diff --git a/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigOAuthRequestInterceptor.java b/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigOAuthRequestInterceptor.java index bc0aece4..edb5812f 100644 --- a/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigOAuthRequestInterceptor.java +++ b/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigOAuthRequestInterceptor.java @@ -1,7 +1,7 @@ package com.pig4cloud.pig.common.security.component; import cn.hutool.core.collection.CollUtil; -import cn.hutool.core.util.StrUtil; +import com.baomidou.mybatisplus.core.toolkit.StringUtils; import com.pig4cloud.pig.common.core.constant.SecurityConstants; import com.pig4cloud.pig.common.core.util.WebUtils; import feign.RequestInterceptor; @@ -52,7 +52,7 @@ public class PigOAuthRequestInterceptor implements RequestInterceptor { HttpServletRequest request = WebUtils.getRequest().get(); // 避免请求参数的 query token 无法传递 String token = tokenResolver.resolve(request); - if (StrUtil.isBlank(token)) { + if (StringUtils.isBlank(token)) { return; } template.header(HttpHeaders.AUTHORIZATION, diff --git a/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigSecurityInnerAspect.java b/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigSecurityInnerAspect.java index ddae7846..5d812e5f 100644 --- a/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigSecurityInnerAspect.java +++ b/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigSecurityInnerAspect.java @@ -48,12 +48,13 @@ public class PigSecurityInnerAspect implements Ordered { @Around("@within(inner) || @annotation(inner)") public Object around(ProceedingJoinPoint point, Inner inner) { // 实际注入的inner实体由表达式后一个注解决定,即是方法上的@Inner注解实体,若方法上无@Inner注解,则获取类上的 - if (inner == null) { - Class clazz = point.getTarget().getClass(); - inner = AnnotationUtils.findAnnotation(clazz, Inner.class); - } + // 这段代码没有意义,拦截的就是@Inner注解,怎么会为null呢 +// if (inner == null) { +// Class clazz = point.getTarget().getClass(); +// inner = AnnotationUtils.findAnnotation(clazz, Inner.class); +// } String header = request.getHeader(SecurityConstants.FROM); - if (inner.value() && !StrUtil.equals(SecurityConstants.FROM_IN, header)) { + if (inner.value() && !SecurityConstants.FROM_IN.equals(header)) { log.warn("访问接口 {} 没有权限", point.getSignature().getName()); throw new AccessDeniedException("Access is denied"); } diff --git a/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/util/SecurityUtils.java b/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/util/SecurityUtils.java index a26c9e6a..de5368e0 100755 --- a/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/util/SecurityUtils.java +++ b/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/util/SecurityUtils.java @@ -16,6 +16,7 @@ package com.pig4cloud.pig.common.security.util; +import cn.hutool.core.text.CharSequenceUtil; import cn.hutool.core.util.StrUtil; import com.pig4cloud.pig.common.core.constant.SecurityConstants; import com.pig4cloud.pig.common.security.service.PigUser; @@ -75,9 +76,9 @@ public class SecurityUtils { List roleIds = new ArrayList<>(); authorities.stream() - .filter(granted -> StrUtil.startWith(granted.getAuthority(), SecurityConstants.ROLE)) + .filter(granted -> CharSequenceUtil.startWith(granted.getAuthority(), SecurityConstants.ROLE)) .forEach(granted -> { - String id = StrUtil.removePrefix(granted.getAuthority(), SecurityConstants.ROLE); + String id = CharSequenceUtil.removePrefix(granted.getAuthority(), SecurityConstants.ROLE); roleIds.add(Long.parseLong(id)); }); return roleIds; diff --git a/pig-common/pig-common-xss/src/main/java/com/pig4cloud/pig/common/xss/core/XssHolder.java b/pig-common/pig-common-xss/src/main/java/com/pig4cloud/pig/common/xss/core/XssHolder.java index 017b6749..c3a53952 100644 --- a/pig-common/pig-common-xss/src/main/java/com/pig4cloud/pig/common/xss/core/XssHolder.java +++ b/pig-common/pig-common-xss/src/main/java/com/pig4cloud/pig/common/xss/core/XssHolder.java @@ -23,6 +23,8 @@ package com.pig4cloud.pig.common.xss.core; */ public class XssHolder { + private XssHolder() {} + private static final ThreadLocal TL = new ThreadLocal<>(); private static final ThreadLocal TL_IGNORE = new ThreadLocal<>();