|
|
@@ -33,40 +33,40 @@ public class UrlAccessDecisionManager implements AccessDecisionManager {
|
|
|
|
|
|
@Override
|
|
|
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
|
|
|
-// HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
|
|
|
-// String url, method;
|
|
|
-// if (matchPermitAllUrl(request)) {
|
|
|
-// return;
|
|
|
-// }
|
|
|
-// if ("anonymousUser".equals(authentication.getPrincipal())) {
|
|
|
-// throw new AccessDeniedException("no right");
|
|
|
-// } else {
|
|
|
-// //验证token有效性
|
|
|
-// String tokenStr = HttpUtils.getHeaders(request).get("Authorization");
|
|
|
-// if (StringUtil.isNotEmpty(tokenStr)) {
|
|
|
-// Token token = new Token();
|
|
|
-// tokenStr = tokenStr.replaceFirst("Bearer ", "");
|
|
|
-// token.setToken(tokenStr);
|
|
|
-// RespDTO<Boolean> res = userServiceClient.verifyToken(token);
|
|
|
-// if (res == null || !CommonErrorCode.OK.getCode().equals(res.code)) {
|
|
|
-// throw new AccountExpiredException("token expire");
|
|
|
-// }
|
|
|
-// if (!res.data) {
|
|
|
-// throw new AccountExpiredException("token expire");
|
|
|
-// }
|
|
|
-// }
|
|
|
-// for (GrantedAuthority ga : authentication.getAuthorities()) {
|
|
|
-// String[] authority = ga.getAuthority().split(";");
|
|
|
-// url = authority[0];
|
|
|
-// method = authority[1];
|
|
|
-// if (matchers(url, request)) {
|
|
|
-// if (method.equals(request.getMethod()) || "ALL".equals(method)) {
|
|
|
-// return;
|
|
|
-// }
|
|
|
-// }
|
|
|
-// }
|
|
|
-// }
|
|
|
-// throw new AccessDeniedException("no right");
|
|
|
+ HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
|
|
|
+ String url, method;
|
|
|
+ if (matchPermitAllUrl(request)) {
|
|
|
+ return;
|
|
|
+ }
|
|
|
+ if ("anonymousUser".equals(authentication.getPrincipal())) {
|
|
|
+ throw new AccessDeniedException("no right");
|
|
|
+ } else {
|
|
|
+ //验证token有效性
|
|
|
+ String tokenStr = HttpUtils.getHeaders(request).get("Authorization");
|
|
|
+ if (StringUtil.isNotEmpty(tokenStr)) {
|
|
|
+ Token token = new Token();
|
|
|
+ tokenStr = tokenStr.replaceFirst("Bearer ", "");
|
|
|
+ token.setToken(tokenStr);
|
|
|
+ RespDTO<Boolean> res = userServiceClient.verifyToken(token);
|
|
|
+ if (res == null || !CommonErrorCode.OK.getCode().equals(res.code)) {
|
|
|
+ throw new AccountExpiredException("token expire");
|
|
|
+ }
|
|
|
+ if (!res.data) {
|
|
|
+ throw new AccountExpiredException("token expire");
|
|
|
+ }
|
|
|
+ }
|
|
|
+ for (GrantedAuthority ga : authentication.getAuthorities()) {
|
|
|
+ String[] authority = ga.getAuthority().split(";");
|
|
|
+ url = authority[0];
|
|
|
+ method = authority[1];
|
|
|
+ if (matchers(url, request)) {
|
|
|
+ if (method.equals(request.getMethod()) || "ALL".equals(method)) {
|
|
|
+ return;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+ throw new AccessDeniedException("no right");
|
|
|
}
|
|
|
|
|
|
|
gaodm