去除注解@(requires: 'any')

srv/masterService.cds

@@ -4,7 +4,7 @@ using { db.productStore as productStoreDb } from '../db/cds/master/productStore'
 
 
 
-service masterService @(requires: 'any'){
+service masterService {
     entity Uom as projection on masterDb.Uom;
     entity UomType as projection on masterDb.UomType;
     entity StatusItem as projection on masterDb.StatusItem;

srv/src/main/java/customer/lianchuangjie/common/filter/OperateAuthFilter.java

@@ -21,11 +21,13 @@ import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.stereotype.Component;
-
-import java.util.*;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.List;
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.nio.charset.StandardCharsets;
+import java.util.Map;
 import java.util.regex.Pattern;
 import java.util.stream.Collectors;
 
@@ -57,11 +59,7 @@ public class OperateAuthFilter implements Filter {
     public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
         HttpServletRequest request = (HttpServletRequest) servletRequest;
         HttpServletResponse response = (HttpServletResponse) servletResponse;
-        String language = request.getHeader("language");
         String appKey = request.getHeader("appKey"); //用户appKey
-        if (appKey == null || "".equals(appKey)) {
-            appKey = request.getParameter("appKey");
-        }
         String uri = request.getRequestURI();
         String ip = request.getRemoteAddr();
         log.info("requestIP:{}, requestURI:{}, method:{}, appKey:{}", ip, uri, request.getMethod(), appKey);
@@ -77,96 +75,20 @@ public class OperateAuthFilter implements Filter {
             }
             authorities = authentication.getAuthorities();//角色集合[]
         }
-        if (username == null || "".equals(username)) {
-            Result<Object> wrapResult = Result.error("未登录系统，禁止访问！");
-            writeResult(response, wrapResult);
-            return;
-        } else if (
-            !StringUtils.isEmpty(appKey) &&
-            CommonConstant.userAuthenticationMap.containsKey(appKey) &&
-            CommonConstant.userAuthenticationMap.get(appKey).getIsPassAuth() == Boolean.TRUE
-        ) {
-            // 返回请求体数据 是否通过鉴权(True: 通过， Flase: 失败)
-            Result<Object> wrapResult = Result.error("未登录系统，禁止访问！");
-            writeResult(response, wrapResult);
-            return;
-        }
-        log.info("登录用户 username：{}", username);
-        log.info("角色集合 authorities：{}", authorities);
-        log.info("权限认证 authorization: {}", request.getHeader("authorization"));
-        if (request.getHeader("authorization") == null || "".equals(request.getHeader("authorization"))) {
-            Result<Object> wrapResult = Result.error("authorization is null 未登录系统，禁止访问！");
-            writeResult(response, wrapResult);
-            return;
-        }
-
-        //appKey partyId4Rule roleTypeId4Rule language
-        String partyId4Rule = null;
-        String roleTypeId4Rule = null;
+        log.info("[OperateAuthFilter.doFilter]登录用户 username：{}", username);
+        log.info("[OperateAuthFilter.doFilter]角色集合 authorities：{}", authorities);
+        log.info("[OperateAuthFilter.doFilter]权限认证 authorization: {}", request.getHeader("authorization"));
         Cookie[] cookies = request.getCookies();
-        if ((appKey == null || "".equals(appKey))) {
-            if ((cookies != null && cookies.length > 0)) {
+        if (cookies != null && cookies.length > 0) {
             for (Cookie cookie : cookies) {
-                    //重新赋值
-                    if ("appKey".equals(cookie.getName())) {
-                        appKey = cookie.getValue();
-                    }
-                    if ("partyId4Rule".equals(cookie.getName())) {
-                        partyId4Rule = cookie.getValue();
-                    }
-                    if ("roleTypeId4Rule".equals(cookie.getName())) {
-                        roleTypeId4Rule = cookie.getValue();
-                    }
