登录会话拦截优化

pom.xml

@@ -145,16 +145,6 @@
 				<artifactId>freemarker</artifactId>
 				<version>2.3.28</version>
 			</dependency>
-			<dependency>
-				<groupId>org.aspectj</groupId>
-				<artifactId>aspectjweaver</artifactId>
-				<version>1.9.4</version>
-			</dependency>
-			<dependency>
-				<groupId>org.aspectj</groupId>
-				<artifactId>aspectjtools</artifactId>
-				<version>1.9.4</version>
-			</dependency>
 			<dependency>
 				<groupId>javax.servlet</groupId>
 				<artifactId>servlet-api</artifactId>

zyplayer-doc-core/src/main/java/com/zyplayer/doc/core/json/DocResponseJson.java

@@ -1,6 +1,7 @@
 package com.zyplayer.doc.core.json;
 
 import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson.annotation.JSONField;
 import com.alibaba.fastjson.serializer.SerializeConfig;
 import com.alibaba.fastjson.serializer.SimpleDateFormatSerializer;
 import com.baomidou.mybatisplus.core.metadata.IPage;
@@ -20,9 +21,11 @@ import java.util.Objects;
  */
 public class DocResponseJson<T> implements ResponseJson<T> {
 	private static SerializeConfig mapping = new SerializeConfig();
+	
 	static {
 		mapping.put(Date.class, new SimpleDateFormatSerializer("yyyy-MM-dd HH:mm:ss"));
 	}
+	
 	@ApiModelProperty(value = "状态码")
 	private Integer errCode;
 	@ApiModelProperty(value = "返回值说明")
@@ -37,46 +40,46 @@ public class DocResponseJson<T> implements ResponseJson<T> {
 	private Integer pageSize;
 	@ApiModelProperty(value = "总页数")
 	private Integer totalPage;
-
+	
 	public DocResponseJson() {
 		this.errCode = 200;
 	}
-
+	
 	public DocResponseJson(Object data) {
 		this.setData(data);
 		this.errCode = 200;
 	}
-
+	
 	public DocResponseJson(int errCode, String errMsg) {
 		super();
 		this.errCode = errCode;
 		this.errMsg = errMsg;
 	}
-
+	
 	public DocResponseJson(int errCode, String errMsg, Object data) {
 		super();
 		this.setData(data);
 		this.errCode = errCode;
 		this.errMsg = errMsg;
 	}
-
+	
 	public DocResponseJson(Integer errCode) {
 		super();
 		this.errCode = errCode;
 	}
-
+	
 	public Integer getErrCode() {
 		return errCode;
 	}
-
+	
 	public void setErrCode(Integer errCode) {
 		this.errCode = errCode;
 	}
-
+	
 	public String getErrMsg() {
 		return errMsg;
 	}
-
+	
 	public void setErrMsg(String errMsg) {
 		this.errMsg = errMsg;
 	}
@@ -138,13 +141,13 @@ public class DocResponseJson<T> implements ResponseJson<T> {
 			}
 		}
 	}
-
+	
 	/**
 	 * 提示语
 	 *
+	 * @return
 	 * @author 暮光：城中城
 	 * @since 2018年8月7日
-	 * @return
 	 */
 	public static <T> DocResponseJson<T> warn(String errMsg) {
 		return new DocResponseJson<T>(300, errMsg);
@@ -153,9 +156,9 @@ public class DocResponseJson<T> implements ResponseJson<T> {
 	/**
 	 * 错误
 	 *
+	 * @return
 	 * @author 暮光：城中城
 	 * @since 2018年8月7日
-	 * @return
 	 */
 	public static <T> DocResponseJson<T> error(String errMsg) {
 		return new DocResponseJson<T>(500, errMsg);
@@ -164,31 +167,31 @@ public class DocResponseJson<T> implements ResponseJson<T> {
 	/**
 	 * 失败
 	 *
+	 * @return
 	 * @author 暮光：城中城
 	 * @since 2018年8月7日
-	 * @return
 	 */
 	public static <T> DocResponseJson<T> failure(int errCode, String errMsg) {
 		return new DocResponseJson<T>(errCode, errMsg);
 	}
-
+	
 	/**
 	 * 成功的返回方法
 	 *
+	 * @return
 	 * @author 暮光：城中城
 	 * @since 2018年8月7日
-	 * @return
 	 */
 	public static <T> DocResponseJson<T> ok() {
 		return new DocResponseJson<>();
 	}
-
+	
 	/**
 	 * 成功的返回方法
 	 *
+	 * @return
 	 * @author 暮光：城中城
 	 * @since 2018年8月7日
-	 * @return
 	 */
 	public static <T> DocResponseJson<T> ok(Object data) {
 		if (data == null) {
@@ -198,7 +201,7 @@ public class DocResponseJson<T> implements ResponseJson<T> {
 		responseJson.setData(data);
 		return responseJson;
 	}
-
+	
 	public String toJson() {
 		return JSON.toJSONString(this, mapping);
 	}
@@ -215,6 +218,7 @@ public class DocResponseJson<T> implements ResponseJson<T> {
 		}
 	}
 	
