登录和权限处理，页面优化

2019-05-30 20:39:15 +08:00
parent c3b3b60d93
commit f5249f39e1
26 changed files with 364 additions and 553 deletions
--- a/zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/framework/config/WebMvcConfig.java
+++ b/zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/framework/config/WebMvcConfig.java
@@ -3,8 +3,8 @@ package com.zyplayer.doc.manage.framework.config;
 import com.alibaba.fastjson.serializer.SerializerFeature;
 import com.alibaba.fastjson.support.config.FastJsonConfig;
 import com.alibaba.fastjson.support.spring.FastJsonHttpMessageConverter;
+import com.zyplayer.doc.data.config.DocLoginOriginInterceptor;
 import com.zyplayer.doc.manage.framework.interceptor.RequestInfoInterceptor;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.format.FormatterRegistry;
@@ -15,6 +15,7 @@ import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

+import javax.annotation.Resource;
 import java.nio.charset.Charset;
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
@@ -24,8 +25,10 @@ import java.util.List;
@Configuration
 public class WebMvcConfig implements WebMvcConfigurer {

-	@Autowired
+	@Resource
 	RequestInfoInterceptor requestInfoInterceptor;
+	@Resource
+	DocLoginOriginInterceptor docLoginOriginInterceptor;

 	@Override
 	public void addFormatters(FormatterRegistry registry) {
@@ -56,6 +59,7 @@ public class WebMvcConfig implements WebMvcConfigurer {

 	@Override
 	public void addInterceptors(InterceptorRegistry registry) {
+		registry.addInterceptor(docLoginOriginInterceptor);
 		registry.addInterceptor(requestInfoInterceptor).excludePathPatterns("/**/*.js", "/**/*.css", "/**/*.png",
 				"/**/*.gif", "/**/*.jpg", "/**/*.jpeg", "/**/fonts/*");
 	}
--- a/zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/framework/config/security/CustomizeAuthenticationSuccessHandler.java
+++ b/zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/framework/config/security/CustomizeAuthenticationSuccessHandler.java
@@ -1,57 +0,0 @@
-//package com.zyplayer.doc.manage.framework.config.security;
-//
-//import com.alibaba.fastjson.JSONObject;
-//import com.zyplayer.doc.core.json.DocResponseJson;
-//import org.slf4j.Logger;
-//import org.slf4j.LoggerFactory;
-//import org.springframework.security.core.Authentication;
-//import org.springframework.security.core.context.SecurityContext;
-//import org.springframework.security.core.context.SecurityContextHolder;
-//import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
-//import org.springframework.security.web.authentication.WebAuthenticationDetails;
-//import org.springframework.stereotype.Component;
-//
-//import javax.servlet.ServletException;
-//import javax.servlet.http.HttpServletRequest;
-//import javax.servlet.http.HttpServletResponse;
-//import java.io.IOException;
-//import java.io.PrintWriter;
-//import java.util.HashMap;
-//import java.util.Map;
-//
-//@Component
-//public class CustomizeAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
-//	private static Logger logger = LoggerFactory.getLogger(CustomizeAuthenticationSuccessHandler.class);
-//
-//	@Override
-//	public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
-//
-//		logger.info("AT onAuthenticationSuccess(...) function!");
-//
-//		WebAuthenticationDetails details = (WebAuthenticationDetails) SecurityContextHolder.getContext().getAuthentication().getDetails();
-//		logger.info("login--IP:" + details.getRemoteAddress());
-//
-//		SecurityContext context = SecurityContextHolder.getContext();
-//		Authentication authentication1 = context.getAuthentication();
-//		Object principal = authentication1.getPrincipal();
-//		Object principal1 = authentication.getPrincipal();
-//
