mirror of
https://gitee.com/log4j/pig.git
synced 2024-12-23 13:03:42 +08:00
commit
4a6ada065a
@ -26,6 +26,7 @@ import org.aspectj.lang.ProceedingJoinPoint;
|
|||||||
import org.aspectj.lang.annotation.Around;
|
import org.aspectj.lang.annotation.Around;
|
||||||
import org.aspectj.lang.annotation.Aspect;
|
import org.aspectj.lang.annotation.Aspect;
|
||||||
import org.springframework.core.Ordered;
|
import org.springframework.core.Ordered;
|
||||||
|
import org.springframework.core.annotation.AnnotationUtils;
|
||||||
import org.springframework.security.access.AccessDeniedException;
|
import org.springframework.security.access.AccessDeniedException;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
@ -44,8 +45,13 @@ public class PigSecurityInnerAspect implements Ordered {
|
|||||||
private final HttpServletRequest request;
|
private final HttpServletRequest request;
|
||||||
|
|
||||||
@SneakyThrows
|
@SneakyThrows
|
||||||
@Around("@annotation(inner)")
|
@Around("@within(inner) || @annotation(inner)")
|
||||||
public Object around(ProceedingJoinPoint point, Inner inner) {
|
public Object around(ProceedingJoinPoint point, Inner inner) {
|
||||||
|
//实际注入的inner实体由表达式后一个注解决定,即是方法上的@Inner注解实体,若方法上无@Inner注解,则获取类上的
|
||||||
|
if(inner == null){
|
||||||
|
Class<?> clazz = point.getTarget().getClass();
|
||||||
|
inner = AnnotationUtils.findAnnotation(clazz, Inner.class);
|
||||||
|
}
|
||||||
String header = request.getHeader(SecurityConstants.FROM);
|
String header = request.getHeader(SecurityConstants.FROM);
|
||||||
if (inner.value() && !StrUtil.equals(SecurityConstants.FROM_IN, header)) {
|
if (inner.value() && !StrUtil.equals(SecurityConstants.FROM_IN, header)) {
|
||||||
log.warn("访问接口 {} 没有权限", point.getSignature().getName());
|
log.warn("访问接口 {} 没有权限", point.getSignature().getName());
|
||||||
|
Loading…
Reference in New Issue
Block a user