+	@JSONField(serialize = false)
 	public boolean isOk() {
 		return Objects.equals(this.errCode, 200);
 	}
@@ -223,5 +227,5 @@ public class DocResponseJson<T> implements ResponseJson<T> {
 	public String toString() {
 		return "DefaultResponseJson [errCode=" + errCode + ", errMsg=" + errMsg + ", data=" + data + "]";
 	}
-
+	
 }

zyplayer-doc-data/pom.xml

@@ -99,14 +99,6 @@
 			<groupId>org.freemarker</groupId>
 			<artifactId>freemarker</artifactId>
 		</dependency>
-		<dependency>
-			<groupId>org.aspectj</groupId>
-			<artifactId>aspectjweaver</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.aspectj</groupId>
-			<artifactId>aspectjtools</artifactId>
-		</dependency>
 	</dependencies>
 
 </project>

zyplayer-doc-data/src/main/java/com/zyplayer/doc/data/aspect/AuthAspect.java

@@ -1,73 +0,0 @@
-package com.zyplayer.doc.data.aspect;
-
-import com.google.common.collect.Maps;
-import com.zyplayer.doc.core.annotation.AuthMan;
-import com.zyplayer.doc.core.json.DocResponseJson;
-import com.zyplayer.doc.core.json.HttpConst;
-import com.zyplayer.doc.core.json.ResponseJson;
-import com.zyplayer.doc.core.util.ThreadLocalUtil;
-import com.zyplayer.doc.data.config.security.DocUserDetails;
-import com.zyplayer.doc.data.config.security.DocUserUtil;
-import com.zyplayer.doc.data.utils.BeanUtil;
-import org.aspectj.lang.ProceedingJoinPoint;
-import org.aspectj.lang.annotation.Around;
-import org.aspectj.lang.annotation.Aspect;
-import org.aspectj.lang.reflect.MethodSignature;
-import org.springframework.stereotype.Component;
-import org.springframework.web.bind.annotation.ResponseBody;
-import org.springframework.web.bind.annotation.RestController;
-import org.springframework.web.servlet.ModelAndView;
-
-import javax.servlet.http.HttpServletRequest;
-import java.lang.reflect.Method;
-import java.net.URLEncoder;
-import java.util.Map;
-
-@Aspect
-@Component
-public class AuthAspect {
-	
-	@Around(value = "@annotation(com.zyplayer.doc.core.annotation.AuthMan) || @within(com.zyplayer.doc.core.annotation.AuthMan)")
-	public Object authController(ProceedingJoinPoint pjp) throws Throwable {
-		AuthMan authMan = BeanUtil.getAnnotation(pjp, AuthMan.class);
-		ResponseBody responseBody = BeanUtil.getAnnotation(pjp, ResponseBody.class);
-		RestController restController = BeanUtil.getAnnotation(pjp, RestController.class);
-		boolean isResponseBody = (restController != null || responseBody != null);
-		
-		Class<?> returnType = ((MethodSignature) pjp.getSignature()).getMethod().getReturnType();
-		DocUserDetails currentUser = DocUserUtil.getCurrentUser();
-		if (currentUser == null) {
-			String reason = "你访问的内容需要登录，请登录后再试";
-			if (isResponseBody) {
-				return DocResponseJson.failure(HttpConst.TOKEN_TIMEOUT, reason);
-			} else if (returnType.isAssignableFrom(ModelAndView.class)) {
-				HttpServletRequest request = ThreadLocalUtil.getHttpServletRequest();
-				StringBuffer requestURL = request.getRequestURL();
-				String requestURLStr = URLEncoder.encode(requestURL.toString(), "utf-8");
-				return new ModelAndView("redirect:./#/user/login?redirect=" + requestURLStr);
-			} else if (returnType.isAssignableFrom(Map.class)) {
-				return Maps.newHashMap();
-			}
-		}
-		// 判断权限是否足够
-		boolean haveAuth = DocUserUtil.haveAuth(authMan.value());
-		if (haveAuth) {
-			return pjp.proceed();
-		}
-		String reasonStr = "没有操作权限，请联系管理员";
-		if (isResponseBody) {
-			Method method = ((MethodSignature) pjp.getSignature()).getMethod();
-			if (method.getReturnType().equals(ResponseJson.class)) {
-				return DocResponseJson.warn(reasonStr);
-			} else {
-				try {
-					return Class.forName(method.getReturnType().getName()).newInstance();
-				} catch (Exception e) {
-					return null;
-				}
-			}
-		} else {
-			return authMan.authUrl();
-		}
-	}
-}

