1 năm trước cách đây · 3a92baf9ee
--- a/backend/src/main/java/com/jiayue/ssi/handler/RestAccessDeniedHandler.java
+++ b/backend/src/main/java/com/jiayue/ssi/handler/RestAccessDeniedHandler.java
@@ -5,7 +5,15 @@ import javax.servlet.http.HttpServletResponse;
 
				 
			
 
				 import com.jiayue.ssi.annotation.OperateLog;
			
 
				 import com.jiayue.ssi.backenum.AuditType;
			
 
				+import com.jiayue.ssi.backenum.BusinessStatus;
			
 
				 import com.jiayue.ssi.backenum.BusinessType;
			
 
				+import com.jiayue.ssi.entity.SysOperLog;
			
 
				+import com.jiayue.ssi.entity.SysUser;
			
 
				+import com.jiayue.ssi.factory.OperateLogFactory;
			
 
				+import com.jiayue.ssi.util.IPUtils;
			
 
				+import com.jiayue.ssi.util.JwtTokenUtil;
			
 
				+import com.jiayue.ssi.util.ServletUtils;
			
 
				+import io.jsonwebtoken.Claims;
			
 
				 import org.springframework.security.access.AccessDeniedException;
			
 
				 import org.springframework.security.web.access.AccessDeniedHandler;
			
 
				 import org.springframework.stereotype.Service;
			
@@ -22,8 +30,38 @@ import java.io.IOException;
 
				 @Service
			
 
				 public class RestAccessDeniedHandler implements AccessDeniedHandler {
			
 
				     @Override
			
 
				-    @OperateLog(title = "权限认证", businessType = BusinessType.BAC, auditType = AuditType.SYS,operdesc = "没有接口访问权限")
			
 
				     public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException e) throws IOException {
			
 
				+        String token = request.getHeader("Authorization");
			
 
				+        JwtTokenUtil jwtTokenUtil = new JwtTokenUtil();
			
 
				+        Claims claims = jwtTokenUtil.getClaimsFromToken(token);
			
 
				+        String username="";
			
 
				+        if (claims==null){
			
 
				+            username = "未知用户";
			
 
				+        }
			
 
				+        else{
			
 
				+            username = claims.getSubject();
			
 
				+        }
			
 
				+        SysOperLog operLog = new SysOperLog();
			
 
				+        operLog.setStatus(BusinessStatus.FAIL.ordinal());
			
 
				+        // 请求的地址
			
 
				+        String ip = IPUtils.getIpAddr();
			
 
				+        operLog.setOperIp(ip);
			
 
				+        operLog.setOperUrl(org.apache.commons.lang3.StringUtils.substring(ServletUtils.getRequest().getRequestURI(), 0, 255));
			
 
				+        operLog.setOperName(username);
			
 
				+        // 设置请求方式
			
 
				+        operLog.setRequestMethod(ServletUtils.getRequest().getMethod());
			
 
				+        operLog.setCreateBy(username);
			
 
				+        // 设置action动作
			
 
				+        operLog.setBusinessType(BusinessType.BAC.ordinal());
			
 
				+        // 设置标题
			
 
				+        operLog.setTitle("越权访问");
			
 
				+        // 操作描述
			
 
				+        operLog.setOperdesc("越权访问");
			
 
				+        // 审计类型
			
 
				+        operLog.setAuditType(AuditType.SYS.ordinal());
			
 
				+        // 保存数据库
			
 
				+        OperateLogFactory.recordOper(operLog);
			
 
				+
			
 
				         response.setHeader("Access-Control-Allow-Origin", "*");
			
 
				         response.setStatus(402);
			
 
				         response.setContentType("text/html;charset=utf-8");