-//		String name = authentication.getName();
-//		logger.info("login--name:" + name + " principal:" + principal + " principal1:" + principal1);
-//
-//		PrintWriter out = null;
-//		try {
-//			out = response.getWriter();
-//			Map<String, Object> map = new HashMap<>();
-//			map.put("user", principal);
-//			map.put("name", name);
-//			out.append(JSONObject.toJSONString(DocResponseJson.ok(map)));
-//		} catch (IOException e) {
-//			e.printStackTrace();
-//		} finally {
-//			if (out != null) {
-//				out.close();
-//			}
-//		}
-//	}
-//}
--- a/zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/framework/config/security/DocAuthenticationSuccessHandler.java
+++ b/zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/framework/config/security/DocAuthenticationSuccessHandler.java
@@ -1,46 +0,0 @@
-//package com.zyplayer.doc.manage.framework.config.security;
-//
-//import java.io.IOException;
-//import java.util.HashMap;
-//import java.util.Map;
-//
-//import javax.servlet.ServletException;
-//import javax.servlet.http.HttpServletRequest;
-//import javax.servlet.http.HttpServletResponse;
-//
-//import org.slf4j.Logger;
-//import org.slf4j.LoggerFactory;
-//import org.springframework.security.core.Authentication;
-//import org.springframework.security.web.DefaultRedirectStrategy;
-//import org.springframework.security.web.RedirectStrategy;
-//import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
-//import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
-//import org.springframework.security.web.savedrequest.RequestCache;
-//import org.springframework.security.web.savedrequest.SavedRequest;
-//
-//import com.alibaba.fastjson.JSON;
-//
-//public class DocAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
-//
-//	private static Logger logger = LoggerFactory.getLogger(DocAuthenticationSuccessHandler.class);
-//
-//	private RequestCache requestCache = new HttpSessionRequestCache();
-//	private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
-//
-//	@Override
-//	public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
-//		SavedRequest savedRequest = requestCache.getRequest(request, response);
-//		String targetUrl = savedRequest.getRedirectUrl();
-//		boolean isAjax = "XMLHttpRequest".equals(request.getHeader("X-Requested-With"));
-//		if (isAjax) {
-//			Map<String, Object> result = new HashMap<String, Object>();
-//			result.put("url", targetUrl);
-//			response.getWriter().print(JSON.toJSONString(result));
-//			response.getWriter().flush();
-//		} else {
-//			redirectStrategy.sendRedirect(request, response, targetUrl);
-//		}
-//		logger.info("Redirecting to DefaultSavedRequest Url: " + targetUrl);
-//	}
-//
-//}
--- a/zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/framework/config/security/DocDetailsServiceImpl.java
+++ b/zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/framework/config/security/DocDetailsServiceImpl.java
@@ -1,58 +0,0 @@
-//package com.zyplayer.doc.manage.framework.config.security;
-//
-//import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
-//import com.zyplayer.doc.data.config.security.DocUserDetails;
-//import com.zyplayer.doc.data.repository.manage.entity.AuthInfo;
-//import com.zyplayer.doc.data.repository.manage.entity.UserAuth;
-//import com.zyplayer.doc.data.repository.manage.entity.UserInfo;
-//import com.zyplayer.doc.data.service.manage.AuthInfoService;
-//import com.zyplayer.doc.data.service.manage.UserAuthService;
-//import com.zyplayer.doc.data.service.manage.UserInfoService;
-//import org.springframework.beans.factory.annotation.Autowired;
-//import org.springframework.security.core.GrantedAuthority;
-//import org.springframework.security.core.authority.SimpleGrantedAuthority;