zyplayer-doc-data/src/main/java/com/zyplayer/doc/data/config/DocLoginOriginInterceptor.java

@@ -1,91 +0,0 @@
-package com.zyplayer.doc.data.config;
-
-import com.zyplayer.doc.core.json.HttpConst;
-import com.zyplayer.doc.data.config.security.DocUserUtil;
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.stereotype.Component;
-import org.springframework.web.servlet.HandlerInterceptor;
-import org.springframework.web.servlet.ModelAndView;
-
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-/**
- * 登录和跨域拦截器
- * @author 暮光：城中城
- * @since 2019年05月25日
- */
-@Component
-public class DocLoginOriginInterceptor implements HandlerInterceptor {
-	
-	@Value("${zyplayer.doc.manage.originDomainRegex:}")
-	private String originDomainRegex;
-	
-	@Override
-	public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object arg2, Exception arg3) {
-		// 清理用户信息
-		DocUserUtil.clean();
-	}
-	
-	@Override
-	public void postHandle(HttpServletRequest request, HttpServletResponse response, Object haddler, ModelAndView modelAndView) {
-	}
-	
-	/**
-	 * 记录请求信息
-	 */
-	@Override
-	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object obj) {
-		// 指定域名可跨域访问
-		if (StringUtils.isNotBlank(originDomainRegex)) {
-			String origin = request.getHeader("Origin");
-			if (StringUtils.isNotBlank(origin) && origin.toLowerCase().matches(originDomainRegex)) {
-				response.setHeader("Access-Control-Allow-Origin", origin); // 允许访问的域
-				response.setHeader("Access-Control-Allow-Methods", "HEAD,GET,POST,PUT,DELETE");// 允许GET、POST的外域请求
-				response.setHeader("Access-Control-Allow-Credentials", "true"); // 允许请求带cookie到服务器
-				response.setContentType("application/json; charset=utf-8"); // 设定JSON格式标准输出、及编码
-			}
-		}
-		// 清理用户信息
-		DocUserUtil.clean();
-		// 设置token
-		String accessToken = getCookieValueByRequest(request, HttpConst.ACCESS_TOKEN);
-		DocUserUtil.setAccessToken(accessToken);
-		return true;
-	}
-	
-	/**
-	 * 获取cookie
-	 *
-	 * @param request
-	 * @param name
-	 * @return
-	 */
-	public static Cookie getCookieByRequest(HttpServletRequest request, String name) {
-		if (StringUtils.isEmpty(name)) {
-			return null;
-		}
-		Cookie[] cookies = request.getCookies();
-		for (int i = 0; (cookies != null) && (i < cookies.length); i++) {
-			Cookie cookie = cookies[i];
-			if (name.equals(cookie.getName())) {
-				return cookie;
-			}
-		}
-		return null;
-	}
-	
-	/**
-	 * 获取cookie值
-	 *
-	 * @param request
-	 * @param name
-	 * @return
-	 */
-	public static String getCookieValueByRequest(HttpServletRequest request, String name) {
-		Cookie cookie = getCookieByRequest(request, name);
-		return cookie == null ? null : cookie.getValue();
-	}
-}

