fix header and option request bug

rankin-api-web/src/main/java/cn/rankin/apiweb/controller/CollectionController.java

@@ -0,0 +1,9 @@
+package cn.rankin.apiweb.controller;
+
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequestMapping(value = "/user/collection")
+public class CollectionController {
+}

rankin-api-web/src/main/java/cn/rankin/apiweb/controller/UserController.java

@@ -30,5 +30,4 @@ public class UserController {
         return APIResult.ok(userInfoVo);
     }
 
-    @RequestMapping(value = "/collection", method = RequestMethod.)
 }

rankin-cms-web/src/main/java/cn/rankin/cmsweb/configuration/CmsConfiguration.java

@@ -39,7 +39,7 @@ public class CmsConfiguration extends WebMvcConfigurerAdapter implements Environ
 
 	public void addInterceptors(InterceptorRegistry registry) {
 		registry.addInterceptor(new HeaderProcessIntercepter());
-		registry.addInterceptor(new IgnoreOptionsInterceptor());
+     	registry.addInterceptor(new IgnoreOptionsInterceptor());
 	}
 	public void addArgumentResolvers(List<HandlerMethodArgumentResolver> argumentResolvers) {
 		// 请求体参数解析器
@@ -47,7 +47,6 @@ public class CmsConfiguration extends WebMvcConfigurerAdapter implements Environ
 		argumentResolvers.add(needUserResolver);
 		super.addArgumentResolvers(argumentResolvers);
 	}
-
 	/**
 	 * Set the {@code Environment} that this object runs in.
 	 *
@@ -57,4 +56,5 @@ public class CmsConfiguration extends WebMvcConfigurerAdapter implements Environ
 	public void setEnvironment(Environment environment) {
 		this.environment = environment;
 	}
+
 }

rankin-cms-web/src/main/java/cn/rankin/cmsweb/configuration/SecurityConfig.java

@@ -8,6 +8,7 @@ import cn.rankin.cmsweb.security.JwtAuthenticationTokenFilter;
 import cn.rankin.cmsweb.security.JwtTokenService;
 import cn.rankin.common.utils.api.model.APIResult;
 import cn.rankin.common.utils.util.HttpUtil;
+import com.google.common.collect.ImmutableList;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -37,7 +38,11 @@ import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuc
 import org.springframework.security.web.authentication.session.SessionAuthenticationException;
 import org.springframework.security.web.header.Header;
 import org.springframework.security.web.header.HeaderWriter;
+import org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter;
 import org.springframework.security.web.session.SessionManagementFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
 import javax.servlet.ServletException;
 import javax.servlet.http.Cookie;
@@ -55,7 +60,7 @@ import java.util.List;
  */
 @Configuration
 @EnableWebSecurity
-@EnableGlobalMethodSecurity(prePostEnabled = false)//允许进入页面方法前检验
+@EnableGlobalMethodSecurity(prePostEnabled = true)//允许进入页面方法前检验
 @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
@@ -131,11 +136,9 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
      */
     @Override
     public void configure(WebSecurity web) throws Exception {
-        HttpUtil.antMatchers(HttpMethod.OPTIONS, "/**");
+        HttpUtil.antMatchers(HttpMethod.OPTIONS);
         HttpUtil.antMatchers(HttpMethod.GET, "/error", "/login/**", "/logout", "/favicon.ico");
-        HttpUtil.antMatchers(HttpMethod.POST, "/file/**");
         web.ignoring().requestMatchers(HttpUtil.getMatchersArray());
-
     }
 
     @Override
@@ -143,15 +146,14 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
         // 禁用缓存
         http.
-                headers().cacheControl()
-                .and().addHeaderWriter(new StaticHeadersWriter());
+                headers().cacheControl();
+//                .and().addHeaderWriter(new StaticHeadersWriter());
 
         http
                 // 分权限验证
-//                .authorizeRequests()
-//                .anyRequest().authenticated()
-//                .and().csrf().disable()
-                .csrf().disable()
+                .authorizeRequests()
+                .anyRequest().authenticated()
+                .and().csrf().disable()
                 .authorizeRequests().antMatchers("/login", "/logout", "/favicon.ico", "/error", "/file/**").permitAll()
                 .and().addFilterBefore(jwtAuthenticationTokenFilter, SessionManagementFilter.class);
 
@@ -270,8 +272,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
                              AuthenticationException authException) throws IOException {
             //原生返回 response.sendError(HttpServletResponse.SC_UNAUTHORIZED,"Authentication Failed: " + authException.getMessage());
             //cookie失效
-            HttpUtil.error(request, response, CmsWebAPICode.ACCESS_DENIED);
+            HttpUtil.error(request, response, CmsWebAPICode.AUTHORIZED_FAILD);
         }
     }
-
 }

rankin-cms-web/src/main/java/cn/rankin/cmsweb/security/JwtAuthenticationTokenFilter.java