-//import org.springframework.security.core.userdetails.UserDetails;
-//import org.springframework.security.core.userdetails.UserDetailsService;
-//import org.springframework.security.core.userdetails.UsernameNotFoundException;
-//import org.springframework.stereotype.Service;
-//
-//import java.util.ArrayList;
-//import java.util.Collection;
-//import java.util.List;
-//import java.util.stream.Collectors;
-//
-//@Service
-//public class DocDetailsServiceImpl implements UserDetailsService {
-//
-//	@Autowired
-//	private UserInfoService userInfoService;
-//	@Autowired
-//	private UserAuthService userAuthService;
-//	@Autowired
-//	private AuthInfoService authInfoService;
-//
-//	@Override
-//	public UserDetails loadUserByUsername(String userNo) throws UsernameNotFoundException {
-//		QueryWrapper<UserInfo> queryWrapper = new QueryWrapper<>();
-//		queryWrapper.eq("user_no", userNo);
-//		UserInfo userInfo = userInfoService.getOne(queryWrapper);
-//		if (userInfo == null) {
-//			throw new UsernameNotFoundException("用户名'" + userNo + "'没有找到！");
-//		}
-//		QueryWrapper<UserAuth> authWrapper = new QueryWrapper<>();
-//		authWrapper.eq("user_id", userInfo.getId()).eq("del_flag", "0");
-//		List<UserAuth> userAuthList = userAuthService.list(authWrapper);
-//		List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
-//		if (userAuthList != null && userAuthList.size() > 0) {
-//			List<Long> authIdList = userAuthList.stream().map(UserAuth::getAuthId).collect(Collectors.toList());
-//			Collection<AuthInfo> authInfoList = authInfoService.listByIds(authIdList);
-//			authInfoList.forEach(val -> {
-//				authorities.add(new SimpleGrantedAuthority(val.getAuthName()));
-//			});
-//		}
-//		//String pwdMd5 = DigestUtils.md5DigestAsHex(userInfo.getPassword().getBytes());
-//		DocUserDetails userDetails = new DocUserDetails(userInfo.getId(), userInfo.getUserName(), userInfo.getPassword(), true, authorities);
-//		return userDetails;
-//	}
-//
-//}
--- a/zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/framework/config/security/DocUserFilter.java
+++ b/zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/framework/config/security/DocUserFilter.java
@@ -1,53 +0,0 @@
-//package com.zyplayer.doc.manage.framework.config.security;
-//
-//import java.io.IOException;
-//
-//import javax.servlet.Filter;
-//import javax.servlet.FilterChain;
-//import javax.servlet.FilterConfig;
-//import javax.servlet.ServletException;
-//import javax.servlet.ServletRequest;
-//import javax.servlet.ServletResponse;
-//import javax.servlet.http.Cookie;
-//import javax.servlet.http.HttpServletRequest;
-//import javax.servlet.http.HttpServletResponse;
-//
-//import org.springframework.context.annotation.Configuration;
-//
-//@Configuration
-//public class DocUserFilter implements Filter{
-//
-//	@Override
-//	public void init(FilterConfig filterConfig) throws ServletException {
-//	}
-//
-//	@Override
-//	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
-//		HttpServletRequest httpRequest = (HttpServletRequest) request;
-//		Cookie[] cookies = httpRequest.getCookies();
-//		boolean haveCtx = false;
-//		Object ctxObj = httpRequest.getServletContext().getAttribute("ctx");
-//		String ctxStr = String.valueOf(ctxObj);
-//		if (cookies != null && cookies.length > 0) {
-//			for (Cookie cookie : cookies) {
-//				if ("ctx".equals(cookie.getName()) && ctxStr.equals(cookie.getValue())) {
-//					haveCtx = true;
-//					break;
-//				}
-//			}
-//		}
-//		if (!haveCtx) {
-//			// 前后端分离的，前段拿不到项目名，直接写/是不对的，只有后端放到cookie里给前端
-//			HttpServletResponse httpResponse = (HttpServletResponse) response;
-//			Cookie cookieAdd = new Cookie("ctx", ctxStr);
