过滤器处理特定url进行鉴权

src/main/java/cn/quantgroup/customer/Bootstrap.java

@@ -2,10 +2,12 @@ package cn.quantgroup.customer;
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.web.servlet.ServletComponentScan;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.EnableAspectJAutoProxy;
 
 @Configuration
+@ServletComponentScan
 @EnableAspectJAutoProxy
 @SpringBootApplication(scanBasePackages = {"cn.quantgroup.customer"})
 public class Bootstrap {

src/main/java/cn/quantgroup/customer/config/http/mvc/WebMvcConfigure.java

@@ -21,9 +21,6 @@ import java.util.List;
 @Configuration
 public class WebMvcConfigure extends WebMvcConfigurerAdapter {
 
-    @Autowired
-    private UserTokenInterceptor tokenIntecepter;
-
     @Override
     public void configureMessageConverters(List<HttpMessageConverter<?>> converters) {
         super.configureMessageConverters(converters);
@@ -37,7 +34,7 @@ public class WebMvcConfigure extends WebMvcConfigurerAdapter {
 
     @Override
     public void addInterceptors(InterceptorRegistry registry) {
-        registry.addInterceptor(tokenIntecepter);
+
     }
 
 

src/main/java/cn/quantgroup/customer/config/http/mvc/filter/UserTokenInterceptor.java

@@ -23,7 +23,6 @@ import java.util.Objects;
  * @Update
  */
 @Slf4j
-@Component
 public class UserTokenInterceptor implements HandlerInterceptor {
     @Autowired
     private IOpSystemService IOpSystemService;

src/main/java/cn/quantgroup/customer/config/http/mvc/filter/ValidOperatePermitFilter.java

+package cn.quantgroup.customer.config.http.mvc.filter;
+
+import cn.quantgroup.customer.config.container.UserThreadLocal;
+import cn.quantgroup.customer.entity.OpUser;
+import cn.quantgroup.customer.rest.vo.JsonResult;
+import cn.quantgroup.customer.service.IOpSystemService;
+import lombok.SneakyThrows;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpMethod;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.*;
+import javax.servlet.annotation.WebFilter;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.Objects;
+
+/**
+ * @author yangjun
+ * @Date 2020/4/17 16:02
+ * @Desc 鉴权过滤器
+ * @Update
+ */
+@WebFilter(filterName = "operatePermitFilter",urlPatterns = {"/operate/sys/"})
+@Slf4j
+@Component
+public class ValidOperatePermitFilter implements Filter {
+    @Autowired
+    private IOpSystemService IOpSystemService;
+
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+
+    }
+
+    @SneakyThrows
+    @Override
+    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
+        HttpServletRequest request = (HttpServletRequest) servletRequest;
+
+        if (HttpMethod.OPTIONS.toString().equals(request.getMethod())) {
+            log.info("OPTIONS请求，放行");
+            return;
+        }
+
+        String token = request.getHeader("x-auth-token");
+        String system = request.getHeader("x-auth-system");
+        if (StringUtils.isAnyBlank(token, system)) {
+            log.error("缺少token信息,拦截");
+            throw new Exception("缺少token信息,拦截");
+        }
+
+        JsonResult<OpUser> opUserResult = IOpSystemService.findUserByToken(token, system);
+        if (Objects.isNull(opUserResult) || !opUserResult.isSuccess()) {
+            log.error("根据token查询不到用户信息 token:{}", token);
+            throw new Exception("鉴权失败,拦截");
+        } else {
+            OpUser opUser = opUserResult.getData();
+            UserThreadLocal.set(opUser);
+        }
+
+        //执行
+        filterChain.doFilter(servletRequest, servletResponse);
+    }
+
+    @Override
+    public void destroy() {
+
+    }
+}

