diff --git a/src/main/java/com/dsideal/QingLong/DataShare/Controller/DataShareController.java b/src/main/java/com/dsideal/QingLong/DataShare/Controller/DataShareController.java index 29a4fe79..c685f6ec 100644 --- a/src/main/java/com/dsideal/QingLong/DataShare/Controller/DataShareController.java +++ b/src/main/java/com/dsideal/QingLong/DataShare/Controller/DataShareController.java @@ -351,6 +351,19 @@ public class DataShareController extends Controller { Kv kv = Kv.by("token", token); kv.set("success", true); kv.set("message", "获取成功!"); + /* + identity_id=1 系统管理员 + identity_id=2 市州管理员 + identity_id=3 县区管理员 + identity_id=4 单位/学校管理员 + identity_id=5 教师 + identity_id=6 学生 + identity_id=7 家长 + identity_id=8 第三方接入的系统 + + header的Authorization中放入token,再通过header传过来, + */ + kv.set("identity_id", DataShareModel.ShareSystemIdentityId);//第三方业务系统,视为8号身份人群 renderJson(kv); return; } diff --git a/src/main/java/com/dsideal/QingLong/DataShare/Model/DataShareModel.java b/src/main/java/com/dsideal/QingLong/DataShare/Model/DataShareModel.java index afe030d4..a8f777cd 100644 --- a/src/main/java/com/dsideal/QingLong/DataShare/Model/DataShareModel.java +++ b/src/main/java/com/dsideal/QingLong/DataShare/Model/DataShareModel.java @@ -13,6 +13,8 @@ import com.jfinal.plugin.activerecord.SqlPara; import java.util.*; public class DataShareModel { + public static final int ShareSystemIdentityId = 8; + public Page listSystem(String keyword, int exclude, int page, int limit) { if (StrKit.isBlank(keyword)) keyword = ""; Kv kv = Kv.by("keyword", keyword); diff --git a/src/main/java/com/dsideal/QingLong/Interceptor/IsLoginInterceptor.java b/src/main/java/com/dsideal/QingLong/Interceptor/IsLoginInterceptor.java index 223f750e..1ca3ad9f 100644 --- a/src/main/java/com/dsideal/QingLong/Interceptor/IsLoginInterceptor.java +++ b/src/main/java/com/dsideal/QingLong/Interceptor/IsLoginInterceptor.java @@ -1,10 +1,11 @@ package com.dsideal.QingLong.Interceptor; -import com.dsideal.QingLong.Util.CommonUtil; +import com.dsideal.QingLong.DataShare.Model.DataShareModel; import com.dsideal.QingLong.Util.SessionKit; import com.jfinal.aop.Interceptor; import com.jfinal.aop.Invocation; import com.jfinal.core.Controller; +import com.jfinal.plugin.activerecord.Record; /** * 是不是登录正确? @@ -13,6 +14,8 @@ import com.jfinal.core.Controller; */ public class IsLoginInterceptor implements Interceptor { + DataShareModel dm = new DataShareModel(); + @Override public void intercept(Invocation inv) { //正常的登录验证逻辑代码 @@ -31,18 +34,30 @@ public class IsLoginInterceptor implements Interceptor { inv.invoke(); } - //1、读取Session - boolean isTrue; - if ((SessionKit.get(con.getRequest(), con.getResponse(), "person_id") == null)) { - isTrue = false; + + boolean isTrue = false; + //检查是不是header的Authorization中有合法Token + String Authorization = con.getRequest().getHeader("Authorization"); + if (Authorization != null) { + Record record = dm.checkToken(Authorization); + System.out.println(record); + if (record.getBoolean("success")) { + isTrue = true; + } } else { - isTrue = true; + //1、读取Session + if ((SessionKit.get(con.getRequest(), con.getResponse(), "person_id") == null)) { + isTrue = false; + } else { + isTrue = true; + } } + if (isTrue) { inv.invoke(); } else { - //con.renderJson(CommonUtil.returnMessageJson(false, "此接口需要登录后操作!")); - con.redirect("/QingLong/"); + con.renderJson(com.dsideal.QingLong.Util.CommonUtil.returnMessageJson(false, "此接口需要登录后操作!")); + //con.redirect("/QingLong/"); } } } \ No newline at end of file diff --git a/src/main/java/com/dsideal/QingLong/Interceptor/IsSysAdminInterceptor.java b/src/main/java/com/dsideal/QingLong/Interceptor/IsSysAdminInterceptor.java index 06bfbbd1..0ee30d30 100644 --- a/src/main/java/com/dsideal/QingLong/Interceptor/IsSysAdminInterceptor.java +++ b/src/main/java/com/dsideal/QingLong/Interceptor/IsSysAdminInterceptor.java @@ -1,10 +1,12 @@ package com.dsideal.QingLong.Interceptor; +import com.dsideal.QingLong.DataShare.Model.DataShareModel; import com.dsideal.QingLong.Util.CommonUtil; import com.dsideal.QingLong.Util.SessionKit; import com.jfinal.aop.Interceptor; import com.jfinal.aop.Invocation; import com.jfinal.core.Controller; +import com.jfinal.plugin.activerecord.Record; /** * 需要是系统管理员身份校验 @@ -13,6 +15,8 @@ import com.jfinal.core.Controller; */ public class IsSysAdminInterceptor implements Interceptor { + DataShareModel dm = new DataShareModel(); + @Override public void intercept(Invocation inv) { IsSysAdminInterface annotation = inv.getMethod().getAnnotation(IsSysAdminInterface.class); @@ -30,6 +34,17 @@ public class IsSysAdminInterceptor implements Interceptor { inv.invoke(); } boolean isTrue = false; + + //如果携带了token + int identityId = -1; + String Authorization = con.getRequest().getHeader("Authorization"); + if (Authorization != null) { + Record record = dm.checkToken(Authorization); + if (record.getBoolean("success")) { + identityId = DataShareModel.ShareSystemIdentityId; + } + } + String[] value = annotation.value(); if (SessionKit.get(con.getRequest(), con.getResponse(), "identity_id") != null) { for (String v : value) { @@ -37,6 +52,10 @@ public class IsSysAdminInterceptor implements Interceptor { isTrue = true; break; } + if (identityId == Integer.parseInt(v)) { + isTrue = true; + break; + } } } if (isTrue) {