-//			cookieAdd.setPath("/");
-//			httpResponse.addCookie(cookieAdd);
-//		}
-//		chain.doFilter(httpRequest, response);
-//	}
-//
-//	@Override
-//	public void destroy() {
-//	}
-//
-//}
--- a/zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/framework/config/security/DocUsernamePasswordAuthenticationFilter.java
+++ b/zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/framework/config/security/DocUsernamePasswordAuthenticationFilter.java
@@ -1,47 +0,0 @@
-//package com.zyplayer.doc.manage.framework.config.security;
-//
-//import javax.servlet.http.HttpServletRequest;
-//import javax.servlet.http.HttpServletResponse;
-//import javax.servlet.http.HttpSession;
-//
-//import org.apache.commons.lang.StringUtils;
-//import org.springframework.security.authentication.AuthenticationServiceException;
-//import org.springframework.security.core.Authentication;
-//import org.springframework.security.core.AuthenticationException;
-//import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
-//
-//public class DocUsernamePasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
-//	// 是否开启验证码功能
-//	private boolean isOpenValidateCode = false;
-//
-//	public static final String VALIDATE_CODE = "validateCode";
-//
-//	public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
-//		if (isOpenValidateCode) {
-//			checkValidateCode(request);
-//		}
-//		return super.attemptAuthentication(request, response);
-//	}
-//
-//	protected void checkValidateCode(HttpServletRequest request) {
-//		HttpSession session = request.getSession();
-//		String sessionCode = this.obtainSessionValidateCode(session);
-//		// 让上一次的验证码失效
-//		session.setAttribute(VALIDATE_CODE, null);
-//		String parameterCode = this.obtainValidateCodeParameter(request);
-//		if (StringUtils.isEmpty(sessionCode) || !sessionCode.equalsIgnoreCase(parameterCode)) {
-//			throw new AuthenticationServiceException("验证码错误！");
-//		}
-//	}
-//
-//	private String obtainValidateCodeParameter(HttpServletRequest request) {
-//		Object obj = request.getParameter(VALIDATE_CODE);
-//		return null == obj ? "" : obj.toString();
-//	}
-//
-//	protected String obtainSessionValidateCode(HttpSession session) {
-//		Object obj = session.getAttribute(VALIDATE_CODE);
-//		return null == obj ? "" : obj.toString();
-//	}
-//
-//}
--- a/zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/framework/config/security/WebSecurityConfig.java
+++ b/zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/framework/config/security/WebSecurityConfig.java
@@ -1,156 +0,0 @@
-//package com.zyplayer.doc.manage.framework.config.security;
-//
-//import org.springframework.beans.factory.annotation.Value;
-//import org.springframework.context.annotation.Bean;
-//import org.springframework.context.annotation.Configuration;
-//import org.springframework.security.authentication.AuthenticationManager;
-//import org.springframework.security.authentication.RememberMeAuthenticationProvider;
-//import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-//import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
-//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-//import org.springframework.security.config.annotation.web.builders.WebSecurity;
-//import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-//import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-//import org.springframework.security.crypto.password.PasswordEncoder;
-//import org.springframework.security.web.authentication.*;
-//import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter;
-//import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
-//import org.springframework.util.DigestUtils;
-//
-//import java.util.Objects;