src/main/java/cn/quantgroup/customer/rest/OperateRest.java

+package cn.quantgroup.customer.rest;
+
+import cn.quantgroup.customer.aop.OperateLog;
+import cn.quantgroup.customer.rest.param.ordermapping.OperateEntryParam;
+import cn.quantgroup.customer.rest.vo.JsonResult;
+import cn.quantgroup.customer.service.IOrderService;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+/**
+ * @author yangjun
+ * @Date 2020/4/17 15:57
+ * @Desc 需要鉴权的功能
+ * @Update
+ */
+
+@Slf4j
+@RestController
+@RequestMapping("/operate/sys")
+public class OperateRest {
+    @Autowired
+    private IOrderService orderService;
+
+    /**
+     * 提前一次性结清订单白名单配置
+     *
+     * @param operateEntryParam
+     * @return
+     */
+    @PostMapping("/setOrCancelEarlySettleUpWhiteLists")
+    @OperateLog(moduleName = "提前一次性结清白名单操作")
+    public JsonResult setOrCancelEarlySettleUpEntry(OperateEntryParam operateEntryParam) {
+        log.info("[结清白名单设置操作],请求参数:operateEntryParam={}", operateEntryParam);
+        return orderService.operateEntry(operateEntryParam);
+    }
+}

src/main/java/cn/quantgroup/customer/rest/OrderRest.java

@@ -62,18 +62,6 @@ public class OrderRest {
         return orderService.queryEarlySettleUpOrders(orderQuery);
     }
 
-    /**
-     * 结清白名单操作
-     *
-     * @param operateEntryParam
-     * @return
-     */
-    @PostMapping("/operateEntry")
-    @OperateLog(moduleName = "结清白名单操作")
-    public JsonResult operateEntry(OperateEntryParam operateEntryParam) {
-        log.info("[结清白名单设置操作],请求参数:operateEntryParam={}", operateEntryParam);
-        return orderService.operateEntry(operateEntryParam);
-    }
 
     /**
      * 提前一次性结清金额试算
@@ -82,7 +70,6 @@ public class OrderRest {
      * @return
      */
     @GetMapping("/earlySettleUpTrial/{loanId}")
-    @OperateLog(moduleName = "提前一次性结清金额试算")
     public JsonResult earlySettleUpTrial(@PathVariable Long loanId) {
         log.info("[提前一次性结清金额试算],请求参数:loanId={}", loanId);
         return orderService.earlySettleUpTrial(loanId);

src/main/java/cn/quantgroup/customer/service/impl/XyqbServiceImpl.java

@@ -19,6 +19,7 @@ import com.fasterxml.jackson.core.type.TypeReference;
 import com.google.common.collect.Maps;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.lang3.exception.ExceptionUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
@@ -403,7 +404,7 @@ public class XyqbServiceImpl implements IXyqbService {
             log.error("{} 请求参数都为空，不允许操作 orderQuery={}", logPre, operateEntryParam);
             return JsonResult.buildErrorStateResult("查询参数都为空,不允许操作", null);
         }
-        queryParam.put("loan_id", operateEntryParam.getLoanId());
+        queryParam.put("loan_id", String.valueOf(operateEntryParam.getLoanId()));
         if (operateEntryParam.getOpState() == 1) {
             queryParam.put("opt", "ADD");
         } else {
@@ -414,7 +415,14 @@ public class XyqbServiceImpl implements IXyqbService {
         Map<String, String> header = new HashMap<>(2);
         header.put("Accept", "application/json");
         header.put("Content-Type", "application/x-www-form-urlencoded");
-        String result = httpService.post(url, header, queryParam);
+        String result = null;
+        try{
+            result = httpService.post(url, header, queryParam);
+        }catch (Exception e){
+            log.error("{} 系统异常 e:{}",logPre, ExceptionUtils.getStackTrace(e));
+            return JsonResult.buildErrorStateResult("[处理失败]", Boolean.FALSE);
+        }
+
         log.info("{} 返回结果 result：{}", logPre, result);
         if (StringUtils.isBlank(result)) {
             log.error("{} 处理失败 queryParam={} result={}", logPre, queryParam, result);