From ef2b5fa53972a406e57d8662b188196977c718ef Mon Sep 17 00:00:00 2001
From: wxy <14293288+zysysys@user.noreply.gitee.com>
Date: Fri, 24 May 2024 14:31:09 +0800
Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../core/exception/InnerAuthException.java    | 16 ++++++
 .../security/aspect/InnerAuthAspect.java      | 51 +++++++++++++++++++
 2 files changed, 67 insertions(+)
 create mode 100644 jing-common/jing-common-core/src/main/java/com/jing/common/core/exception/InnerAuthException.java
 create mode 100644 jing-common/jing-common-security/src/main/java/com/jing/common/security/aspect/InnerAuthAspect.java

diff --git a/jing-common/jing-common-core/src/main/java/com/jing/common/core/exception/InnerAuthException.java b/jing-common/jing-common-core/src/main/java/com/jing/common/core/exception/InnerAuthException.java
new file mode 100644
index 0000000..61ce38d
--- /dev/null
+++ b/jing-common/jing-common-core/src/main/java/com/jing/common/core/exception/InnerAuthException.java
@@ -0,0 +1,16 @@
+package com.jing.common.core.exception;
+
+/**
+ * 内部认证异常
+ * 
+ * @author ruoyi
+ */
+public class InnerAuthException extends RuntimeException
+{
+    private static final long serialVersionUID = 1L;
+
+    public InnerAuthException(String message)
+    {
+        super(message);
+    }
+}
diff --git a/jing-common/jing-common-security/src/main/java/com/jing/common/security/aspect/InnerAuthAspect.java b/jing-common/jing-common-security/src/main/java/com/jing/common/security/aspect/InnerAuthAspect.java
new file mode 100644
index 0000000..7534bb5
--- /dev/null
+++ b/jing-common/jing-common-security/src/main/java/com/jing/common/security/aspect/InnerAuthAspect.java
@@ -0,0 +1,51 @@
+package com.jing.common.security.aspect;
+
+import org.aspectj.lang.ProceedingJoinPoint;
+import org.aspectj.lang.annotation.Around;
+import org.aspectj.lang.annotation.Aspect;
+import org.springframework.core.Ordered;
+import org.springframework.stereotype.Component;
+import com.jing.common.core.constant.SecurityConstants;
+import com.jing.common.core.exception.InnerAuthException;
+import com.jing.common.core.utils.ServletUtils;
+import com.jing.common.core.utils.StringUtils;
+import com.jing.common.security.annotation.InnerAuth;
+
+/**
+ * 内部服务调用验证处理
+ * 
+ * @author ruoyi
+ */
+@Aspect
+@Component
+public class InnerAuthAspect implements Ordered
+{
+    @Around("@annotation(innerAuth)")
+    public Object innerAround(ProceedingJoinPoint point, InnerAuth innerAuth) throws Throwable
+    {
+        String source = ServletUtils.getRequest().getHeader(SecurityConstants.FROM_SOURCE);
+        // 内部请求验证
+        if (!StringUtils.equals(SecurityConstants.INNER, source))
+        {
+            throw new InnerAuthException("没有内部访问权限，不允许访问");
+        }
+
+        String userid = ServletUtils.getRequest().getHeader(SecurityConstants.DETAILS_USER_ID);
+        String username = ServletUtils.getRequest().getHeader(SecurityConstants.DETAILS_USERNAME);
+        // 用户信息验证
+        if (innerAuth.isUser() && (StringUtils.isEmpty(userid) || StringUtils.isEmpty(username)))
+        {
+            throw new InnerAuthException("没有设置用户信息，不允许访问 ");
+        }
+        return point.proceed();
+    }
+
+    /**
+     * 确保在权限认证aop执行前执行
+     */
+    @Override
+    public int getOrder()
+    {
+        return Ordered.HIGHEST_PRECEDENCE + 1;
+    }
+}