-//
-//@Configuration
-//@EnableWebSecurity
-//@EnableGlobalMethodSecurity(prePostEnabled = true)
-//public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
-//
-//	@Value("${zyplayer.doc.manage.login-page}")
-//	private String loginPage;
-//
-//	@Bean
-//	@Override
-//	public AuthenticationManager authenticationManagerBean() throws Exception {
-//		return super.authenticationManagerBean();
-//	}
-//
-//	/**
-//	 * 忽略静态文件
-//	 */
-//	@Override
-//	public void configure(WebSecurity web) throws Exception {
-//		web.ignoring().antMatchers();
-//	}
-//
-//	@Override
-//	protected void configure(HttpSecurity http) throws Exception {
-//		// 无需登录即可访问的接口
-//		String[] permitAllAntPatterns = {
-//			// 登录接口
-//			"/login/**", "/static/manage/login.html",
-//			// 开放接口的静态文件和接口
-//			"/open-doc.html", "/webjars/open-doc/**", "/swagger-mg-ui/open-doc/**",
-//			"/open-wiki.html", "/webjars/doc-wiki/**", "/zyplayer-doc-wiki/open-api/**",
-//			// 文件访问接口，开放文档需要能使用，在接口里面做权限判断
-//			"/zyplayer-doc-wiki/common/file",
-//			// http代理请求接口，有白名单限制，也不怕随便请求到内网资源了
-//			"/swagger-mg-ui/http/**",
-//			// 静态资源
-//			"/webjars/zui/**", "/webjars/vue/**", "/static/lib/**"
-//		};
-//		// 文档页面需要具有文档权限
-//		String[] docAntPatterns = {
-//			"/document.html", "/doc-db.html", "/doc.html", "/swagger-ui.html", "/doc-dubbo.html",
-//			"/doc-wiki.html",
-//			"/swagger-mg-ui/document/**", "/swagger-mg-ui/storage/**", "/swagger-resources/**"
-//		};
-//		http.authorizeRequests()
-//			.antMatchers(permitAllAntPatterns).permitAll()
-//			.antMatchers(docAntPatterns).hasAuthority("DOC_ALL")
-//			// 其他地址的访问均需登录
-//			.anyRequest().authenticated().and()
-//			// 添加验证码验证
-//			.addFilterAt(myUsernamePasswordAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
-//			.exceptionHandling()
-//			.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint(loginPage))
-//			.and().addFilterAt(rememberMeAuthenticationFilter(), RememberMeAuthenticationFilter.class)
-//			// 指定登录页面的请求路径
-//			.formLogin().loginPage(loginPage)
-//			// 登陆处理路径
-//			.loginProcessingUrl("/login").permitAll()
-//			// 退出请求的默认路径为logout
-//			.and().logout().deleteCookies("remember-me")
-//			.logoutUrl("/logout").logoutSuccessUrl(loginPage)
-//			.permitAll()
-//			// 开启rememberMe，设置一个私钥专供testall项目使用，注意与下面TokenBasedRememberMeServices的key保持一致
-//			// .rememberMe().key("testallKey").and()
-//			// 关闭csrf
-//			.and().cors().and().csrf().disable()
-//			// X-Frame-Options: SAMEORIGIN 表示该页面可以在相同域名页面的 frame 中展示
-//			.headers().frameOptions().sameOrigin();
-//	}
-//
-//	@Override
-//	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-//		auth.userDetailsService(userDetailsServiceImpl())
-//		.passwordEncoder(new PasswordEncoder() {
-//			@Override
-//			public String encode(CharSequence charSequence) {
-//				return DigestUtils.md5DigestAsHex(charSequence.toString().getBytes());
-//			}
-//			@Override
-//			public boolean matches(CharSequence charSequence, String s) {
-//				String digestAsHex = DigestUtils.md5DigestAsHex(charSequence.toString().getBytes());
-//				return Objects.equals(s, digestAsHex);
-//			}
-//		}).and().authenticationProvider(rememberMeAuthenticationProvider());
-//	}
-//
-//	@Bean
-//	public DocDetailsServiceImpl userDetailsServiceImpl() {
-//		return new DocDetailsServiceImpl();
-//	}
-//
-//	@Bean
-//	public DocUsernamePasswordAuthenticationFilter myUsernamePasswordAuthenticationFilter() throws Exception {
-//		DocUsernamePasswordAuthenticationFilter myFilter = new DocUsernamePasswordAuthenticationFilter();
-//		myFilter.setAuthenticationManager(authenticationManagerBean());
-//		myFilter.setAuthenticationSuccessHandler(authenticationSuccessHandler());
