OCT

REM:
1. 更新错误码转HTTP响应码方法
2. 增加注销接口请求拦截器
3. 移除无用的MyConfig代码
4. 统一异常类返回的HTTP Code
5. 统一控制器防护的HTTP Code

src/main/java/com/dispose/common/ErrorCode.java

@@ -1,5 +1,7 @@
 package com.dispose.common;
 
+import javax.servlet.http.HttpServletResponse;
+
 /**
  * The enum Error code.
  *
@@ -240,10 +242,28 @@ public enum ErrorCode {
      * @return the http code
      */
     public int getHttpCode() {
-        if (this.errno == 0) {
-            return 200;
-        } else {
-            return 500 + this.errno;
+        switch(this) {
+            case ERR_OK:
+                return HttpServletResponse.SC_OK;
+            case ERR_SYSTEMEXCEPTION:
+            case ERR_PARAMEXCEPTION:
+                return HttpServletResponse.SC_EXPECTATION_FAILED;
+            case ERR_TOKENTIMEOUT:
+            case ERR_REQTIMEOUT:
+                return HttpServletResponse.SC_REQUEST_TIMEOUT;
+            case ERR_UNTRUSTTOKEN:
+            case ERR_UNTRUSTHOST:
+            case ERR_LOGOUT:
+                return HttpServletResponse.SC_UNAUTHORIZED;
+            case ERR_MISSAUTHHEAD:
+            case ERR_PARAMS:
+            case ERR_INPUTFORMAT:
+            case ERR_INPUTMISS:
+                return HttpServletResponse.SC_BAD_REQUEST;
+            case ERR_UNSUPPORT:
+                return HttpServletResponse.SC_METHOD_NOT_ALLOWED;
+            default:
+                return HttpServletResponse.SC_INTERNAL_SERVER_ERROR;
         }
     }
 

src/main/java/com/dispose/config/AuthConfigure.java

@@ -63,6 +63,7 @@ public class AuthConfigure implements WebMvcConfigurer {
     @Override
     public void addInterceptors(InterceptorRegistry registry) {
         // 注册需要检查token的控制器接口
+        registry.addInterceptor(initAuthInterceptor()).addPathPatterns("/auth/logout");
         registry.addInterceptor(initAuthInterceptor()).addPathPatterns("/manager/**");
         registry.addInterceptor(initAuthInterceptor()).addPathPatterns("/task/**");
         registry.addInterceptor(initAuthInterceptor()).addPathPatterns("/info/**");

src/main/java/com/dispose/config/MyConfig.java

@@ -1,31 +0,0 @@
-package com.dispose.config;
-
-import lombok.Getter;
-import lombok.Setter;
-import org.springframework.boot.context.properties.ConfigurationProperties;
-import org.springframework.stereotype.Component;
-
-/**
- * The type My config.
- *
- * @author <huangxin@cmhi.chinamoblie.com>
- */
-@Getter
-@Setter
-@Component
-@ConfigurationProperties(prefix = "phoenix")
-public class MyConfig {
-
-    private String systemName;
-    private String swaggerSwitch;
-    private String redisServer;
-    private String requestDecSwitch;
-    private String responseEncSwitch;
-    private String aesKey;
-    private String redisRedissonSentinelMasterName;
-    private String redisRedissonPwd;
-    private String threatInfoKey;
-    private String threatInfoVersionUrl;
-    private String threatInfoDownload;
-
-}

src/main/java/com/dispose/exception/GlobalExceptionHandler.java

@@ -4,13 +4,13 @@ import com.dispose.common.ErrorCode;
 import com.dispose.pojo.dto.protocol.base.BaseRespStatus;
 import com.dispose.pojo.dto.protocol.base.ProtocolRespDTO;
 import com.security.exception.SecurityProtocolException;
-import jodd.net.HttpStatus;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.web.bind.MethodArgumentNotValidException;
 import org.springframework.web.bind.annotation.ControllerAdvice;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.ResponseBody;
 
+import javax.servlet.http.HttpServletResponse;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.concurrent.atomic.AtomicInteger;
@@ -32,7 +32,8 @@ public class GlobalExceptionHandler {
      */
     @ExceptionHandler(MethodArgumentNotValidException.class)
     @ResponseBody
-    public ProtocolRespDTO<BaseRespStatus> handleException(MethodArgumentNotValidException ex) {
+    public ProtocolRespDTO<BaseRespStatus> handleException(HttpServletResponse rsp,
+                                                           MethodArgumentNotValidException ex) {
         log.debug("Argument Exception: ", ex);
         List<String> exMsg = new ArrayList<>();
 
@@ -42,22 +43,28 @@ public class GlobalExceptionHandler {
             .getAllErrors()
             .forEach(v -> exMsg.add(idx.getAndIncrement() + ": " + v.getDefaultMessage()));
 
+        rsp.setStatus(ErrorCode.ERR_PARAMEXCEPTION.getHttpCode());
+
         return ProtocolRespDTO.result(ErrorCode.ERR_PARAMEXCEPTION,
-            HttpStatus.error400().status(),
-            exMsg.toArray(new String[0]));
+                                      ErrorCode.ERR_PARAMEXCEPTION.getHttpCode(),
+                                      exMsg.toArray(new String[0]));
     }
 
