| | |
|---|
| | | |
|---|
| | | private static final Log log = LogFactory.getLog(AuthInterceptor.class); |
|---|
| | | |
|---|
| | | private static final String NO_TOKEN = JSON.toJSONString(new ResponseMsg<String>(HttpStatus.TOKEN_ERROR, "找不到令牌")); |
|---|
| | | public static final String NO_TOKEN = JSON.toJSONString(new ResponseMsg<String>(HttpStatus.TOKEN_ERROR, "找不到令牌")); |
|---|
| | | |
|---|
| | | private static final String NO_LOGIN = JSON.toJSONString(new ResponseMsg<String>(HttpStatus.NO_LOGIN_ERROR, "用户未登录")); |
|---|
| | | public static final String NO_LOGIN = JSON.toJSONString(new ResponseMsg<String>(HttpStatus.NO_LOGIN_ERROR, "用户未登录")); |
|---|
| | | |
|---|
| | | private static final String USER_LOCK = JSON.toJSONString(new ResponseMsg<String>(HttpStatus.USER_LOCK_ERROR, "用户ID已禁用")); |
|---|
| | | public static final String USER_LOCK = JSON.toJSONString(new ResponseMsg<String>(HttpStatus.USER_LOCK_ERROR, "用户ID已禁用")); |
|---|
| | | |
|---|
| | | private static final String NO_AUTH = JSON.toJSONString(new ResponseMsg<String>(HttpStatus.NO_AUTH_ERROR, "无权限访问")); |
|---|
| | | public static final String NO_AUTH = JSON.toJSONString(new ResponseMsg<String>(HttpStatus.NO_AUTH_ERROR, "无权限访问")); |
|---|
| | | |
|---|
| | | private static final String IP_NULL = JSON.toJSONString(new ResponseMsg<String>(HttpStatus.UNAUTHORIZED, "IP地址为空")); |
|---|
| | | public static final String IP_NULL = JSON.toJSONString(new ResponseMsg<String>(HttpStatus.UNAUTHORIZED, "IP地址为空")); |
|---|
| | | |
|---|
| | | private static final String BLACK_LIST = JSON.toJSONString(new ResponseMsg<String>(HttpStatus.UNAUTHORIZED, "该IP入黑名单")); |
|---|
| | | public static final String BLACK_LIST = JSON.toJSONString(new ResponseMsg<String>(HttpStatus.UNAUTHORIZED, "IP列入黑名单")); |
|---|
| | | |
|---|
| | | private static final String ILLEGAL_TOKEN = JSON.toJSONString(new ResponseMsg<String>(HttpStatus.UNAUTHORIZED, "令牌来源非法")); |
|---|
| | | public static final String ILLEGAL_TOKEN = JSON.toJSONString(new ResponseMsg<String>(HttpStatus.UNAUTHORIZED, "令牌来源非法")); |
|---|
| | | |
|---|
| | | public AuthInterceptor(SysService sysService) { |
|---|
| | | this.sysService = sysService; |
|---|
| | |
|---|
| | | return WebHelper.writeStr2Page(response, NO_TOKEN); |
|---|
| | | } |
|---|
| | | |
|---|
| | | // 3.获取用户令牌 |
|---|
| | | UserEntity ue = sysService.tokenService.getCurrentUser(request); |
|---|
| | | // 3.获取用户 |
|---|
| | | UserEntity ue = sysService.tokenService.getUserByToken(token); |
|---|
| | | if (ue == null) { |
|---|
| | | return WebHelper.writeStr2Page(response, NO_LOGIN); |
|---|
| | | } |
|---|
| | |
|---|
| | | return true; |
|---|
| | | } |
|---|
| | | |
|---|
| | | // 7.检查白名单 |
|---|
| | | // 7.检查白名单和IP一致性 |
|---|
| | | if (!checkWhiteList(ip, request)) { |
|---|
| | | // 检查IP一致性 |
|---|
| | | if (!checkIpSource(ip, token)) { |
|---|
| | | return WebHelper.writeStr2Page(response, ILLEGAL_TOKEN); |
|---|
| | | } |
|---|
| | |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 检查IP一致性 |
|---|
| | | * 检查IP一致性:固定令牌不检查 |
|---|
| | | */ |
|---|
| | | private boolean checkIpSource(String ip, String token) { |
|---|
| | | TokenEntity te = sysService.tokenService.getEntityByToken(token); |
|---|
| | | |
|---|
| | | return te.getIp().equals(ip); |
|---|
| | | return StaticData.I1 == te.getType() || te.getIp().equals(ip); |
|---|
| | | } |
|---|
| | | } |
|---|