-//		myFilter.setAuthenticationFailureHandler(authenticationFailureHandler());
-//		myFilter.setRememberMeServices(tokenBasedRememberMeServices());
-//		return myFilter;
-//	}
-//
-//	@Bean
-//	public AuthenticationSuccessHandler authenticationSuccessHandler() {
-//		return new SimpleUrlAuthenticationSuccessHandler("/login/success");
-//	}
-//
-//	@Bean
-//	public AuthenticationFailureHandler authenticationFailureHandler() {
-//		return new SimpleUrlAuthenticationFailureHandler("/login/failure");
-//	}
-//
-//	@Bean
-//	public TokenBasedRememberMeServices tokenBasedRememberMeServices() {
-//		TokenBasedRememberMeServices tbrms = new TokenBasedRememberMeServices("testallKey", userDetailsServiceImpl());
-//		// 设置cookie过期时间为2天
-//		tbrms.setTokenValiditySeconds(60 * 60 * 24 * 2);
-//		// 设置checkbox的参数名为rememberMe（默认为remember-me），注意如果是ajax请求，参数名不是checkbox的name而是在ajax的data里
-//		tbrms.setParameter("rememberMe");
-//		tbrms.setAlwaysRemember(false);
-//		return tbrms;
-//	}
-//
-//	@Bean
-//	public RememberMeAuthenticationProvider rememberMeAuthenticationProvider() {
-//		RememberMeAuthenticationProvider rmap = new RememberMeAuthenticationProvider("testallKey");
-//		return rmap;
-//	}
-//
-//	@Bean
-//	public RememberMeAuthenticationFilter rememberMeAuthenticationFilter() throws Exception {
-//		RememberMeAuthenticationFilter myFilter = new RememberMeAuthenticationFilter(authenticationManagerBean(), tokenBasedRememberMeServices());
-//		return myFilter;
-//	}
-//
-//}
--- a/zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/framework/filter/DocUserFilter.java
+++ b/zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/framework/filter/DocUserFilter.java
@@ -0,0 +1,47 @@
+package com.zyplayer.doc.manage.framework.filter;
+
+import org.springframework.context.annotation.Configuration;
+
+import javax.servlet.*;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+@Configuration
+public class DocUserFilter implements Filter{
+
+	@Override
+	public void init(FilterConfig filterConfig) throws ServletException {
+	}
+
+	@Override
+	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+		HttpServletRequest httpRequest = (HttpServletRequest) request;
+		Cookie[] cookies = httpRequest.getCookies();
+		boolean haveCtx = false;
+		Object ctxObj = httpRequest.getServletContext().getAttribute("ctx");
+		String ctxStr = String.valueOf(ctxObj);
+		if (cookies != null && cookies.length > 0) {
+			for (Cookie cookie : cookies) {
+				if ("ctx".equals(cookie.getName()) && ctxStr.equals(cookie.getValue())) {
+					haveCtx = true;
+					break;
+				}
+			}
+		}
+		if (!haveCtx) {
+			// 前后端分离的，前段拿不到项目名，直接写/是不对的，只有后端放到cookie里给前端
+			HttpServletResponse httpResponse = (HttpServletResponse) response;
+			Cookie cookieAdd = new Cookie("ctx", ctxStr);
+			cookieAdd.setPath("/");
+			httpResponse.addCookie(cookieAdd);
+		}
+		chain.doFilter(httpRequest, response);
+	}
+
+	@Override
+	public void destroy() {
+	}
+
+}
--- a/zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/framework/interceptor/RequestInfoInterceptor.java
+++ b/zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/framework/interceptor/RequestInfoInterceptor.java
@@ -1,15 +1,11 @@
 package com.zyplayer.doc.manage.framework.interceptor;

-import com.zyplayer.doc.core.json.HttpConst;
-import com.zyplayer.doc.data.config.security.DocUserUtil;
-import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.HandlerInterceptor;
 import org.springframework.web.servlet.ModelAndView;

-import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

@@ -27,7 +23,6 @@ public class RequestInfoInterceptor implements HandlerInterceptor {
 	 */
 	@Override
 	public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object arg2, Exception arg3) {