     @ExceptionHandler(Throwable.class)
     @ResponseBody
-    public ProtocolRespDTO<BaseRespStatus> handleException(Throwable ex) {
+    public ProtocolRespDTO<BaseRespStatus> handleException(HttpServletResponse rsp, Throwable ex) {
         log.debug("Throwable Exception: ", ex);
 
+        rsp.setStatus(ErrorCode.ERR_PARAMEXCEPTION.getHttpCode());
+
         if (ex instanceof SecurityProtocolException) {
-            return ProtocolRespDTO.result(((SecurityProtocolException) ex).getErr(),
-                HttpStatus.error400().status(), new String[]{((SecurityProtocolException) ex).getErr().getMsg()});
+            return ProtocolRespDTO.result(ErrorCode.ERR_PARAMEXCEPTION,
+                                          ErrorCode.ERR_PARAMEXCEPTION.getHttpCode(),
+                                          new String[]{((SecurityProtocolException) ex).getErr().getMsg()});
         } else {
             return ProtocolRespDTO.result(ErrorCode.ERR_PARAMEXCEPTION,
-                HttpStatus.error400().status(), new String[]{ErrorCode.ERR_PARAMEXCEPTION.getMsg()});
+                                          ErrorCode.ERR_PARAMEXCEPTION.getHttpCode(),
+                                          new String[]{ErrorCode.ERR_PARAMEXCEPTION.getMsg()});
         }
     }
 }

src/main/java/com/dispose/interceptor/ResponseProtocolSecurity.java

@@ -2,6 +2,7 @@ package com.dispose.interceptor;
 
 import com.dispose.common.ProtoCryptoType;
 import com.dispose.common.SecurityConfigValue;
+import com.dispose.pojo.dto.protocol.base.ProtocolRespDTO;
 import com.dispose.service.ProtocolSecurityService;
 import com.security.annotation.Encryption;
 import lombok.extern.slf4j.Slf4j;
@@ -65,9 +66,16 @@ public class ResponseProtocolSecurity implements ResponseBodyAdvice<Object> {
                                   @NotNull ServerHttpRequest serverHttpRequest,
                                   @NotNull ServerHttpResponse serverHttpResponse) {
         if (SecurityConfigValue.SECURITY_PROTOCOL_TYPE == ProtoCryptoType.CRYPTO_NONE.getCode()) {
+            if (o instanceof ProtocolRespDTO) {
+                serverHttpResponse.setStatusCode(org.springframework.http.HttpStatus.valueOf(((ProtocolRespDTO<?>) o).getCode()));
+            }
+
             return o;
         } else {
-            return protocolSecurityService.encryptProtocol(o, SecurityConfigValue.SECURITY_PROTOCOL_TYPE);
+            ProtocolRespDTO<String> rspInfo = protocolSecurityService.encryptProtocol(o,
+                                                                                      SecurityConfigValue.SECURITY_PROTOCOL_TYPE);
+            serverHttpResponse.setStatusCode(org.springframework.http.HttpStatus.valueOf(rspInfo.getCode()));
+            return rspInfo;
         }
 
     }

src/main/java/com/dispose/interceptor/TokenInterceptor.java

@@ -41,6 +41,7 @@ public class TokenInterceptor implements HandlerInterceptor {
     public boolean preHandle(@NonNull HttpServletRequest request,
                              @NonNull HttpServletResponse response,
                              @NonNull Object handler) throws Exception {
+        ErrorCode err;
         // 配置为不需要认证
         if (!AuthConfigValue.VERIFY_REQUEST_TOKEN) {
             return true;
@@ -61,22 +62,23 @@ public class TokenInterceptor implements HandlerInterceptor {
                 return true;
             }
 
-            ErrorCode err = userAccountService.authTokenCheck(token);
+            err = userAccountService.authTokenCheck(token);
             // 判断token是否合法
             if (err != ErrorCode.ERR_OK) {
                 response.setCharacterEncoding("UTF-8");
                 response.setContentType("application/json;charset=UTF-8");
-                response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+                response.setStatus(err.getHttpCode());
                 response.getWriter().write(new ObjectMapper().writeValueAsString(ProtocolRespDTO.result(err)));
                 log.error("Http request token [{}] is error: {}", token, err);
                 return false;
             }
         } else {
             // 缺少必要的认证头部
+            err = ErrorCode.ERR_MISSAUTHHEAD;
             response.setCharacterEncoding("UTF-8");
             response.setContentType("application/json;charset=UTF-8");
-            response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
-            response.getWriter().write(new ObjectMapper().writeValueAsString(ProtocolRespDTO.result(ErrorCode.ERR_MISSAUTHHEAD)));
+            response.setStatus(err.getHttpCode());
+            response.getWriter().write(new ObjectMapper().writeValueAsString(ProtocolRespDTO.result(err)));
             log.error("Http request head miss \"Authorization\" item");
             return false;
         }

src/main/java/com/dispose/interceptor/TrustHostInterceptor.java

@@ -66,7 +66,7 @@ public class TrustHostInterceptor implements HandlerInterceptor {
 
         response.setCharacterEncoding("UTF-8");
         response.setContentType("application/json;charset=UTF-8");
-        response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+        response.setStatus(err.getHttpCode());
         response.getWriter().write(new ObjectMapper().writeValueAsString(ProtocolRespDTO.result(err)));
 
         return false;