|
|
@@ -1,15 +1,5 @@
|
|
|
package cn.com.qmth.stmms.api.interceptor;
|
|
|
|
|
|
-import java.util.Date;
|
|
|
-
|
|
|
-import javax.servlet.http.HttpServletRequest;
|
|
|
-import javax.servlet.http.HttpServletResponse;
|
|
|
-
|
|
|
-import org.apache.commons.lang.StringUtils;
|
|
|
-import org.springframework.beans.factory.annotation.Autowired;
|
|
|
-import org.springframework.web.method.HandlerMethod;
|
|
|
-import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
|
|
|
-
|
|
|
import cn.com.qmth.stmms.api.exception.ApiException;
|
|
|
import cn.com.qmth.stmms.biz.school.model.School;
|
|
|
import cn.com.qmth.stmms.biz.school.service.SchoolService;
|
|
|
@@ -25,6 +15,17 @@ import cn.com.qmth.stmms.common.signature.SignatureInfo;
|
|
|
import cn.com.qmth.stmms.common.signature.SignatureType;
|
|
|
import cn.com.qmth.stmms.common.utils.EncryptUtils;
|
|
|
import cn.com.qmth.stmms.common.utils.RequestUtils;
|
|
|
+import com.fasterxml.jackson.databind.ObjectMapper;
|
|
|
+import org.apache.commons.lang.StringUtils;
|
|
|
+import org.slf4j.Logger;
|
|
|
+import org.slf4j.LoggerFactory;
|
|
|
+import org.springframework.beans.factory.annotation.Autowired;
|
|
|
+import org.springframework.web.method.HandlerMethod;
|
|
|
+import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
|
|
|
+
|
|
|
+import javax.servlet.http.HttpServletRequest;
|
|
|
+import javax.servlet.http.HttpServletResponse;
|
|
|
+import java.util.Date;
|
|
|
|
|
|
/**
|
|
|
* API接口访问拦截器
|
|
|
@@ -33,6 +34,8 @@ import cn.com.qmth.stmms.common.utils.RequestUtils;
|
|
|
*/
|
|
|
public class ApiInterceptor extends HandlerInterceptorAdapter {
|
|
|
|
|
|
+ protected static final Logger log = LoggerFactory.getLogger(ApiInterceptor.class);
|
|
|
+
|
|
|
@Autowired
|
|
|
private AuthorizationService authorizationService;
|
|
|
|
|
|
@@ -46,7 +49,8 @@ public class ApiInterceptor extends HandlerInterceptorAdapter {
|
|
|
private SessionService sessionService;
|
|
|
|
|
|
@Override
|
|
|
- public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
|
|
|
+ public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
|
|
|
+ throws Exception {
|
|
|
HandlerMethod method = (HandlerMethod) handler;
|
|
|
try {
|
|
|
return validate(request, response, method.getMethodAnnotation(RoleRequire.class));
|
|
|
@@ -79,8 +83,15 @@ public class ApiInterceptor extends HandlerInterceptorAdapter {
|
|
|
return buildApiUser(request, response, school);
|
|
|
} else if (info.getType() == SignatureType.TOKEN) {
|
|
|
User user = userService.findByLoginName(info.getInvoker());
|
|
|
- if (user == null || user.getScanTokenInvalidTime() == null
|
|
|
- || new Date().after(user.getScanTokenInvalidTime()) || !info.validate(user.getScanToken())) {
|
|
|
+ if (user == null || user.getScanTokenInvalidTime() == null || new Date()
|
|
|
+ .after(user.getScanTokenInvalidTime()) || !info.validate(user.getScanToken())) {
|
|
|
+ try {
|
|
|
+ ObjectMapper mapper = new ObjectMapper();
|
|
|
+ log.warn("api token signature invalud, signature={}, user={}",
|
|
|
+ mapper.writeValueAsString(info),
|
|
|
+ user != null ? mapper.writeValueAsString(user) : "{}");
|
|
|
+ } catch (Exception ignored) {
|
|
|
+ }
|
|
|
throw ApiException.SIGNATURE_INVALID;
|
|
|
}
|
|
|
if (!user.isEnable()) {
|