-                    if ("language".equals(cookie.getName())) {
-                        language = cookie.getValue();
-                    }
-                }
-                /*if (partyId4Rule == null || "".equals(partyId4Rule)) {
-                    Result<Object> wrapResult = Result.error("partyId4Rule 不能为空！");
-                    writeResult(response, wrapResult);
-                    return;
-                }*/
-                if (appKey == null || "".equals(appKey)) {
-                    Result<Object> wrapResult = Result.error("appKey 不能为空！");
-                    writeResult(response, wrapResult);
-                    return;
-                }
-                if (roleTypeId4Rule == null || "".equals(roleTypeId4Rule)) {
-                    Result<Object> wrapResult = Result.error("roleTypeId4Rule 不能为空！");
-                    writeResult(response, wrapResult);
-                    return;
-                }
-                if (language == null || "".equals(language)) {
-                    Result<Object> wrapResult = Result.error("language 不能为空！");
-                    writeResult(response, wrapResult);
-                    return;
-                }
-            } else {
-                Result<Object> wrapResult = Result.error("cookies 不能为空！");
-                writeResult(response, wrapResult);
-                return;
-            }
-        } else {
-            if (!CommonConstant.userAuthenticationMap.containsKey(appKey)
-                    || CommonConstant.userAuthenticationMap.get(appKey).getIsPassAuth() != Boolean.TRUE) {
-                String requestParamStr = request.getReader().lines().collect(Collectors.joining(System.lineSeparator()));
-                Map<String, String> requestValueMap = JsonUtil.convertJsonToMap(requestParamStr);
-                log.info("paramStr:{}, isJson:{}", requestParamStr, JsonUtil.isJsonObject(requestParamStr));
-                //用户角色鉴权校验
-                Result wrapResult = OperateAuthUtil.verifyRequestPermission(requestParamStr, requestValueMap.get("roleTypeId"));
-                if (!ResponseConstant.SUCCESS_CODE.equals(wrapResult.getCode())) {
-                    writeResult(response, wrapResult);
-                    return;
+                log.info("[OperateAuthFilter.doFilter]cookie: {}", cookie.getName() + "=" + cookie.getValue());
             }
         } else {
-                Result<Object> wrapResult = Result.error("appKey 不能为空。。。！");
-                writeResult(response, wrapResult);
-                return;
+            log.info("[OperateAuthFilter.doFilter]cookie: null");
         }
-        }
-
         // IP白名单
         if (ipWhitelist) {
+            String language = request.getHeader("language");
             if (ipWhitelistMap.isEmpty()) {
                 response.setCharacterEncoding(StandardCharsets.UTF_8.name());
                 response.setContentType("text/html; charset=utf-8");
@@ -190,9 +112,34 @@ public class OperateAuthFilter implements Filter {
                 }
             }
         }
-
-        //TODO 处理ODATA接口 使用权限控制数据显示
-        if (Pattern.matches("(.*/odata/v4/.*)", uri)) {
+        //TODO 郭智朋 测试中 处理ODATA接口
+        /*Cookie[] cookies = request.getCookies();
+        if (appKey == null && cookies != null && cookies.length > 0 && "/odata/v4/orderService/$batch".equals(uri)) {
+            List<Cookie> cookiesList = Arrays.asList(cookies);
+            //appKey partyId4Rule roleTypeId4Rule language
+            String partyId4Rule = null;
+            String roleTypeId4Rule = null;
+            String language = null;
+            for (Cookie cookie : cookiesList) {
+                if ("appKey".equals(cookie.getName())) {
+                    appKey = cookie.getValue();
+                }
+                if ("partyId4Rule".equals(cookie.getName())) {
+                    partyId4Rule = cookie.getValue();
+                }
+                if ("roleTypeId4Rule".equals(cookie.getName())) {
