修改配置，增加笔记

2020-03-30 09:32:34 +08:00 · 2020-03-30 09:32:34 +08:00 · cb63b30f37
parent 121304adbd
commit cb63b30f37
7 changed files with 27 additions and 8 deletions
--- a/eladmin-logging/src/main/java/me/zhengjie/aspect/LogAspect.java
+++ b/eladmin-logging/src/main/java/me/zhengjie/aspect/LogAspect.java
@ -18,6 +18,7 @@ import org.springframework.stereotype.Component;
 import javax.servlet.http.HttpServletRequest;

 /**
+ * 切点Pointcut加增强Advice等于切面Aspect
 * @author Zheng Jie
 * @date 2018-11-24
 */
@ -51,6 +52,11 @@ public class LogAspect {
    public Object logAround(ProceedingJoinPoint joinPoint) throws Throwable {
        Object result;
        currentTime.set(System.currentTimeMillis());
+        /**
+         * AOP执行顺序Around-->Before--->Around--->After
+         * 必须使用joinPoint.proceed()来使切点的方法执行,否则的话Before和After则执行不了
+         * proceed()方法提供了带参数的重载方法，可以使用后者来达到替换切点方法参数的效果
+         */
        result = joinPoint.proceed();
        Log log = new Log("INFO",System.currentTimeMillis() - currentTime.get());
        currentTime.remove();
--- a/eladmin-system/src/main/java/me/zhengjie/modules/security/config/SecurityConfig.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/security/config/SecurityConfig.java
@ -91,7 +91,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {

                .and()
                .authorizeRequests()
-                // 静态资源等等
+                // 静态资源等等（对GET请求的静态资源放行）
                .antMatchers(
                        HttpMethod.GET,
                        "/*.html",
@ -112,7 +112,12 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
                .antMatchers("/druid/**").permitAll()
                // 放行OPTIONS请求
                .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
-                // 自定义匿名访问所有url放行 ： 允许匿名和带权限以及登录用户访问
+                /**
+                 * 1 自定义匿名访问所有url放行 ： 允许匿名和带权限以及登录用户访问
+                 * 2 变长参数是 Java 的一个语法糖，本质上还是基于数组的实现 antMatchers(String... antPatterns)
+                 * 相当于 String[] antPatterns
+                 * 3 T[] toArray(T[] a)最好加上泛型的参数，不然会返回Object[]数组,接收方处理起来麻烦
+                */
                .antMatchers(anonymousUrls.toArray(new String[0])).permitAll()
                // 所有请求都需要认证
                .anyRequest().authenticated()
--- a/eladmin-system/src/main/java/me/zhengjie/modules/security/rest/AuthController.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/security/rest/AuthController.java
@ -96,7 +96,9 @@ public class AuthController {
        }
        UsernamePasswordAuthenticationToken authenticationToken =
                new UsernamePasswordAuthenticationToken(authUser.getUsername(), password);
-
+        /**
+         * 通过token获得授权对象
+         */
        Authentication authentication = authenticationManagerBuilder.getObject().authenticate(authenticationToken);
        SecurityContextHolder.getContext().setAuthentication(authentication);
        // 生成令牌
--- a/eladmin-system/src/main/java/me/zhengjie/modules/security/security/JwtAccessDeniedHandler.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/security/security/JwtAccessDeniedHandler.java
@ -16,7 +16,10 @@ public class JwtAccessDeniedHandler implements AccessDeniedHandler {

   @Override
   public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException {
-      //当用户在没有授权的情况下访问受保护的REST资源时，将调用此方法发送403 Forbidden响应
+      /**
+       * 主要是已登录但是没权限的用户尝试访问受保护的资源时
+       * 当用户在没有授权的情况下访问受保护的REST资源时，将调用此方法发送403 Forbidden响应
+       */
      response.sendError(HttpServletResponse.SC_FORBIDDEN, accessDeniedException.getMessage());
   }
 }
--- a/eladmin-system/src/main/java/me/zhengjie/modules/security/security/JwtAuthenticationEntryPoint.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/security/security/JwtAuthenticationEntryPoint.java
@ -19,7 +19,10 @@ public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint {
    public void commence(HttpServletRequest request,
                         HttpServletResponse response,
                         AuthenticationException authException) throws IOException {
-        // 当用户尝试访问安全的REST资源而不提供任何凭据时，将调用此方法发送401 响应
+        /**
+         * 主要是未登录的用户尝试通过URL来访问资源
+         * 当用户尝试访问安全的REST资源而不提供任何凭据时，将调用此方法发送401 响应
+         */
        response.sendError(HttpServletResponse.SC_UNAUTHORIZED, authException==null?"Unauthorized":authException.getMessage());
    }
 }
--- a/eladmin-system/src/main/resources/config/application-dev.yml
+++ b/eladmin-system/src/main/resources/config/application-dev.yml
@ -65,8 +65,8 @@ swagger:

 # 文件存储路径
 file:
-  path: C:\eladmin\file\
-  avatar: C:\eladmin\avatar\
+  path: D:\eladmin\file\
+  avatar: D:\eladmin\avatar\
  # 文件大小 /M
  maxSize: 100
  avatarMaxSize: 5
--- a/eladmin-system/src/main/resources/config/application.yml
+++ b/eladmin-system/src/main/resources/config/application.yml
@ -25,7 +25,7 @@ spring:
    database: 0
    host: 127.0.0.1
    port: 6379
-    password:
+    password: 1234
    #连接超时时间
    timeout: 5000