Example 1 with AccessDeniedException
use of com.baidu.dsp.common.exception.AccessDeniedException in project disconf by knightliao.
the class RoleResourceAspect method decideAccess.
/**
* 判断当前用户对访问的方法是否有权限
*
* @param pjp 方法
* @param requestMapping 方法上的annotation
*
* @return
*
* @throws Throwable
*/
@Around("anyPublicMethod() && @annotation(requestMapping) && !@annotation(com.baidu.dsp.common.annotation.NoAuth)")
public Object decideAccess(ProceedingJoinPoint pjp, RequestMapping requestMapping) throws Throwable {
// 获取method上的url,若未标注value则默认为空字符串
String[] values = requestMapping.value();
String methodUrl = "";
if (values.length != 0) {
methodUrl = values[0];
}
String clsUrl = pjp.getTarget().getClass().getAnnotation(RequestMapping.class).value()[0];
// 拼接method和class上标注的url
if (!clsUrl.endsWith(RoleResourceConstant.URL_SPLITOR) && !methodUrl.startsWith(RoleResourceConstant.URL_SPLITOR)) {
clsUrl += RoleResourceConstant.URL_SPLITOR;
}
String urlPattarn = clsUrl + methodUrl;
if (!urlPattarn.endsWith(RoleResourceConstant.URL_SPLITOR)) {
urlPattarn += RoleResourceConstant.URL_SPLITOR;
}
if (noAuthCheckUrl != null && noAuthCheckUrl.contains(urlPattarn)) {
LOG.info("don't need to check this url: " + urlPattarn);
} else {
// 获取method上标注的http method,若未标注method则默认为GET
RequestMethod[] methods = requestMapping.method();
RequestMethod methodType = RequestMethod.GET;
if (methods.length != 0) {
methodType = methods[0];
}
String urlInfo = urlPattarn + ", method:" + methodType.toString();
// 获取用户角色
Visitor visitor = ThreadContext.getSessionVisitor();
if (visitor == null) {
LOG.warn("No session visitor!");
throw new AccessDeniedException("No session visitor! " + urlInfo);
}
Integer roleId = visitor.getRoleId();
String visitorInfo = ", UserId:" + visitor.getId() + ", RoleId:" + roleId;
Boolean isPriviledged = true;
// 判断用户是否有权限访问方法
if (!this.isMethodAccessible(urlPattarn, methodType, roleId)) {
isPriviledged = false;
throw new AccessDeniedException("Access Denied: " + urlInfo + visitorInfo);
}
LOG.info("Accessing URL:" + urlInfo + visitorInfo + ", Is priviledged:" + isPriviledged.toString());
}
Object rtnOb = null;
try {
// 执行方法
rtnOb = pjp.proceed();
} catch (Throwable t) {
LOG.info(t.getMessage());
throw t;
}
return rtnOb;
}
Also used :
AccessDeniedException(com.baidu.dsp.common.exception.AccessDeniedException)
Visitor(com.baidu.disconf.web.service.user.dto.Visitor)
RequestMethod(org.springframework.web.bind.annotation.RequestMethod)
Around(org.aspectj.lang.annotation.Around)
Example 2 with AccessDeniedException
use of com.baidu.dsp.common.exception.AccessDeniedException in project disconf by knightliao.
the class MyExceptionHandler method resolveException.
@Override
public ModelAndView resolveException(HttpServletRequest request, HttpServletResponse response, Object o, Exception e) {
LOG.warn(request.getRequestURI() + " ExceptionHandler FOUND. " + e.toString() + "\t" + e.getCause());
// PathVariable 出错
if (e instanceof TypeMismatchException) {
return getParamErrors((TypeMismatchException) e);
// Bean 参数无法映射错误
} else if (e instanceof InvalidPropertyException) {
return getParamErrors((InvalidPropertyException) e);
// @Valid 出错
} else if (e instanceof BindException) {
return ParamValidateUtils.getParamErrors((BindException) e);
// 业务校验处理
} else if (e instanceof FieldException) {
return getParamErrors((FieldException) e);
} else if (e instanceof DocumentNotFoundException) {
response.setStatus(HttpServletResponse.SC_NOT_FOUND);
try {
FileUtils.closeWriter(response.getWriter());
} catch (IOException e1) {
e1.printStackTrace();
}
return null;
// 用户没有请求方法的访问权限
} else if (e instanceof AccessDeniedException) {
LOG.warn("details: " + ((AccessDeniedException) e).getErrorMessage());
return buildError("auth.access.denied", ErrorCode.ACCESS_NOAUTH_ERROR);
} else if (e instanceof HttpRequestMethodNotSupportedException) {
return buildError("syserror.httpmethod", ErrorCode.HttpRequestMethodNotSupportedException);
} else if (e instanceof MissingServletRequestParameterException) {
return buildError("syserror.param.miss", ErrorCode.MissingServletRequestParameterException);
} else if (e instanceof GlobalExceptionAware) {
LOG.error("details: ", e);
GlobalExceptionAware g = (GlobalExceptionAware) e;
return buildError(g.getErrorMessage(), g.getErrorCode());
} else {
LOG.warn("details: ", e);
return buildError("syserror.inner", ErrorCode.GLOBAL_ERROR);
}
}
Also used :
AccessDeniedException(com.baidu.dsp.common.exception.AccessDeniedException)
FieldException(com.baidu.dsp.common.exception.FieldException)
DocumentNotFoundException(com.baidu.dsp.common.exception.DocumentNotFoundException)
GlobalExceptionAware(com.baidu.dsp.common.exception.base.GlobalExceptionAware)
TypeMismatchException(org.springframework.beans.TypeMismatchException)
InvalidPropertyException(org.springframework.beans.InvalidPropertyException)
BindException(org.springframework.validation.BindException)
IOException(java.io.IOException)
MissingServletRequestParameterException(org.springframework.web.bind.MissingServletRequestParameterException)
HttpRequestMethodNotSupportedException(org.springframework.web.HttpRequestMethodNotSupportedException)
Aggregations
AccessDeniedException (com.baidu.dsp.common.exception.AccessDeniedException)2
Visitor (com.baidu.disconf.web.service.user.dto.Visitor)1
DocumentNotFoundException (com.baidu.dsp.common.exception.DocumentNotFoundException)1
FieldException (com.baidu.dsp.common.exception.FieldException)1
GlobalExceptionAware (com.baidu.dsp.common.exception.base.GlobalExceptionAware)1
IOException (java.io.IOException)1
Around (org.aspectj.lang.annotation.Around)1
InvalidPropertyException (org.springframework.beans.InvalidPropertyException)1
TypeMismatchException (org.springframework.beans.TypeMismatchException)1
BindException (org.springframework.validation.BindException)1
HttpRequestMethodNotSupportedException (org.springframework.web.HttpRequestMethodNotSupportedException)1
MissingServletRequestParameterException (org.springframework.web.bind.MissingServletRequestParameterException)1
RequestMethod (org.springframework.web.bind.annotation.RequestMethod)1
