mirrors/pig
1
0
Fork 0
mirror of https://gitee.com/log4j/pig.git synced 2024-12-23 05:00:23 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: 🐛 经过代码检查,不推荐使用hutool的StrUtil

Browse Source 
fix: 🐛 去掉一段无用代码;
fix: 🐛 创建私有构造方法
This commit is contained in:
fxw 2023-04-04 14:04:09 +08:00
parent 517e644e2c
commit 6f2948b793
4 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigOAuthRequestInterceptor.java
View File

@ -1,7 +1,7 @@
package com.pig4cloud.pig.common.security.component;
import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.util.StrUtil;
import com.baomidou.mybatisplus.core.toolkit.StringUtils;
import com.pig4cloud.pig.common.core.constant.SecurityConstants;
import com.pig4cloud.pig.common.core.util.WebUtils;
import feign.RequestInterceptor;
@ -52,7 +52,7 @@ public class PigOAuthRequestInterceptor implements RequestInterceptor {
HttpServletRequest request = WebUtils.getRequest().get();
// 避免请求参数的 query token 无法传递
String token = tokenResolver.resolve(request);
if (StrUtil.isBlank(token)) {
if (StringUtils.isBlank(token)) {
return;
}
template.header(HttpHeaders.AUTHORIZATION,

11
pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigSecurityInnerAspect.java
View File

@ -48,12 +48,13 @@ public class PigSecurityInnerAspect implements Ordered {
@Around("@within(inner) || @annotation(inner)")
public Object around(ProceedingJoinPoint point, Inner inner) {
// 实际注入的inner实体由表达式后一个注解决定即是方法上的@Inner注解实体若方法上无@Inner注解则获取类上的
if (inner == null) {
Class<?> clazz = point.getTarget().getClass();
inner = AnnotationUtils.findAnnotation(clazz, Inner.class);
}
// 这段代码没有意义拦截的就是@Inner注解怎么会为null呢
// if (inner == null) {
// Class<?> clazz = point.getTarget().getClass();
// inner = AnnotationUtils.findAnnotation(clazz, Inner.class);
// }
String header = request.getHeader(SecurityConstants.FROM);
if (inner.value() && !StrUtil.equals(SecurityConstants.FROM_IN, header)) {
if (inner.value() && !SecurityConstants.FROM_IN.equals(header)) {
log.warn("访问接口 {} 没有权限", point.getSignature().getName());
throw new AccessDeniedException("Access is denied");
}

5
pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/util/SecurityUtils.java
View File

@ -16,6 +16,7 @@
package com.pig4cloud.pig.common.security.util;
import cn.hutool.core.text.CharSequenceUtil;
import cn.hutool.core.util.StrUtil;
import com.pig4cloud.pig.common.core.constant.SecurityConstants;
import com.pig4cloud.pig.common.security.service.PigUser;
@ -75,9 +76,9 @@ public class SecurityUtils {
List<Long> roleIds = new ArrayList<>();
authorities.stream()
.filter(granted -> StrUtil.startWith(granted.getAuthority(), SecurityConstants.ROLE))
.filter(granted -> CharSequenceUtil.startWith(granted.getAuthority(), SecurityConstants.ROLE))
.forEach(granted -> {
String id = StrUtil.removePrefix(granted.getAuthority(), SecurityConstants.ROLE);
String id = CharSequenceUtil.removePrefix(granted.getAuthority(), SecurityConstants.ROLE);
roleIds.add(Long.parseLong(id));
});
return roleIds;

2
pig-common/pig-common-xss/src/main/java/com/pig4cloud/pig/common/xss/core/XssHolder.java
View File

@ -23,6 +23,8 @@ package com.pig4cloud.pig.common.xss.core;
*/
public class XssHolder {
private XssHolder() {}
private static final ThreadLocal<Boolean> TL = new ThreadLocal<>();
private static final ThreadLocal<XssCleanIgnore> TL_IGNORE = new ThreadLocal<>();