|
|
@@ -19,58 +19,6 @@ public class AuthInterceptor implements HandlerInterceptor {
|
|
|
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
|
|
|
log.info(">>>AuthInterceptor>>>>>>>在请求处理之前进行调用(Controller方法调用之前)");
|
|
|
log.info(">>>>>>>>>>>>>>>" + request.getRequestURL() + "<<<<<<<<<<<<<<<<<<<<<<");
|
|
|
- //增加响应头缺失代码
|
|
|
- response.addHeader("X-Frame-Options", "SAMEORIGIN");
|
|
|
- response.addHeader("Referrer-Policy", "origin");
|
|
|
- response.addHeader("Content-Security-Policy", "object-src 'self'");
|
|
|
- response.addHeader("X-Permitted-Cross-Domain-Policies", "master-only");
|
|
|
- response.addHeader("X-Content-Type-Options", "nosniff");
|
|
|
- response.addHeader("X-XSS-Protection", "1; mode=block");
|
|
|
- response.addHeader("X-Download-Options", "noopen");
|
|
|
- response.addHeader("Strict-Transport-Security", "max-age=63072000; includeSubdomains; preload");
|
|
|
- //处理cookie问题
|
|
|
- Cookie[] cookies = request.getCookies();
|
|
|
- if (cookies != null) {
|
|
|
- for (Cookie cookie : cookies) {
|
|
|
- String value = cookie.getValue();
|
|
|
- StringBuilder builder = new StringBuilder();
|
|
|
- builder.append(cookie.getName() + "=" + value + ";");
|
|
|
- builder.append("Secure;");//Cookie设置Secure标识
|
|
|
- builder.append("HttpOnly;");//Cookie设置HttpOnly
|
|
|
- response.addHeader("Set-Cookie", builder.toString());
|
|
|
- }
|
|
|
- }
|
|
|
- if (request.getRequestURI().contains("/poiApi/")) {
|
|
|
- return true;
|
|
|
- }
|
|
|
- String token = request.getHeader("token");
|
|
|
- String requestURI = request.getRequestURI();
|
|
|
- if (StringUtils.isEmpty(token)) {
|
|
|
- token = request.getParameter("token");
|
|
|
- }
|
|
|
- if (StringUtils.isEmpty(token)) {
|
|
|
- response.setCharacterEncoding("utf-8");
|
|
|
- response.setContentType("application/json; charset=utf-8");
|
|
|
- PrintWriter writer = response.getWriter();
|
|
|
- writer.write("无token");
|
|
|
- return false;
|
|
|
- }
|
|
|
- log.info("token : [ {} ]", token);
|
|
|
- String userRedis = NetTools.getInstance().getUserByToken(token, requestURI, response, request);
|
|
|
- if (userRedis.contains("无效token")) {
|
|
|
- response.setCharacterEncoding("utf-8");
|
|
|
- response.setContentType("application/json; charset=utf-8");
|
|
|
- PrintWriter writer = response.getWriter();
|
|
|
- writer.write("无效token");
|
|
|
- return false;
|
|
|
- } else if (userRedis.contains("无权限")) {
|
|
|
- response.setCharacterEncoding("utf-8");
|
|
|
- response.setContentType("application/json; charset=utf-8");
|
|
|
- PrintWriter writer = response.getWriter();
|
|
|
- writer.write("无权限");
|
|
|
- return false;
|
|
|
- }
|
|
|
-
|
|
|
return true;
|
|
|
}
|
|
|
|
DESKTOP-6LTVLN7\Liumouren