日志

753e145f · suntao · cf1d130c · 753e145f · 753e145f · 753e145f
Commit 753e145f authored Jan 03, 2020 by suntao
3 changed files
--- a/src/main/java/cn/quantgroup/cashloanflowboss/core/Application.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/core/Application.java
@@ -2,6 +2,7 @@ package cn.quantgroup.cashloanflowboss.core;

 import cn.quantgroup.cashloanflowboss.api.login.model.Principal;
 import cn.quantgroup.cashloanflowboss.core.dictionary.ApplicationDictionary;
+import cn.quantgroup.cashloanflowboss.utils.IpUtil;
 import cn.quantgroup.cashloanflowboss.utils.JSONTools;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.BeansException;
@@ -174,8 +175,9 @@ public class Application implements ApplicationContextAware, ServletContextAware
    public static Principal getPrincipal() {
        HttpSession session = getSession();
        if (Objects.nonNull(session)) {
-            log.info("后来访问获取sessionId={},PRINCIPAL={}", session.getId(), JSONTools.serialize(session.getAttribute(ApplicationDictionary.PRINCIPAL)));
-            return JSONTools.deserialize(String.valueOf(session.getAttribute(ApplicationDictionary.PRINCIPAL)), Principal.class);
+            Principal principal = JSONTools.deserialize(String.valueOf(session.getAttribute(ApplicationDictionary.PRINCIPAL)), Principal.class);
+            log.info("后来访问获取sessionId={},userName={}", session.getId(), principal != null ? principal.getUserInfo().getUsername() : "null");
+            return principal;
        } else {
            log.info("后来访问获取session为空");
            return null;
@@ -189,11 +191,10 @@ public class Application implements ApplicationContextAware, ServletContextAware
    public static HttpSession getSession() {

        HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
-
        if (Objects.nonNull(request)) {
-
            HttpSession session = request.getSession();
            if (Objects.nonNull(session)) {
+                log.info("后来访问获取sessionId={},requestIp={}", session.getId(), IpUtil.getRemoteIP(request));
                return session;
            }
        }

--- a/src/main/java/cn/quantgroup/cashloanflowboss/core/configuration/ApplicationSecurityHandler.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/core/configuration/ApplicationSecurityHandler.java
@@ -11,6 +11,7 @@ import cn.quantgroup.cashloanflowboss.core.asserts.Assert;
 import cn.quantgroup.cashloanflowboss.core.base.Tuple;
 import cn.quantgroup.cashloanflowboss.core.dictionary.ApplicationStatus;
 import cn.quantgroup.cashloanflowboss.core.exception.ApplicationException;
+import lombok.extern.slf4j.Slf4j;
 import org.aopalliance.intercept.MethodInvocation;
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang3.BooleanUtils;
@@ -24,6 +25,7 @@ import java.util.List;
 /**
 * Created by WeiWei on 2019/7/26.
 */
+@Slf4j
 @Configuration
 public class ApplicationSecurityHandler implements SecurityHandler {

@@ -37,12 +39,14 @@ public class ApplicationSecurityHandler implements SecurityHandler {

        // 检查是否已登录
        if (principal == null) {
+            log.info("未曾登陆，需要重新登陆");
            return new Tuple<>(Boolean.FALSE, ApplicationStatus.AUTHENTICATION_LOGIN);
        }

        // 是否 被挤下线
        Boolean isLogin = Assert.isLastLogin(loginService.getConcurrentHashMapLoginInfo());
        if (BooleanUtils.isTrue(isLogin)) {
+            log.info("已在其他地方登陆，需要重新登陆,userName=" + principal.getUserInfo().getUsername());
            // 退出登陆
            loginService.logout();
            // 返回 信息
@@ -58,7 +62,12 @@ public class ApplicationSecurityHandler implements SecurityHandler {
            }
            return roleList.stream().anyMatch(roleItem -> this.checkAuthority(authorityId, roleItem));
        });
-        return new Tuple<>(hasPrivilege, hasPrivilege ? null : ApplicationStatus.INVALID_AUTHORITY);
+        if (hasPrivilege) {
+            return new Tuple<>(Boolean.TRUE, null);
+        } else {
+            log.info("权限不足,userName={},authorityId={}" + principal.getUserInfo().getUsername(), authorityId);
+            return new Tuple<>(Boolean.FALSE, ApplicationStatus.INVALID_AUTHORITY);
+        }

    }


--- a/src/main/java/cn/quantgroup/cashloanflowboss/utils/IpUtil.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/utils/IpUtil.java
+package cn.quantgroup.cashloanflowboss.utils;
+
+import org.apache.commons.lang3.StringUtils;
+
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * IP地址工具类
+ * @author mengfan.feng
+ * @time 2015-10-27 11:41
+ */
+public class IpUtil {
+
+  /**
+   * 通过指定请求获得对应的远程ip地址
+   * @param request
+   * @return
+   */
+    public static String getRemoteIP(HttpServletRequest request) {
+        String ip = request.getHeader("x-real-ip");
+        if (StringUtils.isEmpty(ip)) {
+            ip = request.getRemoteAddr();
+        }
+
+        //过滤反向代理的ip
+        String[] stemps = ip.split(",");
+        if (stemps != null && stemps.length >= 1) {
+            //得到第一个IP，即客户端真实IP
+            ip = stemps[0];
+        }
+
+        ip = ip.trim();
+        int length = 23;
+        if (ip.length() > length) {
+            ip = ip.substring(0, 23);
+        }
+
+        return ip;
+    }
+}