4

hao

2025-04-16 c5fb1fbcbb2bf4d511773d348f9ef625855c61fc

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
package com.app.config.interceptor;
 
import java.lang.reflect.Method;
import java.util.Date;
import java.util.Map;
 
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
 
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
 
import com.alibaba.fastjson.JSON;
import com.app.aspect.IpUtil;
import com.app.config.annotation.PassToken;
import com.app.config.annotation.UserLoginToken;
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTDecodeException;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.system.log.entity.SysLog;
import com.system.log.service.SysLogService;
import com.system.user.dao.SysUserDao;
import com.system.user.entity.SysUser;
 
 
/**
 * @author jinbin
 * @date 2018-07-08 20:41
 */
public class AuthenticationInterceptor implements HandlerInterceptor {
    @Autowired
    private SysUserDao sysUserDao;
 
    @Override
    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object object) throws Exception {
       try{
           String token = httpServletRequest.getHeader("X-Token");// 从 http 请求头中取出 token
           // 如果不是映射到方法直接通过
           if(!(object instanceof HandlerMethod)){
               return true;
           }
           HandlerMethod handlerMethod=(HandlerMethod)object;
           Method method=handlerMethod.getMethod();
           //检查是否有passtoken注释，有则跳过认证
           if (method.isAnnotationPresent(PassToken.class)) {
               PassToken passToken = method.getAnnotation(PassToken.class);
               if (passToken.required()) {
                   return true;
               }
           }
           //检查有没有需要用户权限的注解
           if (method.isAnnotationPresent(UserLoginToken.class)) {
               UserLoginToken userLoginToken = method.getAnnotation(UserLoginToken.class);
               if (userLoginToken.required()) {
                   // 执行认证
                   if (token == null) {
                       throw new RuntimeException("无token，请重新登录");
                   }
                   // 获取 token 中的 user id
                   String userCode;
                   try {
                       userCode = JWT.decode(token).getAudience().get(0);
                   } catch (JWTDecodeException j) {
                       throw new RuntimeException("401");
                   }
//                   SysUser user = sysUserDao.findByIsDelAndUserCode(0, userCode);
                   SysUser user = sysUserDao.findByFcode(userCode);
                   if (user == null) {
                       throw new RuntimeException("用户不存在，请重新登录");
                   }
                   // 验证 token
//                   JWTVerifier jwtVerifier = JWT.require(Algorithm.HMAC256(user.getUserPassword())).build();
                   JWTVerifier jwtVerifier = JWT.require(Algorithm.HMAC256(user.getFpassword())).build();
                   try {
                       jwtVerifier.verify(token);
                   } catch (JWTVerificationException e) {
                       throw new RuntimeException("401");
                   }
   /*                
                   //开始保存请求日志
                   //保存日志
                   SysLog sysLog = new SysLog();
                   //获取请求的类名
                  // String className = joinPoint.getTarget().getClass().getName();
 
                   //获取请求的方法名
                   String methodName = method.getName();
                   sysLog.setMethod( methodName);
 
                   //请求的参数
                  // Object[] args = joinPoint.getArgs();
                   Map<String,String[]> args = httpServletRequest.getParameterMap();
                   //将参数所在的数组转换成json
                   String params = JSON.toJSONString(args);
                   sysLog.setParams(params);
 
                   sysLog.setCreatedTime(new Date());
                   
                   //获取用户名
                   sysLog.setUsername(userCode);
                   //获取用户ip地址
                   sysLog.setIp(IpUtil.getIpAddr(httpServletRequest));
 
                   //调用service保存SysLog实体类到数据库
                   try {
                       sysLogService.add(sysLog);
                   } catch (Exception e) {
                       // TODO Auto-generated catch block
                       e.printStackTrace();
                       System.out.println(e.toString());
                   }
                   //--end
   */                return true;
               }
           }
           return true;
       }catch(Exception e){
           return true;
       }
        
    }
 
    @Override
    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
 
    }
    @Override
    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
 
    }
}