修复登入、登出

src/main/java/cn/quantgroup/cashloanflowboss/api/log/controller/LogController.java

@@ -2,6 +2,7 @@ package cn.quantgroup.cashloanflowboss.api.log.controller;
 
 import cn.quantgroup.cashloanflowboss.api.log.model.LoginFormModel;
 import cn.quantgroup.cashloanflowboss.api.log.service.LogService;
+import cn.quantgroup.cashloanflowboss.component.security.Authority;
 import cn.quantgroup.cashloanflowboss.component.security.annotiation.Security;
 import cn.quantgroup.cashloanflowboss.core.base.Result;
 import cn.quantgroup.cashloanflowboss.core.dictionary.ApplicationStatus;
@@ -38,8 +39,8 @@ public class LogController {
      *
      * @return
      */
-    @Security(authorityId = "Log.logout")
     @DeleteMapping("/logout")
+    @Security(authorityId = "Log.logout", authorities = Authority.READ)
     public Result<Boolean> logout() {
         return new Result<>(ApplicationStatus.SUCCESS, this.logService.logout());
     }

src/main/java/cn/quantgroup/cashloanflowboss/api/log/service/LogService.java

 package cn.quantgroup.cashloanflowboss.api.log.service;
 
+import cn.quantgroup.cashloanflowboss.api.role.entity.Permission;
 import cn.quantgroup.cashloanflowboss.api.user.dictionary.UserStatus;
 import cn.quantgroup.cashloanflowboss.api.user.entity.boss.User;
 import cn.quantgroup.cashloanflowboss.api.user.service.UserService;
@@ -15,7 +16,7 @@ import org.springframework.stereotype.Service;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
-import java.util.HashMap;
+import java.util.Arrays;
 
 /**
  * Created by WeiWei on 2019/7/22.
@@ -51,9 +52,12 @@ public class LogService {
         Assert.isFalse(user.getPassword().equalsIgnoreCase(MD5Tools.md5(password)), ApplicationStatus.USERNAME_OR_PASSWORD_ERROR);
 
         HttpSession session = this.request.getSession(true);
-        session.setAttribute(ApplicationDictionary.SECURITY_KEY, JSONTools.serialize(new HashMap<String, Authority>() {{
-            put("Log.logout", Authority.CREATE);
-        }}));
+
+        Permission permission = new Permission();
+        permission.setId("Log.logout");
+        permission.setAuthorities(Arrays.asList(Authority.READ));
+
+        session.setAttribute(ApplicationDictionary.SECURITY_KEY, JSONTools.serialize(Arrays.asList(permission)));
 
         return true;
 

src/main/java/cn/quantgroup/cashloanflowboss/core/configuration/ApplicationExceptionConfiguration.java

@@ -106,7 +106,7 @@ public class ApplicationExceptionConfiguration {
         }
 
         String errorMessage = ApplicationException.class.isAssignableFrom(e.getClass()) ? cause.getMessage() : e.getMessage();
-        log.error("程序员开小差了,未明确的异常信息:{}", errorMessage);
+        log.error("程序员开小差了,未明确的异常信息:{}", e);
 
         return new Result<>(ApplicationStatus.INTERNAL_SERVICE_ERROR, ApplicationStatus.INTERNAL_SERVICE_ERROR.getMessage());
 

src/main/java/cn/quantgroup/cashloanflowboss/core/configuration/ApplicationSecurityConfiguration.java

@@ -34,7 +34,7 @@ public class ApplicationSecurityConfiguration implements SecurityHandler {
         HttpSession session = this.request.getSession(false);
 
         // 检查是否已登录
-        Assert.isNull(session.getAttribute(ApplicationDictionary.SECURITY_KEY), ApplicationStatus.AUTHENTICATION_FAILURE);
+        Assert.isTrue((Objects.isNull(session) || Objects.isNull(session.getAttribute(ApplicationDictionary.SECURITY_KEY))), ApplicationStatus.AUTHENTICATION_FAILURE);
 
         // 读取Session授权内容
         List<Permission> permissions = JSONTools.deserialize(String.valueOf(session.getAttribute(ApplicationDictionary.SECURITY_KEY)), new TypeReference<List<Permission>>() {});