ApiImplicitParam(name = "pageNum", value = "分页-当前页", required = false, dataType = "int",defaultValue = "1"),
     @ApiImplicitParams({@ApiImplicitParam(name = "pageNum", value = "分页-当前页", required = false, dataType = "int",defaultValue = "1"),
             @ApiImplicitParam(name = "pageSize", value = "分页-每页显示多少条", required = false, dataType = "int",defaultValue = "5")})
             @ApiImplicitParam(name = "pageSize", value = "分页-每页显示多少条", required = false, dataType = "int",defaultValue = "5")})
+    @RequestRequire()
     @GetMapping("/list")
     @GetMapping("/list")
     public PageInfo<USERS> list(@RequestParam(value = "pageNum",required = false,defaultValue = "1")
     public PageInfo<USERS> list(@RequestParam(value = "pageNum",required = false,defaultValue = "1")
                                         int pageNum,
                                         int pageNum,
@@ -41,9 +43,6 @@ public class UserController {
                                 @RequestParam(value = "realname",required = false) String realname)
                                 @RequestParam(value = "realname",required = false) String realname)
     {
     {
         USERS user = new USERS();
         USERS user = new USERS();
-        //前端input传过来的为空，需要判断下
-        username = username.isEmpty()?null:username;
-        realname = realname.isEmpty()?null:realname;
         user.setUsername(username);
         user.setUsername(username);
         user.setRealname(realname);
         user.setRealname(realname);
         return userService.selectAllUser(pageNum,pageSize,user);
         return userService.selectAllUser(pageNum,pageSize,user);

@@ -2,11 +2,8 @@ package com.tianbo.warehouse.security.config;
 
 
 import com.netflix.discovery.converters.Auto;
 import com.netflix.discovery.converters.Auto;
 import com.tianbo.warehouse.security.CustomUserDetailService;
 import com.tianbo.warehouse.security.CustomUserDetailService;
-import com.tianbo.warehouse.security.handel.MyAuthenticationAccessDeniedHandler;
-import com.tianbo.warehouse.security.handel.MyAuthenticationFailHandler;
-import com.tianbo.warehouse.security.handel.MyAuthenticationSuccessHandler;
+import com.tianbo.warehouse.security.handel.*;
 import com.tianbo.warehouse.security.MyFilterSecurityInterceptor;
 import com.tianbo.warehouse.security.MyFilterSecurityInterceptor;
-import com.tianbo.warehouse.security.handel.MyLogoutSuccessHandler;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Configuration;
@@ -50,6 +47,9 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
     @Autowired
     @Autowired
     private MyLogoutSuccessHandler myLogoutSuccessHandler;
     private MyLogoutSuccessHandler myLogoutSuccessHandler;
 
 
+    @Autowired
+    private MyAuthenticationEntryPoint authenticationEntryPoint;
+
     @Override
     @Override
     protected void configure(AuthenticationManagerBuilder  auth) throws Exception {
     protected void configure(AuthenticationManagerBuilder  auth) throws Exception {
         //user Details Service验证
         //user Details Service验证
@@ -90,7 +90,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
                 .permitAll()
                 .permitAll()
 //                .successForwardUrl("/main")
 //                .successForwardUrl("/main")
                 .and()
                 .and()
-                .exceptionHandling().accessDeniedHandler(myAuthenticationAccessDeniedHandler)
+                .exceptionHandling().authenticationEntryPoint(authenticationEntryPoint).accessDeniedHandler(myAuthenticationAccessDeniedHandler)
                 .and()
                 .and()
                 .logout()
                 .logout()
                 .logoutSuccessUrl("/?logout=true")
                 .logoutSuccessUrl("/?logout=true")

 package com.tianbo.warehouse.security.handel;
 package com.tianbo.warehouse.security.handel;
 
 
+import org.springframework.core.annotation.Order;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.web.access.AccessDeniedHandler;
 import org.springframework.security.web.access.AccessDeniedHandler;
 import org.springframework.stereotype.Component;
 import org.springframework.stereotype.Component;
@@ -15,6 +16,7 @@ import java.io.PrintWriter;
  * AccessDeineHandler 用来解决认证过的用户访问无权限资源时的异常
  * AccessDeineHandler 用来解决认证过的用户访问无权限资源时的异常
  */
  */
 @Component
 @Component
+@Order(1)
 public class MyAuthenticationAccessDeniedHandler implements AccessDeniedHandler{
 public class MyAuthenticationAccessDeniedHandler implements AccessDeniedHandler{
 
 
     @Override
     @Override

 package com.tianbo.warehouse.security.handel;
 package com.tianbo.warehouse.security.handel;
 
 
+import com.alibaba.fastjson.JSONObject;
+import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
 
 
-/**实现AuthenticationEntryPoint接口
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.io.PrintWriter;
+
+/**
+ *实现AuthenticationEntryPoint接口
  * AuthenticationEntryPoint 用来解决匿名用户访问无权限资源时的异常
  * AuthenticationEntryPoint 用来解决匿名用户访问无权限资源时的异常
  * AccessDeineHandler 用来解决认证过的用户访问无权限资源时的异常
  * AccessDeineHandler 用来解决认证过的用户访问无权限资源时的异常
  */
  */
-public class MyAuthenticationEntryPoint {
-//    response.setCharacterEncoding("utf-8");
-//        response.setContentType("text/javascript;charset=utf-8");
-//        response.getWriter().print(JSONObject.toJSONString(RestMsg.error("没有访问权限!")));
+@Component
+public class MyAuthenticationEntryPoint implements  AuthenticationEntryPoint{
+
+    @Override
+    public void commence(HttpServletRequest request,
+                         HttpServletResponse response,
+                         AuthenticationException authException) throws IOException, ServletException{
+//        response.setContentType("application/json;charset=utf-8");
+//        PrintWriter out = response.getWriter();
+//        StringBuffer sb = new StringBuffer();
+//        sb.append("{\"status\":\"error\",\"msg\":\"");
+//
+//        sb.append("未登陆!");
+//
+//        sb.append("\"}");
+//        out.write(sb.toString());
+//        out.flush();
+//        out.close();
+
+        response.setCharacterEncoding("utf-8");
+        response.setContentType("application/json;charset=utf-8");
+        response.sendError(401,"未登陆");
+//        response.getWriter().print(JSONObject.toJSONString(Status.error("没有访问权限!")));
+
+    }
+
 
 
 }
 }

@@ -51,6 +51,8 @@ public class MyAuthenticationSuccessHandler extends SavedRequestAwareAuthenticat
             response.setContentType("application/json;charset=UTF-8");
             response.setContentType("application/json;charset=UTF-8");
             response.setHeader("Access-Control-Allow-Origin","*");
             response.setHeader("Access-Control-Allow-Origin","*");
             USERS loginedUser = (USERS) authentication.getPrincipal();
             USERS loginedUser = (USERS) authentication.getPrincipal();
+            //返回前端的数据安全起见把password去掉
+            loginedUser.setPassword(null);
             Map<String,Object> menuMap =  permissionService.getUserMenus(loginedUser.getUserId());
             Map<String,Object> menuMap =  permissionService.getUserMenus(loginedUser.getUserId());
             response.getWriter().write(objectMapper.writeValueAsString(new AuthSuccessResponse(authentication,menuMap)));
             response.getWriter().write(objectMapper.writeValueAsString(new AuthSuccessResponse(authentication,menuMap)));
         }else {
         }else {