lbqms.git - Gitblit

			@@ -11,7 +11,6 @@
			import org.dromara.common.encrypt.annotation.ApiEncrypt;
			import org.dromara.common.encrypt.properties.ApiDecryptProperties;
			import org.springframework.http.HttpMethod;
			import org.springframework.http.MediaType;
			import org.springframework.web.method.HandlerMethod;
			import org.springframework.web.servlet.HandlerExceptionResolver;
			import org.springframework.web.servlet.HandlerExecutionChain;
			@@ -36,47 +35,43 @@
			public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
			HttpServletRequest servletRequest = (HttpServletRequest) request;
			HttpServletResponse servletResponse = (HttpServletResponse) response;

			boolean encryptFlag = false;
			// 获取加密注解
			ApiEncrypt apiEncrypt = this.getApiEncryptAnnotation(servletRequest);
			boolean responseFlag = apiEncrypt != null && apiEncrypt.response();
			ServletRequest requestWrapper = null;
			ServletResponse responseWrapper = null;
			EncryptResponseBodyWrapper responseBodyWrapper = null;

			// 是否为 json 请求
			if (StringUtils.startsWithIgnoreCase(request.getContentType(), MediaType.APPLICATION_JSON_VALUE)) {
			// 是否为 put 或者 post 请求
			if (HttpMethod.PUT.matches(servletRequest.getMethod()) \|\| HttpMethod.POST.matches(servletRequest.getMethod())) {
			// 是否存在加密标头
			String headerValue = servletRequest.getHeader(properties.getHeaderFlag());
			if (StringUtils.isNotBlank(headerValue)) {
			// 请求解密
			requestWrapper = new DecryptRequestBodyWrapper(servletRequest, properties.getPrivateKey(), properties.getHeaderFlag());
			// 获取加密注解
			ApiEncrypt apiEncrypt = this.getApiEncryptAnnotation(servletRequest);
			if (ObjectUtil.isNotNull(apiEncrypt)) {
			// 响应加密标志
			encryptFlag = apiEncrypt.response();
			} else {
			// 是否有注解，有就报错，没有放行
			HandlerExceptionResolver exceptionResolver = SpringUtils.getBean("handlerExceptionResolver");
			exceptionResolver.resolveException(
			servletRequest, servletResponse, null,
			new ServiceException("没有访问权限，请联系管理员授权", HttpStatus.FORBIDDEN));
			}
			}
			// 判断是否响应加密
			if (encryptFlag) {
			responseBodyWrapper = new EncryptResponseBodyWrapper(servletResponse);
			responseWrapper = responseBodyWrapper;
			// 是否为 put 或者 post 请求
			if (HttpMethod.PUT.matches(servletRequest.getMethod()) \|\| HttpMethod.POST.matches(servletRequest.getMethod())) {
			// 是否存在加密标头
			String headerValue = servletRequest.getHeader(properties.getHeaderFlag());
			if (StringUtils.isNotBlank(headerValue)) {
			// 请求解密
			requestWrapper = new DecryptRequestBodyWrapper(servletRequest, properties.getPrivateKey(), properties.getHeaderFlag());
			} else {
			// 是否有注解，有就报错，没有放行
			if (ObjectUtil.isNotNull(apiEncrypt)) {
			HandlerExceptionResolver exceptionResolver = SpringUtils.getBean("handlerExceptionResolver", HandlerExceptionResolver.class);
			exceptionResolver.resolveException(
			servletRequest, servletResponse, null,
			new ServiceException("没有访问权限，请联系管理员授权", HttpStatus.FORBIDDEN));
			return;
			}
			}
			}

			// 判断是否响应加密
			if (responseFlag) {
			responseBodyWrapper = new EncryptResponseBodyWrapper(servletResponse);
			responseWrapper = responseBodyWrapper;
			}

			chain.doFilter(
			ObjectUtil.defaultIfNull(requestWrapper, request),
			ObjectUtil.defaultIfNull(responseWrapper, response));

			if (encryptFlag) {
			if (responseFlag) {
			servletResponse.reset();
			// 对原始内容加密
			String encryptContent = responseBodyWrapper.getEncryptContent(
			@@ -94,7 +89,6 @@
			// 获取注解
			try {
			HandlerExecutionChain mappingHandler = handlerMapping.getHandler(servletRequest);
			System.out.println(mappingHandler);
			if (ObjectUtil.isNotNull(mappingHandler)) {
			Object handler = mappingHandler.getHandler();
			if (ObjectUtil.isNotNull(handler)) {
			@@ -105,7 +99,7 @@
			}
			}
			} catch (Exception e) {
			throw new RuntimeException(e);
			return null;
			}
			return null;
			}