-		DocUserUtil.clean();
 		long startTime = startTimeThreadLocal.get();
 		long totalTime = System.currentTimeMillis() - startTime;// 结束时间
 		logger.info("总耗时：{}ms，URI：{}", totalTime, request.getRequestURI());
@@ -43,51 +38,7 @@ public class RequestInfoInterceptor implements HandlerInterceptor {
 	@Override
 	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object obj) {
 		startTimeThreadLocal.set(System.currentTimeMillis());
-		// 指定域名可跨域访问
-		String originRegex = ".*\\.zyplayer\\.com(:\\d+|)$";
-		String origin = request.getHeader("Origin");
-		if (StringUtils.isNotBlank(origin) && origin.toLowerCase().matches(originRegex)) {
-			response.setHeader("Access-Control-Allow-Origin", "*");
-			response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
-			response.setHeader("Access-Control-Allow-Methods", "HEAD,GET,POST,PUT,DELETE");
-			response.setHeader("Access-Control-Allow-Credentials", "true");
-			response.setContentType("application/json; charset=utf-8");
-		}
-		String accessToken = getCookieValueByRequest(request, HttpConst.ACCESS_TOKEN);
-		DocUserUtil.setAccessToken(accessToken);
 		return true;
 	}
 	
-	/**
-	 * 获取cookie
-	 *
-	 * @param request
-	 * @param name
-	 * @return
-	 */
-	public static Cookie getCookieByRequest(HttpServletRequest request, String name) {
-		if (StringUtils.isEmpty(name)) {
-			return null;
-		}
-		Cookie[] cookies = request.getCookies();
-		for (int i = 0; (cookies != null) && (i < cookies.length); i++) {
-			Cookie cookie = cookies[i];
-			if (name.equals(cookie.getName())) {
-				return cookie;
-			}
-		}
-		return null;
-	}
-	
-	/**
-	 * 获取cookie值
-	 *
-	 * @param request
-	 * @param name
-	 * @return
-	 */
-	public static String getCookieValueByRequest(HttpServletRequest request, String name) {
-		Cookie cookie = getCookieByRequest(request, name);
-		return cookie == null ? null : cookie.getValue();
-	}
 }
--- a/zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/web/manage/LoginController.java
+++ b/zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/web/manage/LoginController.java
@@ -12,6 +12,7 @@ import com.zyplayer.doc.data.service.manage.AuthInfoService;
 import com.zyplayer.doc.data.service.manage.UserAuthService;
 import com.zyplayer.doc.data.service.manage.UserInfoService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.util.DigestUtils;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RestController;
@@ -19,10 +20,7 @@ import org.springframework.web.servlet.ModelAndView;

 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletResponse;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.List;
-import java.util.Set;
+import java.util.*;
 import java.util.stream.Collectors;

@RestController
@@ -41,12 +39,16 @@ public class LoginController {
 	}
 	
 	@PostMapping(value = "/login")
-	public DocResponseJson<Object> login(String userNo, HttpServletResponse response) {
+	public DocResponseJson<Object> login(String username, String password, HttpServletResponse response) {
 		QueryWrapper<UserInfo> queryWrapper = new QueryWrapper<>();
-		queryWrapper.eq("user_no", userNo);
+		queryWrapper.eq("user_no", username);
 		UserInfo userInfo = userInfoService.getOne(queryWrapper);
 		if (userInfo == null) {
-			return DocResponseJson.warn("用户名'" + userNo + "'没有找到！");
+			return DocResponseJson.warn("用户名'" + username + "'没有找到！");
+		}
+		String pwdMd5 = DigestUtils.md5DigestAsHex(password.getBytes());
+		if (!Objects.equals(userInfo.getPassword(), pwdMd5)) {
+			return DocResponseJson.warn("密码错误");
 		}
 		QueryWrapper<UserAuth> authWrapper = new QueryWrapper<>();
 		authWrapper.eq("user_id", userInfo.getId()).eq("del_flag", "0");