odata鉴权

95bcea84 · guozhipeng · e49df974 · 95bcea84
Commit 95bcea84 authored Feb 17, 2025 by guozhipeng
Hide whitespace changes
Inline Side-by-side

Showing with 40 additions and 20 deletions

OperateAuthFilter.java ...stomer/lianchuangjie/common/filter/OperateAuthFilter.java +40 -20

No files found.
--- a/srv/src/main/java/customer/lianchuangjie/common/filter/OperateAuthFilter.java
+++ b/srv/src/main/java/customer/lianchuangjie/common/filter/OperateAuthFilter.java
@@ -112,15 +112,18 @@ public class OperateAuthFilter implements Filter {
                }
            }
        }
-        //TODO 郭智朋 测试中 处理ODATA接口
+        //处理ODATA接口 只有odata接口需要从cookies中读取参数
-        /*Cookie[] cookies = request.getCookies();
+        if (Pattern.matches("(.*/odata/v4/.*)", uri)) {
-        if (appKey == null && cookies != null && cookies.length > 0 && "/odata/v4/orderService/$batch".equals(uri)) {
+            if (cookies == null || cookies.length == 0) {
-            List<Cookie> cookiesList = Arrays.asList(cookies);
+                Result<Object> wrapResult = Result.error("odata请求 cookies 不能为空！");
+                writeResult(response, wrapResult);
+                return;
+            }
            //appKey partyId4Rule roleTypeId4Rule language
            String partyId4Rule = null;
            String roleTypeId4Rule = null;
            String language = null;
-            for (Cookie cookie : cookiesList) {
+            for (Cookie cookie : cookies) {
                if ("appKey".equals(cookie.getName())) {
                    appKey = cookie.getValue();
                }
@@ -134,9 +137,28 @@ public class OperateAuthFilter implements Filter {
                    language = cookie.getValue();
                }
            }
+            if (appKey == null || "".equals(appKey)) {
+                Result<Object> wrapResult = Result.error("odata请求 appKey 不能为空！");
+                writeResult(response, wrapResult);
+                return;
+            }
+            if (partyId4Rule == null || "".equals(partyId4Rule)) {
+                Result<Object> wrapResult = Result.error("odata请求 partyId4Rule 不能为空！");
+                writeResult(response, wrapResult);
+                return;
+            }
+            if (roleTypeId4Rule == null || "".equals(roleTypeId4Rule)) {
+                Result<Object> wrapResult = Result.error("odata请求 roleTypeId4Rule 不能为空！");
+                writeResult(response, wrapResult);
+                return;
+            }
+            if (language == null || "".equals(language)) {
+                Result<Object> wrapResult = Result.error("odata请求 language 不能为空！");
+                writeResult(response, wrapResult);
+                return;
+            }
            // 返回请求体数据 是否通过鉴权(True: 通过， Flase: 失败)
            if (
-                    !StringUtils.isEmpty(appKey) &&
                    CommonConstant.userAuthenticationMap.containsKey(appKey) &&
                    CommonConstant.userAuthenticationMap.get(appKey).getIsPassAuth() == Boolean.TRUE
            ) {
@@ -147,7 +169,7 @@ public class OperateAuthFilter implements Filter {
                String cdsView = https[0];
                JSONObject param = new JSONObject();
                //"url": "orderService/OrderHeaderItemView",
-                //    "param": "$filter=(contains(ID, '61fe46ab-8226-4735-8384-f612ed648819'))",
+                //"param": "$filter=(contains(ID, '61fe46ab-8226-4735-8384-f612ed648819'))",
                String[] urlparam = cdsView.split("\\?");
                param.put("url", urlparam[0]);
                param.put("param", urlparam.length>1?urlparam[1]:"");
@@ -158,13 +180,18 @@ public class OperateAuthFilter implements Filter {
                if (requestResult.isSuccess()) {
                    requestParamStrNew = gets[0] + "GET " + requestResult.getResult() + " HTTP" + https[1];
                } else {
-                    return;// 跳过后面的认证
+                    writeResult(response, requestResult);
+                    return;
                }
                log.info("paramStr:{}, isJson:{}", requestParamStrNew, JsonUtil.isJsonObject(requestParamStr));
                request = new AuthHttpServletRequest(request, requestParamStrNew, "appKey", appKey);
+            } else {
+                Result<Object> wrapResult = Result.error("未通过鉴权！");
+                writeResult(response, wrapResult);
+                return;
            }
        }
-        log.info("requestIP:{}, requestURI:{}, method:{}, appKey:{}", ip, uri, request.getMethod(), appKey);*/
+        log.info("requestIP:{}, requestURI:{}, method:{}, appKey:{}", ip, uri, request.getMethod(), appKey);
        // 日志文件认证
        if (uri.startsWith("/logs/")) {
            if (StringUtils.isBlank(tokenForLogs)) {
@@ -179,20 +206,13 @@ public class OperateAuthFilter implements Filter {
            filterChain.doFilter(request, servletResponse);
            return;// 跳过后面的认证
        }
-        // OData接口仅允许本机访问
-        if (Pattern.matches("(.*/odata/v4/.*)", uri)) {
-            if ("127.0.0.1".equals(ip) || "0:0:0:0:0:0:0:1".equals(ip)) {// 本机访问
-            } else {
-                if (!Pattern.matches("(.*exampleService/ExampleView.*)", uri)) {
-                    return;
-                }
-            }
-        }
        // 禁止非POST/GET方式访问
-        /*if (!request.getMethod().equals("POST") && !request.getMethod().equals("GET")) {
+        if (!request.getMethod().equals("POST") && !request.getMethod().equals("GET")) {
+            Result<Object> wrapResult = Result.error("禁止非POST/GET方式访问！");
+            writeResult(response, wrapResult);
            return;
        }
-        if (request.getMethod().equals("GET") && ("/index.html".equals(uri))) {// "/index.html"跳转到"/"
+        /*if (request.getMethod().equals("GET") && ("/index.html".equals(uri))) {// "/index.html"跳转到"/"
            response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate");
            response.setHeader("Pragma", "no-cache");
            response.setHeader("Expires", "0");