mirror of
https://gitee.com/log4j/pig.git
synced 2024-12-23 05:00:23 +08:00
fix: 🐛 经过代码检查,不推荐使用hutool的StrUtil
fix: 🐛 去掉一段无用代码; fix: 🐛 创建私有构造方法
This commit is contained in:
parent
517e644e2c
commit
6f2948b793
@ -1,7 +1,7 @@
|
||||
package com.pig4cloud.pig.common.security.component;
|
||||
|
||||
import cn.hutool.core.collection.CollUtil;
|
||||
import cn.hutool.core.util.StrUtil;
|
||||
import com.baomidou.mybatisplus.core.toolkit.StringUtils;
|
||||
import com.pig4cloud.pig.common.core.constant.SecurityConstants;
|
||||
import com.pig4cloud.pig.common.core.util.WebUtils;
|
||||
import feign.RequestInterceptor;
|
||||
@ -52,7 +52,7 @@ public class PigOAuthRequestInterceptor implements RequestInterceptor {
|
||||
HttpServletRequest request = WebUtils.getRequest().get();
|
||||
// 避免请求参数的 query token 无法传递
|
||||
String token = tokenResolver.resolve(request);
|
||||
if (StrUtil.isBlank(token)) {
|
||||
if (StringUtils.isBlank(token)) {
|
||||
return;
|
||||
}
|
||||
template.header(HttpHeaders.AUTHORIZATION,
|
||||
|
@ -48,12 +48,13 @@ public class PigSecurityInnerAspect implements Ordered {
|
||||
@Around("@within(inner) || @annotation(inner)")
|
||||
public Object around(ProceedingJoinPoint point, Inner inner) {
|
||||
// 实际注入的inner实体由表达式后一个注解决定,即是方法上的@Inner注解实体,若方法上无@Inner注解,则获取类上的
|
||||
if (inner == null) {
|
||||
Class<?> clazz = point.getTarget().getClass();
|
||||
inner = AnnotationUtils.findAnnotation(clazz, Inner.class);
|
||||
}
|
||||
// 这段代码没有意义,拦截的就是@Inner注解,怎么会为null呢
|
||||
// if (inner == null) {
|
||||
// Class<?> clazz = point.getTarget().getClass();
|
||||
// inner = AnnotationUtils.findAnnotation(clazz, Inner.class);
|
||||
// }
|
||||
String header = request.getHeader(SecurityConstants.FROM);
|
||||
if (inner.value() && !StrUtil.equals(SecurityConstants.FROM_IN, header)) {
|
||||
if (inner.value() && !SecurityConstants.FROM_IN.equals(header)) {
|
||||
log.warn("访问接口 {} 没有权限", point.getSignature().getName());
|
||||
throw new AccessDeniedException("Access is denied");
|
||||
}
|
||||
|
@ -16,6 +16,7 @@
|
||||
|
||||
package com.pig4cloud.pig.common.security.util;
|
||||
|
||||
import cn.hutool.core.text.CharSequenceUtil;
|
||||
import cn.hutool.core.util.StrUtil;
|
||||
import com.pig4cloud.pig.common.core.constant.SecurityConstants;
|
||||
import com.pig4cloud.pig.common.security.service.PigUser;
|
||||
@ -75,9 +76,9 @@ public class SecurityUtils {
|
||||
|
||||
List<Long> roleIds = new ArrayList<>();
|
||||
authorities.stream()
|
||||
.filter(granted -> StrUtil.startWith(granted.getAuthority(), SecurityConstants.ROLE))
|
||||
.filter(granted -> CharSequenceUtil.startWith(granted.getAuthority(), SecurityConstants.ROLE))
|
||||
.forEach(granted -> {
|
||||
String id = StrUtil.removePrefix(granted.getAuthority(), SecurityConstants.ROLE);
|
||||
String id = CharSequenceUtil.removePrefix(granted.getAuthority(), SecurityConstants.ROLE);
|
||||
roleIds.add(Long.parseLong(id));
|
||||
});
|
||||
return roleIds;
|
||||
|
@ -23,6 +23,8 @@ package com.pig4cloud.pig.common.xss.core;
|
||||
*/
|
||||
public class XssHolder {
|
||||
|
||||
private XssHolder() {}
|
||||
|
||||
private static final ThreadLocal<Boolean> TL = new ThreadLocal<>();
|
||||
|
||||
private static final ThreadLocal<XssCleanIgnore> TL_IGNORE = new ThreadLocal<>();
|
||||
|
Loading…
Reference in New Issue
Block a user