package com.yeshi.fanli.aspect; import java.io.IOException; import java.lang.reflect.Method; import java.net.URLDecoder; import javax.annotation.Resource; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.aspectj.lang.ProceedingJoinPoint; import org.aspectj.lang.Signature; import org.aspectj.lang.annotation.Around; import org.aspectj.lang.annotation.Aspect; import org.aspectj.lang.reflect.MethodSignature; import org.springframework.stereotype.Component; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; import org.yeshi.utils.JsonUtil; import com.yeshi.fanli.entity.common.AdminUser; import com.yeshi.fanli.log.LogHelper; import com.yeshi.fanli.service.AdminUserService; import com.yeshi.fanli.util.AESUtil; import com.yeshi.fanli.util.Constant; import com.yeshi.fanli.util.StringUtil; import com.yeshi.fanli.util.annotation.RequestNoLogin; import net.sf.json.JSONObject; @Component @Aspect public class LoginAspect { @Resource private AdminUserService adminUserService; @Around("execution(public * com.yeshi.fanli.controller.admin.*.*(..))") public Object verifyLoginState(ProceedingJoinPoint joinPoint) throws IOException { Signature signature = joinPoint.getSignature(); MethodSignature methodSignature = (MethodSignature) signature; Method targetMethod = methodSignature.getMethod(); ServletRequestAttributes servletContainer = (ServletRequestAttributes) RequestContextHolder .getRequestAttributes(); HttpServletRequest request = servletContainer.getRequest(); AdminUser admin = (AdminUser) request.getSession().getAttribute(Constant.SESSION_ADMIN); if (admin == null) { String from = request.getParameter("from"); // 邮件H5来源的不判断是否登录 if ("emailh5".equalsIgnoreCase(from)) { String callback = request.getParameter("callback"); String signAES = request.getParameter("sign"); if (signAES != null && signAES.contains("%")) signAES = URLDecoder.decode(request.getParameter("sign"), "UTF-8"); String sign = AESUtil.decrypt(signAES, Constant.ADMINH5_AESKEY); if (!StringUtil.isNullOrEmpty(sign)) { LogHelper.error("H5审核签名:" + sign); JSONObject json = JSONObject.fromObject(sign); long time = json.optLong("timeStamp"); long adminId = json.optLong("adminId"); AdminUser adminUser = adminUserService.selectByPrimaryKey(adminId); // 1个小时链接失效 if (System.currentTimeMillis() - time > 1000 * 60 * 60 || adminUser == null) { servletContainer.getResponse().getWriter() .print(callback + "(" + JsonUtil.loadFalseResult(2, "链接失效") + ")"); return null; } else { request.getSession().setAttribute(Constant.SESSION_ADMIN, adminUser); request.getSession().setAttribute(Constant.SESSION_EXTRACT_VERIFY_RESULT, "1"); } } else { servletContainer.getResponse().getWriter() .print(callback + "(" + JsonUtil.loadFalseResult(3, "链接失效") + ")"); return null; } } else { Method realMethod = null; try { realMethod = joinPoint.getTarget().getClass().getDeclaredMethod(joinPoint.getSignature().getName(), targetMethod.getParameterTypes()); } catch (NoSuchMethodException e) { e.printStackTrace(); } catch (SecurityException e) { e.printStackTrace(); } // 判断是否有忽略验证的注解 if (realMethod == null || !realMethod.isAnnotationPresent(RequestNoLogin.class)) { HttpServletResponse response = servletContainer.getResponse(); String callback = request.getParameter("callback"); if (StringUtil.isNullOrEmpty(callback)) { response.getWriter().print(JsonUtil.loadFalseResult(1, "请先登录")); } else { response.getWriter().print(callback + "(" + JsonUtil.loadFalseResult(1, "请先登录") + ")"); } return null; } } } Object[] args = joinPoint.getArgs(); Object obj = null; try { obj = joinPoint.proceed(args); } catch (Throwable e) { e.printStackTrace(); } return obj; } }