兰宝车间质量管理系统
上一版本: 9ff0b09d | 补丁 | 提交 | 忽略空白
疯狂的狮子Li
2024-04-11 8352f18b3a3150e57cce43ddea23071b6d78e0f7 
update 优化 去除加密请求类型限制
已修改1个文件
35 ■■■■ 文件已修改
ruoyi-common/ruoyi-common-encrypt/src/main/java/org/dromara/common/encrypt/filter/CryptoFilter.java 35 ●●●● 补丁 | 查看 | 原始文档 | blame | 历史 
 ruoyi-common/ruoyi-common-encrypt/src/main/java/org/dromara/common/encrypt/filter/CryptoFilter.java


@@ -11,7 +11,6 @@


import org.dromara.common.encrypt.annotation.ApiEncrypt;


import org.dromara.common.encrypt.properties.ApiDecryptProperties;


import org.springframework.http.HttpMethod;


import org.springframework.http.MediaType;


import org.springframework.web.method.HandlerMethod;


import org.springframework.web.servlet.HandlerExceptionResolver;


import org.springframework.web.servlet.HandlerExecutionChain;


@@ -43,27 +42,25 @@


        ServletResponse responseWrapper = null;


        EncryptResponseBodyWrapper responseBodyWrapper = null;




        // 是否为 json 请求


        if (StringUtils.startsWithIgnoreCase(request.getContentType(), MediaType.APPLICATION_JSON_VALUE)) {


            // 是否为 put 或者 post 请求


            if (HttpMethod.PUT.matches(servletRequest.getMethod()) || HttpMethod.POST.matches(servletRequest.getMethod())) {


                // 是否存在加密标头


                String headerValue = servletRequest.getHeader(properties.getHeaderFlag());


                if (StringUtils.isNotBlank(headerValue)) {


                    // 请求解密


                    requestWrapper = new DecryptRequestBodyWrapper(servletRequest, properties.getPrivateKey(), properties.getHeaderFlag());


                } else {


                    // 是否有注解,有就报错,没有放行


                    if (ObjectUtil.isNotNull(apiEncrypt)) {


                        HandlerExceptionResolver exceptionResolver = SpringUtils.getBean("handlerExceptionResolver", HandlerExceptionResolver.class);


                        exceptionResolver.resolveException(


                            servletRequest, servletResponse, null,


                            new ServiceException("没有访问权限,请联系管理员授权", HttpStatus.FORBIDDEN));


                        return;


                    }


        // 是否为 put 或者 post 请求


        if (HttpMethod.PUT.matches(servletRequest.getMethod()) || HttpMethod.POST.matches(servletRequest.getMethod())) {


            // 是否存在加密标头


            String headerValue = servletRequest.getHeader(properties.getHeaderFlag());


            if (StringUtils.isNotBlank(headerValue)) {


                // 请求解密


                requestWrapper = new DecryptRequestBodyWrapper(servletRequest, properties.getPrivateKey(), properties.getHeaderFlag());


            } else {


                // 是否有注解,有就报错,没有放行


                if (ObjectUtil.isNotNull(apiEncrypt)) {


                    HandlerExceptionResolver exceptionResolver = SpringUtils.getBean("handlerExceptionResolver", HandlerExceptionResolver.class);


                    exceptionResolver.resolveException(


                        servletRequest, servletResponse, null,


                        new ServiceException("没有访问权限,请联系管理员授权", HttpStatus.FORBIDDEN));


                    return;


                }


            }


        }




        // 判断是否响应加密


        if (responseFlag) {


            responseBodyWrapper = new EncryptResponseBodyWrapper(servletResponse);