资源访问请求过滤
请求资源访问过滤
package com.feng.config;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.configurationprocessor.json.JSONException;
import org.springframework.boot.configurationprocessor.json.JSONObject;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.servlet.resource.ResourceResolver;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.awt.*;
import java.io.IOException;
import java.nio.charset.Charset;
import java.util.*;
import java.util.function.Supplier;
/**
* @Desc:资源访问请求过滤
* @Date:2022/3/1
* @Version 1.0
*/
@Slf4j
@Component
public class ResourceAccessFilter extends OncePerRequestFilter {
private static final MediaType MEDIA_TYPE = new MediaType("application", "json", Charset.forName("UTF-8"));
public static final String SUCCESS = "success";
public static final String CODE = "code";
public static final String LIST_BY_PARAM = "/xxx/listByParam";
public static final String SAVE = "/xxx/save";
@Value("${url}")
private String url;
/**
* 过滤逻辑
* @param request
* @param response
* @param chain
* @throws ServletException
* @throws IOException
*/
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
logger.info("");
String requestURI = request.getRequestURI();
//只拦截指定请求路径 || 没有跳转系统编号,说明是本系统请求,不做拦截
String systemName;
if (!(LIST_BY_PARAM.equals(requestURI) || SAVE.equals(requestURI))
|| StringUtils.isEmpty(request.getParameter("systemName"))){
chain.doFilter(request, response);
return;
}
String operateUser = request.getParameter("operateUser");
String cookie = request.getHeader("Cookie");
HttpEntity httpEntity = this.constructEntity(cookie);
LinkedHashMap<String, String> retMsgMap = this.sendBreakRuleCount(httpEntity);
logger.info("httpPost return retMsgMap is :{}", retMsgMap);
if (retMsgMap == null){
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, retMsgMap.get("message"));
return;
}
if (!Objects.equals(SUCCESS, retMsgMap.get(CODE))){
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, retMsgMap.get("message"));
return;
}
chain.doFilter(request, response);
//此处校验会出现同一个浏览器登录多个用户, 获取到username不一致(改用的session未失效)
if (retMsgMap.containsKey("username") && Objects.equals(operateUser, retMsgMap.get("username"))){
chain.doFilter(request, response);
} else {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "wrong login user");
}
}
private HttpEntity<Map<String, Objects>> constructEntity(String cookie){
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MEDIA_TYPE);
headers.setAccept(Collections.singletonList(MEDIA_TYPE));
headers.set("Cookie", cookie);
Map<String, Objects> paramMap = new HashMap<>();
return new HttpEntity<>(paramMap, headers);
}
private LinkedHashMap<String, String> sendBreakRuleCount(HttpEntity httpEntity){
return (LinkedHashMap<String, String>) this.getData(() -> new RestTemplate().postForObject(url, httpEntity, Msg.class));
}
public static <T> T getData(Supplier<Msg<T>> supplier){
Msg<T> t = supplier.get();
if (IErrCode.CODE_SUCCESS.equals(t.getCode())){
return t.getData();
} else {
throw new BizException(t.getCode(), t.getMessage());
}
}
}
package com.feng.config;
import java.io.Serializable;
/**
* @Desc:
* @Date:2022/3/1
* @Version 1.0
*/
public class Msg<T> implements Serializable {
private String code;
private String message = null;
private T data = null;
public static String OK = IErrCode.CODE_SUCCESS;
public Msg() {
}
public Msg(String code) {
this.code = code;
}
public Msg(String code, String message) {
this.code = code;
this.message = message;
}
public static <E> Msg<E> ok(E data){
Msg<E> msg = new Msg<>(OK);
msg.setData(data);
return msg;
}
public static <E> Msg<E> err(IErrCode code){
Msg<E> msg = new Msg<>(code.getCode());
msg.message = code.getMessage();
return msg;
}
public static <E> Msg<E> err(IErrCode code, E data){
Msg<E> msg = new Msg<>(code.getCode());
msg.message = code.getMessage();
msg.setData(data);
return msg;
}
public static <E> Msg<E> err(String code, String message){
Msg<E> msg = new Msg<>(code);
msg.message = message;
return msg;
}
public String getCode() {
return code;
}
public void setCode(String code) {
this.code = code;
}
public String getMessage() {
return message;
}
public void setMessage(String message) {
this.message = message;
}
public T getData() {
return data;
}
public void setData(T data) {
this.data = data;
}
}
package com.feng.config;
/**
* @Desc:
* @Date:2022/3/1
* @Version 1.0
*/
public interface IErrCode {
/**
* 成功
*/
String CODE_SUCCESS = "200";
/**
* 业务异常
*/
String CODE_BIZ_ERR = "400";
/**
* 系统异常
*/
String CODE_SYSTEM_ERR = "500";
String getCode();
String getMessage();
}
package com.feng.config;
/**
* @Desc:
* @Date:2022/3/1
* @Version 1.0
*/
public class BizException extends RuntimeException {
private String code;
private String message;
public BizException(String message) {
this(IErrCode.CODE_BIZ_ERR, message)
}
public BizException(IErrCode iErrCode) {
this(iErrCode.getCode(), iErrCode.getMessage())
}
public BizException(String code, String message) {
this.code = code;
this.message = message;
}
@Override
public String toString() {
return "BizException{" +
"code='" + code + '\'' +
", message='" + message + '\'' +
'}';
}
public String getCode() {
return code;
}
public void setCode(String code) {
this.code = code;
}
@Override
public String getMessage() {
return message;
}
public void setMessage(String message) {
this.message = message;
}
}
浙公网安备 33010602011771号