zyplayer-doc-data/src/main/java/com/zyplayer/doc/data/utils/BeanUtil.java

@@ -1,33 +0,0 @@
-package com.zyplayer.doc.data.utils;
-
-import org.aspectj.lang.JoinPoint;
-import org.aspectj.lang.Signature;
-import org.aspectj.lang.reflect.MethodSignature;
-
-import java.lang.annotation.Annotation;
-import java.lang.reflect.Method;
-
-public class BeanUtil {
-	
-	@SuppressWarnings({"unchecked"})
-	public static <T extends Annotation> T getAnnotation(JoinPoint pjp, Class<T> t) throws Exception {
-		Method method = ((MethodSignature) pjp.getSignature()).getMethod();
-		T annotation = method.getAnnotation(t);// 方法上定义的
-		if (annotation == null) {
-			annotation = (T) pjp.getSignature().getDeclaringType().getAnnotation(t);// 类上定义的
-			if (annotation == null) {
-				Object target = pjp.getTarget();
-				annotation = target.getClass().getAnnotation(t);// 实现类上定义的
-				if (annotation == null) {
-					Signature sig = pjp.getSignature();
-					if (sig instanceof MethodSignature) {
-						MethodSignature msig = (MethodSignature) sig;
-						Method currentMethod = target.getClass().getMethod(msig.getName(), msig.getParameterTypes());
-						annotation = currentMethod.getAnnotation(t);// 实现类的方法上定义的
-					}
-				}
-			}
-		}
-		return annotation;
-	}
-}

zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/framework/config/WebMvcConfig.java

@@ -3,8 +3,7 @@ package com.zyplayer.doc.manage.framework.config;
 import com.alibaba.fastjson.serializer.SerializerFeature;
 import com.alibaba.fastjson.support.config.FastJsonConfig;
 import com.alibaba.fastjson.support.spring.FastJsonHttpMessageConverter;
-import com.zyplayer.doc.data.config.DocLoginOriginInterceptor;
+import com.zyplayer.doc.manage.framework.interceptor.UserLoginInterceptor;
-import com.zyplayer.doc.manage.framework.interceptor.RequestInfoInterceptor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.format.FormatterRegistry;
@@ -13,11 +12,11 @@ import org.springframework.http.MediaType;
 import org.springframework.http.converter.HttpMessageConverter;
 import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
-import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 import javax.annotation.Resource;
 import java.nio.charset.Charset;
+import java.nio.charset.StandardCharsets;
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
 import java.util.List;
@@ -25,12 +24,10 @@ import java.util.List;
 @Component
 @Configuration
 public class WebMvcConfig implements WebMvcConfigurer {
-
+	
 	@Resource
-	RequestInfoInterceptor requestInfoInterceptor;
+	UserLoginInterceptor userLoginInterceptor;
-	@Resource
+	
-	DocLoginOriginInterceptor docLoginOriginInterceptor;
-
 	@Override
 	public void addFormatters(FormatterRegistry registry) {
 		SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
@@ -40,12 +37,12 @@ public class WebMvcConfig implements WebMvcConfigurer {
 		dateFormatter.setLenient(true);
 		registry.addFormatter(dateFormatter);
 	}
-
+	
 	@Bean
 	public FastJsonHttpMessageConverter fastJsonHttpMessageConverter() {
 		FastJsonHttpMessageConverter fastJsonHttpMessageConverter = new FastJsonHttpMessageConverter();
 		List<MediaType> supportedMediaTypes = new ArrayList<>();
-		supportedMediaTypes.add(new MediaType("application", "json", Charset.forName("UTF-8")));
+		supportedMediaTypes.add(new MediaType("application", "json", StandardCharsets.UTF_8));
 		fastJsonHttpMessageConverter.setSupportedMediaTypes(supportedMediaTypes);
 		FastJsonConfig fastJsonConfig = new FastJsonConfig();
 		fastJsonConfig.setSerializerFeatures(SerializerFeature.DisableCircularReferenceDetect, SerializerFeature.WriteDateUseDateFormat);
@@ -57,12 +54,10 @@ public class WebMvcConfig implements WebMvcConfigurer {
 	public void configureMessageConverters(List<HttpMessageConverter<?>> converters) {
 		converters.add(0, fastJsonHttpMessageConverter());
 	}
-
+	
 	@Override
 	public void addInterceptors(InterceptorRegistry registry) {
-		registry.addInterceptor(docLoginOriginInterceptor);
+		registry.addInterceptor(userLoginInterceptor).excludePathPatterns("/**/*.js", "/**/*.css", "/**/*.png", "/**/*.gif", "/**/*.jpg", "/**/*.jpeg", "/**/fonts/*");
-		registry.addInterceptor(requestInfoInterceptor).excludePathPatterns("/**/*.js", "/**/*.css", "/**/*.png",
-				"/**/*.gif", "/**/*.jpg", "/**/*.jpeg", "/**/fonts/*");
 	}
-
+	
 }

zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/framework/interceptor/InitServletContextAware.java

@@ -1,38 +0,0 @@
-package com.zyplayer.doc.manage.framework.interceptor;
-
-import javax.servlet.ServletContext;
-
-import org.springframework.beans.factory.InitializingBean;
-import org.springframework.stereotype.Component;
-import org.springframework.web.context.ServletContextAware;
-
-/**
- * 所有bean初始化后执行，bean初始化了，再初始化一些自己的东西
- */
-@Component
-public class InitServletContextAware implements InitializingBean,ServletContextAware {
-
-	private ServletContext context;
-	
-	@Override
-	public void setServletContext(ServletContext context) {
-		this.context = context;
-	}
-
-	@Override
-	public void afterPropertiesSet() throws Exception {
-		ctx();
-	}
-	
-	private void ctx(){
-		String ctx = context.getContextPath();
-		if (ctx != null && ctx.trim().length() > 0 && !ctx.trim().equals("/")) {
-			context.setAttribute("ctx", ctx+"/");
-			context.setAttribute("statics", ctx+"/statics/");
-		} else {
-			context.setAttribute("ctx", "/");
-			context.setAttribute("statics", "/statics/");
-		}
-	}
-
-}

zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/framework/interceptor/RequestInfoInterceptor.java

@@ -1,55 +0,0 @@
-package com.zyplayer.doc.manage.framework.interceptor;
-
-import cn.hutool.extra.servlet.ServletUtil;
-import cn.hutool.http.HttpUtil;
-import cn.hutool.http.server.HttpServerRequest;
-import com.zyplayer.doc.core.util.ThreadLocalUtil;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Component;
-import org.springframework.web.servlet.HandlerInterceptor;
-import org.springframework.web.servlet.ModelAndView;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.util.Optional;
-
-/**
- * 记录当前请求信息
- */
-@Component
-public class RequestInfoInterceptor implements HandlerInterceptor {
-	private static final Logger logger = LoggerFactory.getLogger(RequestInfoInterceptor.class);
-	
-	private ThreadLocal<Long> startTimeThreadLocal = new ThreadLocal<>();
-	
-	/**
-	 * 把当前请求记录到下来
-	 */
-	@Override
-	public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object arg2, Exception arg3) {
-		Long startTime = startTimeThreadLocal.get();
-		startTime = Optional.ofNullable(startTime).orElse(System.currentTimeMillis());
-		long totalTime = System.currentTimeMillis() - startTime;// 结束时间
-		String clientIP = ServletUtil.getClientIP(request);
-		logger.info("IP：{}，总耗时：{}ms，URI：{}", clientIP, totalTime, request.getRequestURI());
-		ThreadLocalUtil.clean();
-		startTimeThreadLocal.remove();
-	}
-	
-	@Override
-	public void postHandle(HttpServletRequest request, HttpServletResponse response, Object haddler, ModelAndView modelAndView) {
-	}
-	
-	/**
-	 * 记录请求信息
-	 */
-	@Override
-	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object obj) {
-		response.setContentType("application/json; charset=utf-8"); // 设定JSON格式标准输出、及编码
-		startTimeThreadLocal.set(System.currentTimeMillis());
-		ThreadLocalUtil.setHttpServletRequest(request);
-		return true;
-	}
-	
-}

zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/framework/interceptor/UserLoginInterceptor.java