@@ -9,6 +9,7 @@ import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.core.NamedThreadLocal;
+import org.springframework.core.annotation.Order;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.web.util.matcher.RequestMatcher;
@@ -50,6 +51,13 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
     protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
         startTimeThreadLocal.set(System.currentTimeMillis());//线程绑定变量（该数据只有当前请求的线程可见）
         logger.info("进入JwtAuthenticationTokenFilter开始 url={} method={}", request.getRequestURI(), request.getMethod());
+
+        if (HttpMethod.OPTIONS.matches(request.getMethod()) || request.getRequestURL().indexOf("favicon.ico")!=-1) {
+            logger.debug("OPTIONS 请求 忽略 返回200");
+            response.setStatus(HttpStatus.OK.value());
+            HttpUtil.ok(request,response);
+            return;
+        }
         //如果不想走过滤的url  忽略掉
         if (HttpUtil.ignoreRequest.size()>0){
             logger.debug("HttpUtil.ignoreRequest" , JSON.toJSONString(HttpUtil.ignoreRequest));
@@ -62,12 +70,6 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
             }
         }
 
-        if (HttpMethod.OPTIONS.matches(request.getMethod()) || request.getRequestURL().indexOf("favicon.ico")!=-1) {
-            logger.debug("OPTIONS 请求 忽略 返回200");
-            response.setStatus(HttpStatus.OK.value());
-            HttpUtil.ok(request,response);
-            return;
-        }
 
         String authToken = null;
         Cookie cookie = WebUtils.getCookie(request, this.cookieName);

rankin-common-utils/src/main/java/cn/rankin/common/utils/util/HttpUtil.java

@@ -4,6 +4,7 @@ import cn.rankin.common.utils.api.model.BaseCode;
 import cn.rankin.common.utils.api.model.APICode;
 import cn.rankin.common.utils.api.model.APIResult;
 import com.alibaba.fastjson.JSON;
+import com.sun.deploy.net.HttpResponse;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpMethod;
@@ -41,6 +42,7 @@ public class HttpUtil {
     }
     public static void responseOutWithJson(HttpServletRequest request, HttpServletResponse response, Object data) {
         //将实体对象转换为JSON Object转换
+        processHeader(request, response);
         PrintWriter out = null;
         try {
             out = response.getWriter();
@@ -55,6 +57,26 @@ public class HttpUtil {
         }
     }
 
+    public static void processHeader(HttpServletRequest request, HttpServletResponse response) {
+        String origin = request.getHeader("Origin");
+        String headers = request.getHeader("Access-Control-Request-Headers");
+        if (!StringUtils.isEmpty(headers)) {
+            headers = ", " + headers;
+        } else {
+            headers = "";
+        }
+
+        response.setHeader("Access-Control-Allow-Origin", "*");
+        response.setHeader("Content-Type", "application/json;charset=UTF-8");
+
+        if (!StringUtils.isEmpty(origin)) {
+            response.setHeader("Access-Control-Allow-Origin", origin);
+            response.setHeader("Access-Control-Allow-Methods", "GET, POST, HEAD, OPTIONS, PUT, DELETE, TRACE, PATCH");
+            response.setHeader("Access-Control-Allow-Headers", "Origin, X-Token, Authentication, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Cache-control "+headers);
+            response.setHeader("Access-Control-Allow-Credentials", "true");
+        }
+    }
+
     public static void delCookies(HttpServletRequest request, HttpServletResponse response, String...  cookies) {
         for (String cookieName : cookies) {
             Cookie cookie = new Cookie(cookieName, null);

rankin-common-utils/src/main/java/cn/rankin/common/utils/web/intercepter/HeaderProcessIntercepter.java

@@ -1,5 +1,6 @@
 package cn.rankin.common.utils.web.intercepter;
 
+import cn.rankin.common.utils.util.HttpUtil;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Component;
@@ -20,23 +21,7 @@ public class  HeaderProcessIntercepter implements HandlerInterceptor {
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
         logger.debug("enter HeaderProcessIntercepter");
-        String origin = request.getHeader("Origin");
-        String headers = request.getHeader("Access-Control-Request-Headers");
-        if (!StringUtils.isEmpty(headers)) {
-            headers = ", " + headers;
-        } else {
-            headers = "";
-        }
-
-        response.setHeader("Access-Control-Allow-Origin", "*");
-        response.setHeader("Content-Type", "application/json;charset=UTF-8");
-
-        if (!StringUtils.isEmpty(origin)) {
-            response.setHeader("Access-Control-Allow-Origin", origin);
-            response.setHeader("Access-Control-Allow-Methods", "GET, POST, HEAD, OPTIONS, PUT, DELETE, TRACE, PATCH");
-            response.setHeader("Access-Control-Allow-Headers", "Origin, X-Token, Authentication, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Cache-control "+headers);
-            response.setHeader("Access-Control-Allow-Credentials", "true");
-        }
+        HttpUtil.processHeader(request, response);
         return true;
     }
 

