Skip to content

Pig
Pig

pig_冷冷 / Pig
上一次同步 10 个月

通知 3
Star 1
Fork 0
Pig
Pig

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

源分支
选择Git版本
...
目标分支
选择Git版本
 
Commits (3)
    https://gitcode.net/qq_16063307/pig/-/commit/e427126bcc4199f7ac95090b1287c82ef7ba0f4b :recycle: PigSecurityInnerAspect使用前置通知替代环绕通知 2023-07-26T11:03:37+08:00 knight lixiao@neuro-touch.com https://gitcode.net/qq_16063307/pig/-/commit/29840e449fa2964dc8169662b82b1778f05fee39 @Inner在类上时,inner为空。必须获取类上的 2023-07-28T15:06:19+08:00 zhangxinjie zhangxinjie@cangoonline.com https://gitcode.net/qq_16063307/pig/-/commit/7e5bef3b42c9a0487d066f16761d5deeecc7846e !384 @Inner在类上时,inner为空。必须获取类上的 2023-07-28T07:25:56+00:00 lengleng wangiegie@gmail.com Merge pull request !384 from 三斤/master
隐藏空白更改
内联 并排
Showing with 9 addition and 12 deletion
pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigSecurityInnerAspect.java
浏览文件 @ 7e5bef3b
......@@ -16,15 +16,14 @@
package com.pig4cloud.pig.common.security.component;
import cn.hutool.core.util.StrUtil;
import com.pig4cloud.pig.common.core.constant.SecurityConstants;
import com.pig4cloud.pig.common.security.annotation.Inner;
import lombok.RequiredArgsConstructor;
import lombok.SneakyThrows;
import lombok.extern.slf4j.Slf4j;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.security.access.AccessDeniedException;
......@@ -34,7 +33,7 @@ import javax.servlet.http.HttpServletRequest;
/**
* @author lengleng
* @date 2022-06-04
*
* <p>
* 服务间接口不鉴权处理逻辑
*/
@Slf4j
......@@ -45,20 +44,18 @@ public class PigSecurityInnerAspect implements Ordered {
private final HttpServletRequest request;
@SneakyThrows
@Around("@within(inner) || @annotation(inner)")
public Object around(ProceedingJoinPoint point, Inner inner) {
@Before("@within(inner) || @annotation(inner)")
public void around(JoinPoint point, Inner inner) {
// 实际注入的inner实体由表达式后一个注解决定,即是方法上的@Inner注解实体,若方法上无@Inner注解,则获取类上的
// 这段代码没有意义,拦截的就是@Inner注解,怎么会为null呢
// if (inner == null) {
// Class<?> clazz = point.getTarget().getClass();
// inner = AnnotationUtils.findAnnotation(clazz, Inner.class);
// }
if (inner == null) {
Class<?> clazz = point.getTarget().getClass();
inner = AnnotationUtils.findAnnotation(clazz, Inner.class);
}
String header = request.getHeader(SecurityConstants.FROM);
if (inner.value() && !SecurityConstants.FROM_IN.equals(header)) {
log.warn("访问接口 {} 没有权限", point.getSignature().getName());
throw new AccessDeniedException("Access is denied");
}
return point.proceed();
}
@Override
......