+                    roleTypeId4Rule = cookie.getValue();
+                }
+                if ("language".equals(cookie.getName())) {
+                    language = cookie.getValue();
+                }
+            }
+            // 返回请求体数据 是否通过鉴权(True: 通过， Flase: 失败)
+            if (
+                    !StringUtils.isEmpty(appKey) &&
+                    CommonConstant.userAuthenticationMap.containsKey(appKey) &&
+                    CommonConstant.userAuthenticationMap.get(appKey).getIsPassAuth() == Boolean.TRUE
+            ) {
                 String requestParamStr = request.getReader().lines().collect(Collectors.joining(System.lineSeparator()));
                 //GET OrderHeaderItemView?$count=true&$select=createdBy_Text,docId,headerId,lineNo,modifiedBy_Text&$skip=0&$top=30 HTTP/1.1
                 String[] gets = requestParamStr.split("GET ");
@@ -211,21 +158,19 @@ public class OperateAuthFilter implements Filter {
                 if (requestResult.isSuccess()) {
                     requestParamStrNew = gets[0] + "GET " + requestResult.getResult() + " HTTP" + https[1];
                 } else {
-                writeResult(response, requestResult);
                     return;// 跳过后面的认证
                 }
                 log.info("paramStr:{}, isJson:{}", requestParamStrNew, JsonUtil.isJsonObject(requestParamStr));
                 request = new AuthHttpServletRequest(request, requestParamStrNew, "appKey", appKey);
             }
-        log.info("requestIP:{}, requestURI:{}, method:{}, appKey:{}", ip, uri, request.getMethod(), appKey);
+        }
+        log.info("requestIP:{}, requestURI:{}, method:{}, appKey:{}", ip, uri, request.getMethod(), appKey);*/
         // 日志文件认证
         if (uri.startsWith("/logs/")) {
             if (StringUtils.isBlank(tokenForLogs)) {
                 throw new BtpException("init error!");
             }
             if (!tokenForLogs.equals(request.getParameter("appKey"))) {
-                Result<Object> wrapResult = Result.error("appKey 不能为空！");
-                writeResult(response, wrapResult);
                 return;
             }
         }
@@ -234,13 +179,20 @@ public class OperateAuthFilter implements Filter {
             filterChain.doFilter(request, servletResponse);
             return;// 跳过后面的认证
         }
+        // OData接口仅允许本机访问
+        if (Pattern.matches("(.*/odata/v4/.*)", uri)) {
+            if ("127.0.0.1".equals(ip) || "0:0:0:0:0:0:0:1".equals(ip)) {// 本机访问
+            } else {
+                if (!Pattern.matches("(.*exampleService/ExampleView.*)", uri)) {
+                    return;
+                }
+            }
+        }
         // 禁止非POST/GET方式访问
-        if (!request.getMethod().equals("POST") && !request.getMethod().equals("GET")) {
-            Result<Object> wrapResult = Result.error("禁止非POST/GET方式访问");
-            writeResult(response, wrapResult);
+        /*if (!request.getMethod().equals("POST") && !request.getMethod().equals("GET")) {
             return;
         }
-        /*if (request.getMethod().equals("GET") && ("/index.html".equals(uri))) {// "/index.html"跳转到"/"
+        if (request.getMethod().equals("GET") && ("/index.html".equals(uri))) {// "/index.html"跳转到"/"
             response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate");
             response.setHeader("Pragma", "no-cache");
             response.setHeader("Expires", "0");
@@ -254,7 +206,7 @@ public class OperateAuthFilter implements Filter {
             request.getServletContext().getRequestDispatcher("/index.html").forward(request, response);//重定向
             return;
         }*/
-        boolean allowUri = Pattern.matches("(.*/login/.*|.*/oauth2Login/.*|.*/odata/v4/.*)", uri);
+        boolean allowUri = Pattern.matches("(.*/login/.*|.*/odata/v4/.*)", uri);
         //排除用户登录和非Post请求
         if (!allowUri && request.getMethod().equals("POST")) {
             //校验请求头中appKey参数: appKey为空或其不存在于系统中，或状态未鉴权通过均拦截