rankin-data-api/src/main/java/cn/rankin/data/api/user/entity/Collection.java

@@ -0,0 +1,43 @@
+package cn.rankin.data.api.user.entity;
+
+import cn.rankin.common.utils.enums.BaseStatusEnum;
+import cn.rankin.common.utils.enums.ProductTypeEnum;
+import lombok.Data;
+import lombok.ToString;
+import org.hibernate.annotations.DynamicInsert;
+import org.hibernate.annotations.DynamicUpdate;
+
+import javax.persistence.*;
+import java.io.Serializable;
+import java.util.Date;
+
+@Data
+@ToString
+@Entity
+@Table(name = "u_collection", uniqueConstraints = {@UniqueConstraint(columnNames = {"user_id", "pid"})})
+@DynamicInsert
+@DynamicUpdate
+public class Collection implements Serializable {
+
+    @Id
+    private String id;
+
+    @Column(name = "user_id")
+    private String userId;
+
+    private String pid;
+
+    @Enumerated(EnumType.ORDINAL)
+    private ProductTypeEnum type;
+
+    @Enumerated(EnumType.ORDINAL)
+    private BaseStatusEnum status;
+
+    @Column(name = "gmt_created", updatable = false, insertable = false, columnDefinition = "timestamp NULL DEFAULT CURRENT_TIMESTAMP")
+    @Temporal(TemporalType.TIMESTAMP)
+    private Date gmtCreated;
+
+    @Column(name = "gmt_modified", updatable = false, insertable = false, columnDefinition = "timestamp NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP")
+    @Temporal(TemporalType.TIMESTAMP)
+    private Date gmtModified;
+}

rankin-data-api/src/main/java/cn/rankin/data/api/user/vo/CollectionVo.java

@@ -0,0 +1,27 @@
+package cn.rankin.data.api.user.vo;
+
+import cn.rankin.common.utils.enums.BaseStatusEnum;
+import cn.rankin.common.utils.enums.ProductTypeEnum;
+import lombok.Data;
+import lombok.ToString;
+import java.io.Serializable;
+import java.util.Date;
+
+@Data
+@ToString
+public class CollectionVo implements Serializable {
+
+    private String id;
+
+    private String userId;
+
+    private String pid;
+
+    private ProductTypeEnum type;
+
+    private BaseStatusEnum status;
+
+    private Date gmtCreated;
+
+    private Date gmtModified;
+}

rankin-user-service/src/main/java/cn/rankin/userservice/controller/CmsUserController.java

@@ -89,7 +89,7 @@ public class CmsUserController {
     }
 
     @RequestMapping(value = "/user", method = RequestMethod.PUT)
-    public APIResult<CmsUser> update(CmsUserDTO userDTO) {
+    public APIResult<CmsUser> update(@RequestBody CmsUserDTO userDTO) {
         if (StringUtils.isEmpty(userDTO.getId())) {
             return APIResult.error(UserServiceAPICode.PARAMETER_ERROR);
         }

rankin-user-service/src/main/java/cn/rankin/userservice/controller/CollectionController.java

@@ -0,0 +1,17 @@
+package cn.rankin.userservice.controller;
+
+import cn.rankin.common.utils.api.model.APIResult;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequestMapping(value = "/user/collection")
+public class CollectionController {
+
+//    @RequestMapping(method = RequestMethod.PUT)
+//    public APIResult<Boolean> add(@RequestBody) {
+//
+//    }
+}

rankin-user-service/src/main/java/cn/rankin/userservice/repository/CollectionRepository.java

@@ -0,0 +1,7 @@
+package cn.rankin.userservice.repository;
+
+import cn.rankin.common.utils.jpa.BasicJpaRepository;
+import cn.rankin.data.api.user.entity.Collection;
+
+public interface CollectionRepository extends BasicJpaRepository<Collection, String> {
+}

rankin-user-service/src/main/java/cn/rankin/userservice/service/CollectionService.java

@@ -0,0 +1,14 @@
+package cn.rankin.userservice.service;
+
+import cn.rankin.userservice.repository.CollectionRepository;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+@Service
+@Slf4j
+public class CollectionService {
+
+    @Autowired
+    private CollectionRepository collectionRepository;
+}