@@ -0,0 +1,101 @@
+package com.zyplayer.doc.manage.framework.interceptor;
+
+import cn.hutool.extra.servlet.ServletUtil;
+import cn.hutool.http.HttpUtil;
+import com.zyplayer.doc.core.annotation.AuthMan;
+import com.zyplayer.doc.core.json.DocResponseJson;
+import com.zyplayer.doc.core.json.HttpConst;
+import com.zyplayer.doc.core.util.ThreadLocalUtil;
+import com.zyplayer.doc.data.config.security.DocUserDetails;
+import com.zyplayer.doc.data.config.security.DocUserUtil;
+import org.apache.catalina.util.RequestUtil;
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+import org.springframework.web.method.HandlerMethod;
+import org.springframework.web.servlet.HandlerInterceptor;
+import org.springframework.web.servlet.ModelAndView;
+
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.Optional;
+
+/**
+ * 用户登录拦截
+ */
+@Component
+public class UserLoginInterceptor implements HandlerInterceptor {
+	private static final Logger logger = LoggerFactory.getLogger(UserLoginInterceptor.class);
+	
+	@Value("${zyplayer.doc.manage.originDomainRegex:}")
+	private String originDomainRegex;
+	
+	private final ThreadLocal<Long> startTimeThreadLocal = new ThreadLocal<>();
+	
+	@Override
+	public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object arg2, Exception arg3) {
+		Long startTime = startTimeThreadLocal.get();
+		startTime = Optional.ofNullable(startTime).orElse(System.currentTimeMillis());
+		long totalTime = System.currentTimeMillis() - startTime;
+		String clientIP = ServletUtil.getClientIP(request);
+		logger.info("IP：{}，总耗时：{}ms，URI：{}", clientIP, totalTime, request.getRequestURI());
+		ThreadLocalUtil.clean();
+		startTimeThreadLocal.remove();
+		// 清理用户信息
+		DocUserUtil.clean();
+	}
+	
+	@Override
+	public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) {
+	}
+	
+	@Override
+	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
+		startTimeThreadLocal.set(System.currentTimeMillis());
+		ThreadLocalUtil.setHttpServletRequest(request);
+		// 指定域名可跨域访问
+		if (StringUtils.isNotBlank(originDomainRegex)) {
+			String origin = request.getHeader("Origin");
+			if (StringUtils.isNotBlank(origin) && origin.toLowerCase().matches(originDomainRegex)) {
+				response.setHeader("Access-Control-Allow-Origin", origin); // 允许访问的域
+				response.setHeader("Access-Control-Allow-Methods", "HEAD,GET,POST,PUT,DELETE");// 允许GET、POST的外域请求
+				response.setHeader("Access-Control-Allow-Credentials", "true"); // 允许请求带cookie到服务器
+				response.setContentType("application/json; charset=utf-8"); // 设定JSON格式标准输出、及编码
+			}
+		}
+		if (!(handler instanceof HandlerMethod)) {
+			return true;
+		}
+		// 清理用户信息
+		DocUserUtil.clean();
+		// 设置token
+		Cookie cookie = ServletUtil.getCookie(request, HttpConst.ACCESS_TOKEN);
+		String accessToken = (cookie == null) ? null : cookie.getValue();
+		DocUserUtil.setAccessToken(accessToken);
+		AuthMan authMan = ((HandlerMethod) handler).getMethod().getAnnotation(AuthMan.class);
+		if (authMan == null) {
+			authMan = ((HandlerMethod) handler).getMethod().getDeclaringClass().getAnnotation(AuthMan.class);
+			if (authMan == null) {
+				return true;
+			}
+		}
+		DocUserDetails currentUser = DocUserUtil.getCurrentUser();
+		if (currentUser == null) {
+			String reason = "你访问的内容需要登录，请登录后再试";
+			DocResponseJson.failure(HttpConst.TOKEN_TIMEOUT, reason).send(response);
+			return false;
+		}
+		// 判断权限是否足够
+		boolean haveAuth = DocUserUtil.haveAuth(authMan.value());
+		if (haveAuth) {
+			return true;
+		}
+		String reasonStr = "没有操作权限，请联系管理员";
+		DocResponseJson.warn(reasonStr).send(response);
+		return false;
+	}
+	
+}

zyplayer-doc-swagger-plus/src/main/java/com/zyplayer/doc/swaggerplus/controller/SwaggerDocumentController.java

