redis 设置fastjson解析

server/src/main/java/edp/davinci/controller/DictController.java

@@ -39,7 +39,6 @@ public class DictController extends BaseController
      * @param request
      * @return
      */
-    @AuthIgnore
     @ApiOperation(value = "get dict type")
     @GetMapping(value = "/dictTypes")
     public ResponseEntity dictTypes(
@@ -55,7 +54,6 @@ public class DictController extends BaseController
      * @param request
      * @return
      */
-    @AuthIgnore
     @ApiOperation(value = "get dict data")
     @GetMapping(value = "/dictDatas")
     public ResponseEntity dictDatas(@RequestParam String dictType,
@@ -72,7 +70,6 @@ public class DictController extends BaseController
      * @param request
      * @return
      */
-    @AuthIgnore
     @ApiOperation(value = "create dict type", consumes = MediaType.APPLICATION_JSON_VALUE)
     @PostMapping(value = "/createDictType",consumes = MediaType.APPLICATION_JSON_VALUE)
     public ResponseEntity createDictType(@RequestBody DictType dictType,
@@ -91,7 +88,6 @@ public class DictController extends BaseController
      * @param request
      * @return
      */
-    @AuthIgnore
     @ApiOperation(value = "create dict data", consumes = MediaType.APPLICATION_JSON_VALUE)
     @PostMapping(value = "/createDictData",consumes = MediaType.APPLICATION_JSON_VALUE)
     public ResponseEntity createDictData(@RequestBody DictData dictData,
@@ -110,7 +106,6 @@ public class DictController extends BaseController
      * @param request
      * @return
      */
-    @AuthIgnore
     @ApiOperation(value = "get dict type detail")
     @GetMapping("/getDictTypeDetail/{id}")
     public ResponseEntity getDictTypeDetail(@PathVariable Long id,
@@ -132,7 +127,6 @@ public class DictController extends BaseController
      * @param request
      * @return
      */
-    @AuthIgnore
     @ApiOperation(value = "get dict data detail")
     @GetMapping("/getDictDataDetail/{id}")
     public ResponseEntity getDictDataDetail(@PathVariable Long id,
@@ -149,7 +143,6 @@ public class DictController extends BaseController
      * @param request
      * @return
      */
-    @AuthIgnore
     @ApiOperation(value = "update a dictType", consumes = MediaType.APPLICATION_JSON_VALUE)
     @PutMapping(value = "/updateDictType/{id}", consumes = MediaType.APPLICATION_JSON_VALUE)
     public ResponseEntity updateDictType(@PathVariable Long id,
@@ -172,7 +165,6 @@ public class DictController extends BaseController
      * @param request
      * @return
      */
-    @AuthIgnore
     @ApiOperation(value = "update a dictData", consumes = MediaType.APPLICATION_JSON_VALUE)
     @PutMapping(value = "/updateDictData/{id}", consumes = MediaType.APPLICATION_JSON_VALUE)
     public ResponseEntity updateDictData(@PathVariable Long id,
@@ -195,7 +187,6 @@ public class DictController extends BaseController
      * @param request
      * @return
      */
-    @AuthIgnore
     @ApiOperation(value = "delete a dicttype")
     @DeleteMapping("/deleteDictType/{id}")
     public ResponseEntity deleteDictType(@PathVariable Long id,
@@ -218,7 +209,6 @@ public class DictController extends BaseController
      * @param request
      * @return
      */
-    @AuthIgnore
     @ApiOperation(value = "delete a dictdata")
     @DeleteMapping("/deleteDictData/{id}")
     public ResponseEntity deleteDictData(@PathVariable Long id,

server/src/main/java/edp/davinci/core/inteceptor/AuthenticationInterceptor.java

@@ -19,7 +19,7 @@
 
 package edp.davinci.core.inteceptor;
 
