1.去掉token权限认证逻辑，使用header中获取

2 years ago · c4f5c4b4a7
3 changed files with 44 additions and 3 deletions
--- a/tduck-api/src/main/java/com/tduck/cloud/api/web/interceptor/AuthorizationInterceptor.java
+++ b/tduck-api/src/main/java/com/tduck/cloud/api/web/interceptor/AuthorizationInterceptor.java
@ -17,6 +17,7 @@ import javax.annotation.PostConstruct;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.util.ArrayList;
+import java.util.Enumeration;
 import java.util.List;

 /**
@ -44,6 +45,39 @@ public class AuthorizationInterceptor extends HandlerInterceptorAdapter {

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+        // return authFromToken(request);
+        return authByHeader(request);
+    }
+
+    private boolean authByHeader(HttpServletRequest request) {
+        LoginUserVO loginUserVO = new LoginUserVO();
+
+        Enumeration<String> headerNames = request.getHeaderNames();
+        while (headerNames.hasMoreElements()) {
+            String name = headerNames.nextElement();
+            if (name.toLowerCase().equals("customerid")) {
+                loginUserVO.setCustomerId(request.getHeader(name));
+            }
+            if (name.toLowerCase().equals("userid")) {
+                String userId = request.getHeader(name);
+                loginUserVO.setUserId(userId);
+                request.setAttribute(USER_KEY, userId);
+            }
+        }
+
+        if (StringUtils.isBlank(loginUserVO.getCustomerId())) {
+            loginUserVO.setCustomerId(CommonConstants.LOGIN_USER_CUSTOMER_ANONYMOUS);
+        }
+
+        if (StringUtils.isBlank(loginUserVO.getUserId())) {
+            loginUserVO.setUserId(CommonConstants.LOGIN_USER_ID_ANONYMOUS);
+        }
+
+        LoginUserUtil.set(loginUserVO);
+        return true;
+    }
+
+    private boolean authByToken(HttpServletRequest request) {
        Login annotation;
        /*if (handler instanceof HandlerMethod) {
            annotation = ((HandlerMethod) handler).getMethodAnnotation(Login.class);
@ -54,6 +88,7 @@ public class AuthorizationInterceptor extends HandlerInterceptorAdapter {
        if (annotation == null) {
            return true;
        }*/
+
        String requestURI = request.getRequestURI();

        if (isSkip(requestURI)){
@ -85,11 +120,12 @@ public class AuthorizationInterceptor extends HandlerInterceptorAdapter {
        //设置用户信息到threadLocal中
        LoginUserVO loginUserVO = new LoginUserVO();
        if (StringUtils.isBlank(customerId)){
-            customerId = CommonConstants.DEFAULT_FREE_OPEN_CUSTOMER_ID;
+            customerId = CommonConstants.LOGIN_USER_CUSTOMER_ANONYMOUS;
        }
        loginUserVO.setCustomerId(customerId);
        loginUserVO.setUserId(userId);
        LoginUserUtil.set(loginUserVO);
+
        return true;
    }

--- a/tduck-api/src/main/resources/application.yml
+++ b/tduck-api/src/main/resources/application.yml
@ -78,7 +78,7 @@ platform:

 aj:
  captcha:
-    enable: true
+    enable: false
    water-mark: empet
    cache-type: redis
    type: default
--- a/tduck-common/src/main/java/com/tduck/cloud/common/constant/CommonConstants.java
+++ b/tduck-common/src/main/java/com/tduck/cloud/common/constant/CommonConstants.java
@ -44,7 +44,12 @@ public interface CommonConstants {
    /**
     * 平台其他散户默认客户Id
     */
-    String DEFAULT_FREE_OPEN_CUSTOMER_ID = "free_open";
+    String LOGIN_USER_CUSTOMER_ANONYMOUS = "anonymous";
+
+    /**
+     * 当前登录用户：匿名用户
+     */
+    String LOGIN_USER_ID_ANONYMOUS = "anonymous";


    /**