@@ -20,6 +20,7 @@ import springfox.documentation.swagger.web.SwaggerResource;
 
 import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
+import java.util.Collections;
 import java.util.Date;
 import java.util.List;
 import java.util.Objects;
@@ -76,8 +77,13 @@ public class SwaggerDocumentController {
 			String docUrl = SwaggerDocUtil.replaceSwaggerResources(swaggerDoc.getDocUrl());
 			if (SwaggerDocUtil.isSwaggerResources(docUrl)) {
 				String swaggerDomain = SwaggerDocUtil.getSwaggerResourceDomain(docUrl);
-				String resourcesStr = swaggerHttpRequestService.requestSwaggerUrl(request, docUrl, swaggerDomain);
+				List<SwaggerResource> resourceList;
-				List<SwaggerResource> resourceList = JSON.parseArray(resourcesStr, SwaggerResource.class);
+				try {
+					String resourcesStr = swaggerHttpRequestService.requestSwaggerUrl(request, docUrl, swaggerDomain);
+					resourceList = JSON.parseArray(resourcesStr, SwaggerResource.class);
+				} catch (Exception e) {
+					return DocResponseJson.warn("解析文档地址失败：" + e.getMessage());
+				}
 				if (resourceList == null || resourceList.isEmpty()) {
 					return DocResponseJson.warn("该地址未找到文档");
 				}

zyplayer-doc-swagger-plus/src/main/java/com/zyplayer/doc/swaggerplus/controller/SwaggerProxyController.java

@@ -2,6 +2,7 @@ package com.zyplayer.doc.swaggerplus.controller;
 
 import com.zyplayer.doc.core.annotation.AuthMan;
 import com.zyplayer.doc.core.exception.ConfirmException;
+import com.zyplayer.doc.core.json.DocResponseJson;
 import com.zyplayer.doc.data.repository.manage.entity.SwaggerDoc;
 import com.zyplayer.doc.data.service.manage.SwaggerDocService;
 import com.zyplayer.doc.swaggerplus.controller.vo.SwaggerResourceVo;
@@ -37,6 +38,7 @@ public class SwaggerProxyController {
 	@Resource
 	private SwaggerHttpRequestService swaggerHttpRequestService;
 	
+	@ResponseBody
 	@RequestMapping("/swagger-resources")
 	public List<SwaggerResourceVo> swaggerResources() {
 		List<SwaggerResourceVo> resourceList = new LinkedList<>();
@@ -57,15 +59,19 @@ public class SwaggerProxyController {
 	
 	@ResponseBody
 	@RequestMapping(value = "/v2/api-docs", produces = {MimeTypeUtils.APPLICATION_JSON_VALUE, HAL_MEDIA_TYPE})
-	public ResponseEntity<Json> content(HttpServletRequest request, Long id) {
+	public ResponseEntity<Object> content(HttpServletRequest request, Long id) {
 		SwaggerDoc swaggerDoc = swaggerDocService.getById(id);
 		if (swaggerDoc == null) {
 			throw new ConfirmException("文档不存在");
 		}
 		if (Objects.equals(swaggerDoc.getDocType(), 1)) {
-			String docsDomain = SwaggerDocUtil.getV2ApiDocsDomain(swaggerDoc.getDocUrl());
+			try {
-			String contentStr = swaggerHttpRequestService.requestSwaggerUrl(request, swaggerDoc.getDocUrl(), docsDomain);
+				String docsDomain = SwaggerDocUtil.getV2ApiDocsDomain(swaggerDoc.getDocUrl());
-			return new ResponseEntity<>(new Json(contentStr), HttpStatus.OK);
+				String contentStr = swaggerHttpRequestService.requestSwaggerUrl(request, swaggerDoc.getDocUrl(), docsDomain);
+				return new ResponseEntity<>(new Json(contentStr), HttpStatus.OK);
+			} catch (Exception e) {
+				return new ResponseEntity<>(DocResponseJson.warn("请求文档失败"), HttpStatus.OK);
+			}
 		}
 		return new ResponseEntity<>(new Json(swaggerDoc.getJsonContent()), HttpStatus.OK);
 	}