完善api调用权限验证，增加调试日志输出

src/main/java/com/hb/proj/allconfig/APICallInterceptor.java

@@ -1,8 +1,14 @@
 package com.hb.proj.allconfig;
 
 import java.io.PrintWriter;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
 
 import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.web.servlet.HandlerInterceptor;
 
 import com.hb.proj.utils.JacksonUtils;
@@ -17,11 +23,21 @@ import jakarta.servlet.http.HttpServletResponse;
  *
  */
 public class APICallInterceptor implements HandlerInterceptor {
+	
+	private  static Logger logger=LoggerFactory.getLogger(APICallInterceptor.class);
+	
+	private  static  Set<String> EXCLUDE_PATHS=null;
+	
+	public APICallInterceptor(String excludePath) {
+		if(StringUtils.isNotBlank(excludePath)) {
+			String[] ep=excludePath.split(",");
+			EXCLUDE_PATHS=Collections.unmodifiableSet(new HashSet<>(Arrays.asList(ep)));
+		}
+	}
 
 	@Override
 	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
 			throws Exception {
-		
 		if(!checkAPIAuth(request)) {
 			writeToResponse(response,JacksonUtils.getJSON(RespVOBuilder.error("权限不足或登录已过期")));
 			return false;
@@ -32,10 +48,12 @@ public class APICallInterceptor implements HandlerInterceptor {
 	private boolean checkAPIAuth(HttpServletRequest request) {
 		
 		String reqUri=request.getRequestURI();
-		String contextPath=request.getContextPath();
+		reqUri=reqUri.replaceFirst(request.getContextPath(), "");
 		
-		System.out.println(reqUri);
-		System.out.println(reqUri.replaceFirst(contextPath, ""));
+		if(isExcludePath(reqUri)) {
+			logger.debug("该请求地址为排除地址："+reqUri);
+			return true;
+		}
 		
 		
 		String token=request.getHeader(CacheConfig.TOKEN_HEADER_NAME);
@@ -50,6 +68,22 @@ public class APICallInterceptor implements HandlerInterceptor {
 		return accessToken.verify(reqUri);
 	}
 	
+	
+	private boolean isExcludePath(String path)
+	{
+		if(EXCLUDE_PATHS==null||EXCLUDE_PATHS.size()==0){
+			return false;
+		}
+		for(String pth : EXCLUDE_PATHS)
+		{
+			if(path.indexOf(pth)>=0)
+			{
+				return true;
+			}
+		}
+		return false;
+	}
+	
 	private  void writeToResponse(HttpServletResponse response,String message){
 		PrintWriter out=null;
 		try {
@@ -67,7 +101,7 @@ public class APICallInterceptor implements HandlerInterceptor {
 		}
 	}
 
-
+	
 	
 
 }

src/main/java/com/hb/proj/allconfig/AccessToken.java

@@ -13,7 +13,7 @@ public class AccessToken {
 	private String tokenId;  //等同于userId
 	
 	@JsonIgnore
-	private boolean isSuperAdmin=false;
+	private boolean superAdminIf=false;  //@JsonIgnore  注意导包是否正确；注意属性的命名规范,需要使⽤驼峰规则
 	
 	/**
 	 * 权限值
@@ -37,7 +37,7 @@ public class AccessToken {
 
 	
 	public boolean verify(String uri) {
-		if(isSuperAdmin) {
+		if(superAdminIf) {
 			return true;
 		}
 		if(StringUtils.isBlank(uri)) {
@@ -46,12 +46,12 @@ public class AccessToken {
 		return authCodes.contains("~"+MD5Encrypt.md5(uri.trim())+"~");
 	}
 
-	public boolean isSuperAdmin() {
-		return isSuperAdmin;
+	public boolean getSuperAdminIf() {
+		return superAdminIf;
 	}
 
-	public void setSuperAdmin(boolean isSuperAdmin) {
-		this.isSuperAdmin = isSuperAdmin;
+	public void setSuperAdminIf(boolean superAdminIf) {
+		this.superAdminIf = superAdminIf;
 	}
 
 	public String getTokenId() {

src/main/java/com/hb/proj/allconfig/SpringMvcConfigurer.java

@@ -3,6 +3,7 @@ package com.hb.proj.allconfig;
 import java.util.Arrays;
 import java.util.List;
 
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -19,6 +20,9 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 @Configuration
 public class SpringMvcConfigurer implements WebMvcConfigurer {
 
+	@Value("${api.filter.exclude}") 
+	private String excludePath;
+	
 	/**
 	 * 静态资源的处理
 	 */
@@ -59,14 +63,28 @@ public class SpringMvcConfigurer implements WebMvcConfigurer {
         configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "HEAD", "DELETE", "OPTION"));
         configuration.setAllowedHeaders(Arrays.asList("*"));
         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-        source.registerCorsConfiguration("/**", configuration);
+        source.registerCorsConfiguration("/*", configuration);
 
         // 有多个filter时此处可设置改CorsFilter的优先执行顺序，保证CorsFilter在其他过滤器之前执行（避免其他过滤器执行异常，导致CorsFilter没执行，从而导致跨域失效）
         FilterRegistrationBean<CorsFilter> bean = new FilterRegistrationBean<>(new CorsFilter(source));
         bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
+        
         return bean;
     }
-
+    
+    
+    /**
+     * api调用权限控制过滤器
+     * @return
+     */
+    /*@Bean
+    public FilterRegistrationBean<APICallFilter> apiCallFilter() {
+    	FilterRegistrationBean<APICallFilter> apiFilter=new FilterRegistrationBean<>(new APICallFilter());
+    	apiFilter.addInitParameter("excludePath", excludePath);
+    	//apiFilter.setName("apiCallFilter");
+    	apiFilter.addUrlPatterns("/*");
+    	return apiFilter;
+    }*/
     
     
 	@Override
@@ -74,9 +92,9 @@ public class SpringMvcConfigurer implements WebMvcConfigurer {
 		//LocaleChangeInterceptor localeInterceptor = new LocaleChangeInterceptor();
         //localeInterceptor.setParamName("lang");  //拦截lang参数
 		
-		APICallInterceptor  apiCallInterceptor=new APICallInterceptor();
-		registry.addInterceptor(apiCallInterceptor)
-				.excludePathPatterns("/**/login/**");
+		APICallInterceptor  apiCallInterceptor=new APICallInterceptor(excludePath);
+		registry.addInterceptor(apiCallInterceptor);
+				//.excludePathPatterns("");
 		
 	}
 	

src/main/java/com/hb/proj/allconfig/SysLogAspect.java

@@ -42,7 +42,7 @@ public class SysLogAspect {
 	@Autowired
 	private OperationLogService  service;
 	
-	@Pointcut("@annotation(com.hb.proj.allconfig.SysLog)")
+	@Pointcut("execution(* com.hb.proj.*.controller.*.*(..)) and @annotation(com.hb.proj.allconfig.SysLog)")
     public void logPoincut() {
     }
 	

src/main/java/logback-spring.xml

@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<configuration>
+    <appender name="consoleAppender" class="ch.qos.logback.core.ConsoleAppender">
+        <layout class="ch.qos.logback.classic.PatternLayout">
+            <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg %n
+            </Pattern>
+        </layout>
+        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+            <level>DEBUG</level>
+        </filter>
+    </appender>
+    
+    
+ 
+    
+ 
+    <springProfile name="dev">
+        <root level="WARN"  additivity="false">
+            <appender-ref ref="consoleAppender"/>
+       </root>
+        <logger name="com.hb.proj" level="DEBUG" additivity="false">
+             <appender-ref ref="consoleAppender"/>
+        </logger>
+       
+    </springProfile>
+ 
+    
+ 
+</configuration>