diff --git a/src/main/java/com/easysoftware/common/account/UserPermission.java b/src/main/java/com/easysoftware/common/account/UserPermission.java index e6e3356f2dae6a7f2e101f7cb6f7fc5197139e28..e9e2666a9e60f53c32aedb8b442da300865eed33 100644 --- a/src/main/java/com/easysoftware/common/account/UserPermission.java +++ b/src/main/java/com/easysoftware/common/account/UserPermission.java @@ -8,6 +8,8 @@ import com.easysoftware.common.utils.ObjectMapperUtil; import com.fasterxml.jackson.databind.JsonNode; import jakarta.servlet.http.Cookie; import jakarta.servlet.http.HttpServletRequest; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; import org.springframework.web.context.request.RequestContextHolder; @@ -21,6 +23,11 @@ import java.util.Optional; @Component public class UserPermission { + /** + * Logger for UserPermission. + */ + private static final Logger LOGGER = LoggerFactory.getLogger(UserPermission.class); + /** * Value injected for the manage token API. */ @@ -64,6 +71,7 @@ public class UserPermission { String resCode = resJson.get("code").asText(); // 查询权限失败 if (!"200".equals(resCode)) { + LOGGER.error("query user permissions failed"); throw new HttpRequestException("query user permissions failed"); } @@ -100,12 +108,15 @@ public class UserPermission { ServletRequestAttributes servletRequestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes(); if (Objects.isNull(servletRequestAttributes)) { - throw new HttpRequestException("http request content error"); + + LOGGER.error("Missing HTTP parameter"); + throw new HttpRequestException("Missing HTTP parameter"); } HttpServletRequest httpServletRequest = servletRequestAttributes.getRequest(); String userToken = httpServletRequest.getHeader(HttpConstant.TOKEN); if (null == userToken) { + LOGGER.error("Missing user token"); throw new NotLoginException("user token expired or no login", "", ""); } @@ -122,7 +133,8 @@ public class UserPermission { ServletRequestAttributes servletRequestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes(); if (Objects.isNull(servletRequestAttributes)) { - throw new HttpRequestException("http request content error"); + LOGGER.error("Missing HTTP parameter"); + throw new HttpRequestException("Missing HTTP parameter"); } Cookie[] cookies = servletRequestAttributes.getRequest().getCookies(); @@ -137,6 +149,7 @@ public class UserPermission { } if (null == cookie) { + LOGGER.error("Missing valid cookies"); throw new NotLoginException("user token expired or no login", "", ""); } return cookie; diff --git a/src/main/java/com/easysoftware/common/aop/PreUserPermissionAspect.java b/src/main/java/com/easysoftware/common/aop/PreUserPermissionAspect.java index 376051c2cbec21420ab2e26ccb4a85713988d698..694550ee6090c7788dd2f695ae17c6a3007d4123 100644 --- a/src/main/java/com/easysoftware/common/aop/PreUserPermissionAspect.java +++ b/src/main/java/com/easysoftware/common/aop/PreUserPermissionAspect.java @@ -2,12 +2,16 @@ package com.easysoftware.common.aop; import com.easysoftware.common.account.UserPermission; import com.easysoftware.common.annotation.PreUserPermission; -import com.easysoftware.common.exception.HttpRequestException; -import org.aspectj.lang.JoinPoint; +import com.easysoftware.common.entity.MessageCode; +import com.easysoftware.common.utils.ResultUtil; +import org.aspectj.lang.ProceedingJoinPoint; +import org.aspectj.lang.annotation.Around; import org.aspectj.lang.annotation.Aspect; -import org.aspectj.lang.annotation.Before; import org.aspectj.lang.reflect.MethodSignature; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpStatus; import org.springframework.stereotype.Component; import java.lang.reflect.Method; @@ -17,6 +21,10 @@ import java.util.Objects; @Aspect @Component public class PreUserPermissionAspect { + /** + * Logger for PreUserPermissionAspect. + */ + private static final Logger LOGGER = LoggerFactory.getLogger(PreUserPermissionAspect.class); /** * Autowired UserPermission for get user permission. @@ -28,30 +36,43 @@ public class PreUserPermissionAspect { * Advice method called before a method with PreUserPermission, and authentication. * @param joinPoint The JoinPoint representing the intercepted method. * @throws Throwable if an error occurs during method execution, or authentication fail. + * @return Business processing results. */ - @Before("@annotation(com.easysoftware.common.annotation.PreUserPermission)") - public void before(final JoinPoint joinPoint) throws Throwable { - /* 获取PreUserPermission注解参数 */ - MethodSignature methodSignature = (MethodSignature) joinPoint.getSignature(); - Method method = methodSignature.getMethod(); - PreUserPermission preUserPermission = method.getAnnotation(PreUserPermission.class); - String[] paramValues = preUserPermission.value(); - - /* 方法使用注解,但未指定参数,默认无权限控制 */ - if (Objects.isNull(paramValues) || 0 == paramValues.length) { - return; - } + @Around("@annotation(com.easysoftware.common.annotation.PreUserPermission)") + public Object around(final ProceedingJoinPoint joinPoint) throws Throwable { + /* 用户权限检查 */ + try { + /* 获取PreUserPermission注解参数 */ + MethodSignature methodSignature = (MethodSignature) joinPoint.getSignature(); + Method method = methodSignature.getMethod(); + PreUserPermission preUserPermission = method.getAnnotation(PreUserPermission.class); + String[] paramValues = preUserPermission.value(); + + /* 方法使用注解,如果未指定参数,默认无权限控制;否则,进行权限检查 */ + if (!Objects.isNull(paramValues) && 0 != paramValues.length) { + /* 获取客户权限 */ + HashSet permissionSet = userPermission.getPermissionList(); - /* 获取客户权限 */ - HashSet permissionSet = userPermission.getPermissionList(); + /* 检查客户权限是否满足访问权限 */ + boolean permissionFlag = false; + for (String item : paramValues) { + if (permissionSet.contains(item)) { + permissionFlag = true; + break; + } + } - /* 检查客户权限是否满足访问权限 */ - for (String item:paramValues) { - if (permissionSet.contains(item)) { - return; + if (!permissionFlag) { + LOGGER.error("Insufficient permissions"); + return ResultUtil.fail(HttpStatus.UNAUTHORIZED, MessageCode.EC00019); + } } + } catch (Exception e) { + LOGGER.error("Authentication exception"); + return ResultUtil.fail(HttpStatus.UNAUTHORIZED, MessageCode.EC00020); } - throw new HttpRequestException("you do not have unauthorized access"); + /* 业务处理 */ + return joinPoint.proceed(); } } diff --git a/src/main/java/com/easysoftware/common/entity/MessageCode.java b/src/main/java/com/easysoftware/common/entity/MessageCode.java index 4b38d1b233a1de23be60fb157860e18eb8154f12..630747234569ba3245b247437cb3d82a0e115cd2 100644 --- a/src/main/java/com/easysoftware/common/entity/MessageCode.java +++ b/src/main/java/com/easysoftware/common/entity/MessageCode.java @@ -132,6 +132,12 @@ public enum MessageCode { */ EC00019("EC00019", "Unauthorized ", "权限不足"), + /** + * Error code EC00020: Authentication exception. + * Chinese: 鉴权失败. + */ + EC00020("EC00020", "Authentication exception", "鉴权失败"), + /** * Error code ES0001: Internal Server Error. * Chinese: 服务异常.