Skip to content

O
order-group
Commit bc6de12e by xiaoer.li@freemud.com
Options

Merge remote-tracking branch 'remotes/origin/feature/1.9.18_订单_购物车_channel_鉴权' into qa 

# Conflicts:
#	order-application-service/src/main/java/cn/freemud/aop/WebAspect.java
parents a7cc81b5 c1c647ca
Showing with 25 additions and 4 deletions
order-application-service/src/main/java/cn/freemud/aop/WebAspect.java
...@@ -31,6 +31,7 @@ import java.beans.PropertyDescriptor; ...@@ -31,6 +31,7 @@ import java.beans.PropertyDescriptor;
import java.lang.reflect.Method; import java.lang.reflect.Method;
import java.util.Arrays; import java.util.Arrays;
import java.util.List; import java.util.List;
import java.util.Objects;
/** /**
* All rights Reserved, Designed By www.freemud.cn * All rights Reserved, Designed By www.freemud.cn
...@@ -70,6 +71,8 @@ public class WebAspect { ...@@ -70,6 +71,8 @@ public class WebAspect {
private static final String SESSION_ID_STR = "sessionId"; private static final String SESSION_ID_STR = "sessionId";
private static final String APP_CHANNEL = "3";
@Pointcut("execution(* cn.freemud.controller..*.*(..))") @Pointcut("execution(* cn.freemud.controller..*.*(..))")
public void webAspect() { public void webAspect() {
} }
...@@ -86,14 +89,21 @@ public class WebAspect { ...@@ -86,14 +89,21 @@ public class WebAspect {
// 是否授权验证 // 是否授权验证
AssortmentCustomerInfoVo userInfo = assortmentCustomerInfoManager.getCustomerInfoByObject(sessionId); AssortmentCustomerInfoVo userInfo = assortmentCustomerInfoManager.getCustomerInfoByObject(sessionId);
if (!notFilterUrls.contains(requestUrl)) { if (!notFilterUrls.contains(requestUrl)) {
if(userInfo == null || StringUtils.isEmpty(userInfo.getMemberId())) { if(userInfo == null) {
throw new CommonServiceException(CommonResponseResult.USER_UNAUTHORIZED);
}
// app 没有unionId得概念, 并且app上是thirdMemberId概念。 不需要做校验
if(!Objects.equals(userInfo.getChannel(), APP_CHANNEL)) {
if(StringUtils.isEmpty(userInfo.getMemberId())) {
throw new CommonServiceException(CommonResponseResult.USER_UNAUTHORIZED); throw new CommonServiceException(CommonResponseResult.USER_UNAUTHORIZED);
} }
List<String> unauthorizedUrls = Arrays.asList(getNotFilterUrl(CommonRedisKeyConstant.SAAS_NOT_AUTHORIZED_URL, NOT_AUTHORIZED_KEY).split(",")); List<String> unauthorizedUrls = Arrays.asList(getNotFilterUrl(CommonRedisKeyConstant.SAAS_NOT_AUTHORIZED_URL, NOT_AUTHORIZED_KEY).split(","));
if (!unauthorizedUrls.contains(requestUrl) && StringUtils.isEmpty(userInfo.getUnionId()) if (!unauthorizedUrls.contains(requestUrl) && StringUtils.isEmpty(userInfo.getUnionId())) {
&& (StringUtils.isEmpty(userInfo.getChannel()) || !"3".equals(userInfo.getChannel()))) {
throw new CommonServiceException(CommonResponseResult.USER_UNAUTHORIZED); throw new CommonServiceException(CommonResponseResult.USER_UNAUTHORIZED);
} }
} else {
// app上是thirdMemberId概念
}
} }
Object[] args = joinPoint.getArgs(); Object[] args = joinPoint.getArgs();
for (Object arg : args) { for (Object arg : args) {
......
shopping-cart-application-service/src/main/java/cn/freemud/aop/WebAspect.java
...@@ -31,6 +31,7 @@ import java.beans.PropertyDescriptor; ...@@ -31,6 +31,7 @@ import java.beans.PropertyDescriptor;
import java.lang.reflect.Method; import java.lang.reflect.Method;
import java.util.Arrays; import java.util.Arrays;
import java.util.List; import java.util.List;
import java.util.Objects;
/** /**
* All rights Reserved, Designed By www.freemud.cn * All rights Reserved, Designed By www.freemud.cn
...@@ -70,6 +71,8 @@ public class WebAspect { ...@@ -70,6 +71,8 @@ public class WebAspect {
private static final String SESSION_ID_STR = "sessionId"; private static final String SESSION_ID_STR = "sessionId";
private static final String APP_CHANNEL = "3";
@Pointcut("execution(* cn.freemud.controller..*.*(..))") @Pointcut("execution(* cn.freemud.controller..*.*(..))")
public void webAspect() { public void webAspect() {
} }
...@@ -86,13 +89,21 @@ public class WebAspect { ...@@ -86,13 +89,21 @@ public class WebAspect {
// 是否授权验证 // 是否授权验证
AssortmentCustomerInfoVo userInfo = assortmentCustomerInfoManager.getCustomerInfoByObject(sessionId); AssortmentCustomerInfoVo userInfo = assortmentCustomerInfoManager.getCustomerInfoByObject(sessionId);
if (!notFilterUrls.contains(requestUrl)) { if (!notFilterUrls.contains(requestUrl)) {
if(userInfo == null || StringUtils.isEmpty(userInfo.getMemberId())) { if(userInfo == null) {
throw new CommonServiceException(CommonResponseResult.USER_UNAUTHORIZED);
}
// app 没有unionId得概念, 并且app上是thirdMemberId概念。 不需要做校验
if(!Objects.equals(userInfo.getChannel(), APP_CHANNEL)) {
if(StringUtils.isEmpty(userInfo.getMemberId())) {
throw new CommonServiceException(CommonResponseResult.USER_UNAUTHORIZED); throw new CommonServiceException(CommonResponseResult.USER_UNAUTHORIZED);
} }
List<String> unauthorizedUrls = Arrays.asList(getNotFilterUrl(CommonRedisKeyConstant.SAAS_NOT_AUTHORIZED_URL, NOT_AUTHORIZED_KEY).split(",")); List<String> unauthorizedUrls = Arrays.asList(getNotFilterUrl(CommonRedisKeyConstant.SAAS_NOT_AUTHORIZED_URL, NOT_AUTHORIZED_KEY).split(","));
if (!unauthorizedUrls.contains(requestUrl) && StringUtils.isEmpty(userInfo.getUnionId())) { if (!unauthorizedUrls.contains(requestUrl) && StringUtils.isEmpty(userInfo.getUnionId())) {
throw new CommonServiceException(CommonResponseResult.USER_UNAUTHORIZED); throw new CommonServiceException(CommonResponseResult.USER_UNAUTHORIZED);
} }
} else {
// app上是thirdMemberId概念
}
} }
Object[] args = joinPoint.getArgs(); Object[] args = joinPoint.getArgs();
for (Object arg : args) { for (Object arg : args) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment