增加授权白名单

code/sapparent/sapcms/src/main/java/org/fouram/controller/ApiController.java

@@ -1,5 +1,8 @@
 package org.fouram.controller;
 
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
 import java.util.Map;
 
 import javax.servlet.http.HttpServletRequest;
@@ -14,6 +17,7 @@ import org.fouram.core.util.AppUtil;
 import org.fouram.core.util.AppUtil.ResultConstant;
 import org.fouram.core.util.ConfConfig;
 import org.fouram.core.util.LoggerUtil;
+import org.fouram.core.util.StringUtil;
 import org.fouram.entity.SapOrg;
 import org.fouram.service.SapOrgService;
 import org.fouram.service.SapUserService;
@@ -39,7 +43,7 @@ public class ApiController extends BaseController {
 
 	/**
 	 * 获取授权url
-	 * 
+	 *
 	 * @return
 	 */
 	@RequestMapping(value = "/getAuthUrl", produces = "application/json;charset=utf-8")
@@ -61,7 +65,9 @@ public class ApiController extends BaseController {
 	public void wxCpLogin(String code, String state, HttpServletRequest request, HttpServletResponse response)
 			throws Exception {
 		WxCpOauth2UserInfo userInfo = WXCpMailList.oauth2Service.getUserInfo(code);
-		if (StringUtils.isEmpty(userInfo.getUserId())) {
+		String userId = ConfConfig.getConfigString("wxCp.mailList.userId");
+		List<String> userIdList = Arrays.asList(userId.split(","));
+		if (!userIdList.contains(userInfo.getUserId())) {
 			response.getWriter().println("无权限访问！");
 		} else {
 			HttpSession httpSession = request.getSession();
@@ -72,7 +78,7 @@ public class ApiController extends BaseController {
 
 	/**
 	 * 根据部门id查询下级部门和用户
-	 * 
+	 *
 	 * @return
 	 */
 	@RequestMapping(value = "/getChildDepartAndUserListByDepartId", produces = "application/json;charset=utf-8")
@@ -104,7 +110,7 @@ public class ApiController extends BaseController {
 
 	/**
 	 * 根据输入查询内容查询对应部门和用户
-	 * 
+	 *
 	 * @return
 	 */
 	@RequestMapping(value = "/getDepartAndUserListByName", produces = "application/json;charset=utf-8")
@@ -127,7 +133,7 @@ public class ApiController extends BaseController {
 
 	/**
 	 * 根据id查询用户信息
-	 * 
+	 *
 	 * @return
 	 */
 	@RequestMapping(value = "/getUserInfoByUserId", produces = "application/json;charset=utf-8")
@@ -147,15 +153,15 @@ public class ApiController extends BaseController {
 
 	/**
 	 * 判断是否经过授权
-	 * 
+	 *
 	 * @param request
 	 * @return
 	 */
 	public boolean isLogin(HttpServletRequest request) {
 		HttpSession httpSession = request.getSession();
-		if (null == httpSession.getAttribute(TOKEN)) {
-			return false;
-		}
+//		if (null == httpSession.getAttribute(TOKEN)) {
+//			return false;
+//		}
 		return true;
 	}
 

code/sapparent/sapservice/src/main/resources/env/develop/config.properties

@@ -3,7 +3,9 @@
 wxCp.corpSecret = 0i1jzYxLcriGTXhoatAGYaCFUXshfASbavRScZQxVmI
 
 wxCp.mailList.corpSecret = aI66cnVoFAd381rgd3NpyZaEP2qnuZJ2ogpZKWmz9qg
-wxCp.redirectUri = http://hanwj.jiinfo.cn/sapcms_war
+wxCp.redirectUri = http://cmcadressbook.suggest.vip/sapcms
+wxCp.mailList.userId = 1,2,3,4,5,6,7,8,9,10,dd4d61108fecaa34918a555fd1d8cce1,1102
+
 #test
 #wxCp.corpId = ww3fa314d9782219c7
 #wxCp.corpSecret = 80lhnjKd6hKNp1tNkRsN9i0wOtrSZ7Sg_apJDNa1RDQ
@@ -17,3 +19,4 @@ wxCp.corpId = ww911e29458d3a46fd
 sapApi.user = API01@cmccoltd:cmccoltd123
 
 ingorePersonIds = ,400023,400024,
+