-import com.alibaba.druid.util.StringUtils;
+import org.apache.commons.lang.StringUtils;
 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONObject;
 import edp.core.annotation.AuthIgnore;
@@ -80,47 +80,69 @@ public class AuthenticationInterceptor implements HandlerInterceptor
         Method method = handlerMethod.getMethod();
         AuthIgnore ignoreAuthMethod = method.getAnnotation(AuthIgnore.class);
         //注解不需要验证token
-//        if (handler instanceof HandlerMethod && null != ignoreAuthMethod)
-//        {
-//            return true;
-//        }
-
-        String ticket = request.getParameter("ticket");
-        if (StringUtils.isEmpty(ticket))
+        if (handler instanceof HandlerMethod && null != ignoreAuthMethod)
         {
-            if (!request.getServletPath().endsWith("/download/page"))
-            {
-                log.debug("{} : Unknown token", request.getServletPath());
-            }
-            response.setStatus(HttpCodeEnum.FORBIDDEN.getCode());
-            response.getWriter().print(ErrorMsg.ERR_MSG_AUTHENTICATION);
-            return false;
+            return true;
         }
-        log.debug("{} : ticket is found in url ", request.getServletPath());
-        System.out.println(">>>>>" + ticket);
-        Object redisMap = (Map<String, Object>) redisUtils.get(ticket);
-        if (null == redisMap)
+        // 网关转发后请求头中获取token和userinfo
+        String token = request.getHeader("Authorization");
+        String userinfo = request.getHeader("userinfo");
+        String ticket = request.getParameter("ticket");
+
+        if (StringUtils.isEmpty(token) && StringUtils.isEmpty(ticket))
         {
             log.debug("{} : ticket is not found in redis", ticket);
             response.setStatus(HttpCodeEnum.FORBIDDEN.getCode());
             response.getWriter().print(ErrorMsg.ERR_MSG_PERMISSION);
             return false;
         }
-        JSONObject userinfo = (JSONObject) JSONObject.toJSON(redisMap);
-        String username = userinfo.getString("username");
-        User user = userService.getByUsername(username);
-        if (null == user)
+
+        // token 不为空
+        if(StringUtils.isNotEmpty(token)){
+            JSONObject userinfoObject = (JSONObject) JSONObject.toJSON(userinfo);
+            User user = userService.getByUsername(userinfoObject.getString("username"));
+            if (null == user)
+            {
+                if (!request.getServletPath().endsWith("/download/page"))
+                {
+                    log.debug("{} : token user not found", request.getServletPath());
+                }
+                response.setStatus(HttpCodeEnum.FORBIDDEN.getCode());
+                response.getWriter().print(ErrorMsg.ERR_MSG_PERMISSION);
+                return false;
+
+            }
+            request.setAttribute(Constants.CURRENT_USER, user);
+        }
+
+        if (StringUtils.isNotEmpty(ticket))
         {
-            if (!request.getServletPath().endsWith("/download/page"))
+            log.debug("{} : ticket is found in url ", request.getServletPath());
+            Object redisMap = (Map<String, Object>) redisUtils.get(ticket);
+            if (null == redisMap)
             {
-                log.debug("{} : token user not found", request.getServletPath());
+                log.debug("{} : ticket is not found in redis", ticket);
+                response.setStatus(HttpCodeEnum.FORBIDDEN.getCode());
+                response.getWriter().print(ErrorMsg.ERR_MSG_PERMISSION);
+                return false;
             }
-            response.setStatus(HttpCodeEnum.FORBIDDEN.getCode());
-            response.getWriter().print(ErrorMsg.ERR_MSG_PERMISSION);
-            return false;
+            JSONObject userinfoObject = (JSONObject) JSONObject.toJSON(redisMap);
+            String username = userinfoObject.getString("username");
+            User user = userService.getByUsername(username);
+            if (null == user)
+            {
+                if (!request.getServletPath().endsWith("/download/page"))
+                {
+                    log.debug("{} : token user not found", request.getServletPath());
+                }
+                response.setStatus(HttpCodeEnum.FORBIDDEN.getCode());
+                response.getWriter().print(ErrorMsg.ERR_MSG_PERMISSION);
+                return false;
 
+            }
+            request.setAttribute(Constants.CURRENT_USER, user);
         }
-        request.setAttribute(Constants.CURRENT_USER, user);
+
         // add by zhangheng
         /*
         Method method = handlerMethod.getMethod();