change:订单和购物车channel=3 跳过鉴权

c1c647ca · xiaoer.li@freemud.com · 98a38a33 · c1c647ca · c1c647ca
Commit c1c647ca authored Apr 10, 2020 by xiaoer.li@freemud.com
Hide whitespace changes
Inline Side-by-side

Showing with 30 additions and 8 deletions

order-application-service/src/main/java/cn/freemud/aop/WebAspect.java
+15 -4

shopping-cart-application-service/src/main/java/cn/freemud/aop/WebAspect.java
+15 -4

No files found.
--- a/order-application-service/src/main/java/cn/freemud/aop/WebAspect.java
+++ b/order-application-service/src/main/java/cn/freemud/aop/WebAspect.java
@@ -31,6 +31,7 @@ import java.beans.PropertyDescriptor;
 import java.lang.reflect.Method;
 import java.util.Arrays;
 import java.util.List;
+import java.util.Objects;
 /**
 * All rights Reserved, Designed By www.freemud.cn
@@ -70,6 +71,8 @@ public class WebAspect {
    private static final String SESSION_ID_STR = "sessionId";
+    private static final String APP_CHANNEL = "3";
    @Pointcut("execution(* cn.freemud.controller..*.*(..))")
    public void webAspect() {
    }
@@ -86,12 +89,20 @@ public class WebAspect {
            // 是否授权验证
            AssortmentCustomerInfoVo userInfo = assortmentCustomerInfoManager.getCustomerInfoByObject(sessionId);
            if (!notFilterUrls.contains(requestUrl)) {
-                if(userInfo == null || StringUtils.isEmpty(userInfo.getMemberId())) {
+                if(userInfo == null) {
                    throw new CommonServiceException(CommonResponseResult.USER_UNAUTHORIZED);
                }
-                List<String> unauthorizedUrls = Arrays.asList(getNotFilterUrl(CommonRedisKeyConstant.SAAS_NOT_AUTHORIZED_URL, NOT_AUTHORIZED_KEY).split(","));
+                // app 没有unionId得概念,   并且app上是thirdMemberId概念。 不需要做校验
-                if (!unauthorizedUrls.contains(requestUrl) && StringUtils.isEmpty(userInfo.getUnionId())) {
+                if(!Objects.equals(userInfo.getChannel(), APP_CHANNEL)) {
-                    throw new CommonServiceException(CommonResponseResult.USER_UNAUTHORIZED);
+                    if(StringUtils.isEmpty(userInfo.getMemberId())) {
+                        throw new CommonServiceException(CommonResponseResult.USER_UNAUTHORIZED);
+                    }
+                    List<String> unauthorizedUrls = Arrays.asList(getNotFilterUrl(CommonRedisKeyConstant.SAAS_NOT_AUTHORIZED_URL, NOT_AUTHORIZED_KEY).split(","));
+                    if (!unauthorizedUrls.contains(requestUrl) && StringUtils.isEmpty(userInfo.getUnionId())) {
+                        throw new CommonServiceException(CommonResponseResult.USER_UNAUTHORIZED);
+                    }
+                } else {
+                    // app上是thirdMemberId概念
                }
            }
            Object[] args = joinPoint.getArgs();

--- a/shopping-cart-application-service/src/main/java/cn/freemud/aop/WebAspect.java
+++ b/shopping-cart-application-service/src/main/java/cn/freemud/aop/WebAspect.java
@@ -31,6 +31,7 @@ import java.beans.PropertyDescriptor;
 import java.lang.reflect.Method;
 import java.util.Arrays;
 import java.util.List;
+import java.util.Objects;
 /**
 * All rights Reserved, Designed By www.freemud.cn
@@ -70,6 +71,8 @@ public class WebAspect {
    private static final String SESSION_ID_STR = "sessionId";
+    private static final String APP_CHANNEL = "3";
    @Pointcut("execution(* cn.freemud.controller..*.*(..))")
    public void webAspect() {
    }
@@ -86,12 +89,20 @@ public class WebAspect {
            // 是否授权验证
            AssortmentCustomerInfoVo userInfo = assortmentCustomerInfoManager.getCustomerInfoByObject(sessionId);
            if (!notFilterUrls.contains(requestUrl)) {
-                if(userInfo == null || StringUtils.isEmpty(userInfo.getMemberId())) {
+                if(userInfo == null) {
                    throw new CommonServiceException(CommonResponseResult.USER_UNAUTHORIZED);
                }
-                List<String> unauthorizedUrls = Arrays.asList(getNotFilterUrl(CommonRedisKeyConstant.SAAS_NOT_AUTHORIZED_URL, NOT_AUTHORIZED_KEY).split(","));
+                // app 没有unionId得概念,   并且app上是thirdMemberId概念。 不需要做校验
-                if (!unauthorizedUrls.contains(requestUrl) && StringUtils.isEmpty(userInfo.getUnionId())) {
+                if(!Objects.equals(userInfo.getChannel(), APP_CHANNEL)) {
-                    throw new CommonServiceException(CommonResponseResult.USER_UNAUTHORIZED);
+                    if(StringUtils.isEmpty(userInfo.getMemberId())) {
+                        throw new CommonServiceException(CommonResponseResult.USER_UNAUTHORIZED);
+                    }
+                    List<String> unauthorizedUrls = Arrays.asList(getNotFilterUrl(CommonRedisKeyConstant.SAAS_NOT_AUTHORIZED_URL, NOT_AUTHORIZED_KEY).split(","));
+                    if (!unauthorizedUrls.contains(requestUrl) && StringUtils.isEmpty(userInfo.getUnionId())) {
+                        throw new CommonServiceException(CommonResponseResult.USER_UNAUTHORIZED);
+                    }
+                } else {
+                    // app上是thirdMemberId概念
                }
            }
            Object[] args = joinPoint.getArgs();