gp/A-stock.git - Gitblit

			@@ -68,6 +68,24 @@
			if ("/user/buchahbds.do".equals(url)) {
			return true;
			}
			if ("/user/viewAgreementPdf.do".equals(url)) {
			// PDF查看需要验证用户，允许通过cookie或header的token访问
			User currentUser = getCurrentUser(httpServletRequest);
			if (currentUser == null) {
			// 没有有效token，返回错误
			httpServletResponse.setCharacterEncoding("UTF-8");
			httpServletResponse.setContentType("application/json;charset=UTF-8");
			PrintWriter writer = httpServletResponse.getWriter();
			Map map = Maps.newHashMap();
			map.put("success", Boolean.valueOf(false));
			map.put("msg", "請先登錄，無權限訪問user");
			writer.print(JsonUtil.obj2String(map));
			writer.flush();
			writer.close();
			return false;
			}
			return true; // 已登录，允许访问
			}
			User currentUser = getCurrentUser(httpServletRequest);
			if (null == currentUser) {
			// httpServletResponse.reset();
			@@ -188,6 +206,17 @@
			String property = PropertiesUtil.getProperty("user.cookie.name");
			System.out.println(property);
			String loginToken = request.getHeader(property);

			// 如果header中没有token，尝试从cookie获取
			if (loginToken == null) {
			loginToken = getTokenFromCookie(request);
			}

			// 如果cookie中也没有token，尝试从URL参数获取（用于iframe等场景）
			if (loginToken == null) {
			loginToken = request.getParameter("token");
			}

			if (loginToken == null) {
			System.out.println("loginToken is null");
			return null;
			@@ -202,4 +231,23 @@
			// System.out.println(userJson);
			return (User) JsonUtil.string2Obj(userJson, User.class);
			}

			/**
			* 从Cookie中获取token
			*
			* @param request 请求
			* @return token
			*/
			private String getTokenFromCookie(HttpServletRequest request) {
			javax.servlet.http.Cookie[] cookies = request.getCookies();
			if (cookies != null) {
			String cookieName = PropertiesUtil.getProperty("user.cookie.name");
			for (javax.servlet.http.Cookie cookie : cookies) {
			if (cookieName != null && cookieName.equals(cookie.getName())) {
			return cookie.getValue();
			}
			}
			}
			return null;
			}
			}