修改登陆

dea339da · suntao · ebb9c509 · dea339da · dea339da · dea339da
Commit dea339da authored Aug 19, 2020 by suntao
7 changed files
--- a/src/main/java/cn/quantgroup/cashloanflowboss/api/login/service/LoginServiceImpl.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/api/login/service/LoginServiceImpl.java
@@ -9,22 +9,16 @@ import cn.quantgroup.cashloanflowboss.core.Application;
 import cn.quantgroup.cashloanflowboss.core.base.Tuple;
 import cn.quantgroup.cashloanflowboss.core.dictionary.ApplicationDictionary;
 import cn.quantgroup.cashloanflowboss.core.dictionary.ApplicationStatus;
-import cn.quantgroup.cashloanflowboss.utils.JSONTools;
 import cn.quantgroup.cashloanflowboss.utils.MD5Tools;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.data.redis.core.StringRedisTemplate;
-import org.springframework.data.redis.core.ValueOperations;
 import org.springframework.stereotype.Service;

-import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
 import java.util.Date;
-import java.util.Map;
 import java.util.UUID;
-import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.TimeUnit;

 /**
@@ -40,11 +34,8 @@ public class LoginServiceImpl implements LoginService {
    @Autowired
    private HttpServletRequest request;

-    @Resource(name = "redisTemplate")
-    private ValueOperations<String, Principal> loginOperations;
-
-//    @Resource(name = "stringRedisTemplate")
-//    private StringRedisTemplate stringRedisTemplate;
+    @Autowired
+    private PrincipalService principalService;

    /**
     * 登入
@@ -94,9 +85,12 @@ public class LoginServiceImpl implements LoginService {
        principal.setRoles(user.getRoles());
        long currentTimeMillis = System.currentTimeMillis();
        principal.setLoginTimeMillis(currentTimeMillis);
+
+
        String token = UUID.randomUUID().toString();
+        principalService.pushPrincipal(token, principal);
+
 //        stringRedisTemplate.opsForValue().set(principal.getUserInfo().getUsername(), token, 3, TimeUnit.HOURS);
-        loginOperations.set(token, principal, 3, TimeUnit.HOURS);
 //        session.setAttribute(ApplicationDictionary.PRINCIPAL, JSONTools.serialize(principal));
        // session登陆时间，毫秒值
        session.setAttribute(ApplicationDictionary.USER_SESSION_LOGIN_TIME, currentTimeMillis);
@@ -115,10 +109,7 @@ public class LoginServiceImpl implements LoginService {
     */
    @Override
    public boolean logout() {
-        String bossToken = Application.getBossToken(request);
-        if (StringUtils.isNotEmpty(bossToken)) {
-            loginOperations.getOperations().delete(bossToken);
-        }
+        principalService.removePrincipal();

        this.request.getSession().removeAttribute(ApplicationDictionary.PRINCIPAL);


--- a/src/main/java/cn/quantgroup/cashloanflowboss/api/login/service/PrincipalService.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/api/login/service/PrincipalService.java
+package cn.quantgroup.cashloanflowboss.api.login.service;
+
+import cn.quantgroup.cashloanflowboss.api.login.model.Principal;
+
+/**
+ * 获取用户登陆主题信息
+ *
+ * @author tao
+ * @version 2020-08-19 17:22
+ */
+public interface PrincipalService {
+
+    Principal getPrincipal();
+
+    void pushPrincipal(String token, Principal principal);
+
+    void removePrincipal();
+}
--- a/src/main/java/cn/quantgroup/cashloanflowboss/api/login/service/PrincipalServiceImpl.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/api/login/service/PrincipalServiceImpl.java
+package cn.quantgroup.cashloanflowboss.api.login.service;
+
+import cn.quantgroup.cashloanflowboss.api.login.model.Principal;
+import cn.quantgroup.cashloanflowboss.core.Application;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.core.ValueOperations;
+import org.springframework.stereotype.Component;
+
+import javax.annotation.Resource;
+import javax.servlet.http.HttpServletRequest;
+import java.util.UUID;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * @author tao
+ * @version 2020-08-19 17:23
+ */
+@Component
+public class PrincipalServiceImpl implements PrincipalService {
+
+    @Autowired
+    private HttpServletRequest request;
+
+    @Resource(name = "redisTemplate")
+    private ValueOperations<String, Principal> loginOperations;
+
+    @Override
+    public Principal getPrincipal() {
+        String bossToken = Application.getBossToken(request);
+        if (StringUtils.isNotEmpty(bossToken)) {
+            return loginOperations.get(bossToken);
+        }
+        return null;
+    }
+
+    @Override
+    public void pushPrincipal(String token, Principal principal) {
+        loginOperations.set(token, principal, 3, TimeUnit.HOURS);
+    }
+
+    @Override
+    public void removePrincipal() {
+        String bossToken = Application.getBossToken(request);
+        if (StringUtils.isNotEmpty(bossToken)) {
+            loginOperations.getOperations().delete(bossToken);
+        }
+    }
+
+
+}
--- a/src/main/java/cn/quantgroup/cashloanflowboss/core/Application.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/core/Application.java
 package cn.quantgroup.cashloanflowboss.core;

 import cn.quantgroup.cashloanflowboss.api.login.model.Principal;
+import cn.quantgroup.cashloanflowboss.api.login.service.PrincipalService;
 import cn.quantgroup.cashloanflowboss.core.constants.Constants;
 import cn.quantgroup.cashloanflowboss.core.dictionary.ApplicationDictionary;
 import cn.quantgroup.cashloanflowboss.utils.IpUtil;
 import cn.quantgroup.cashloanflowboss.utils.JSONTools;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.BeansException;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.ApplicationContextAware;
 import org.springframework.context.ApplicationEvent;
+import org.springframework.data.redis.core.ValueOperations;
 import org.springframework.stereotype.Component;
 import org.springframework.web.context.ServletContextAware;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;

+import javax.annotation.Resource;
 import javax.servlet.ServletContext;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
@@ -35,11 +39,6 @@ public class Application implements ApplicationContextAware, ServletContextAware

    private static ServletContext servletContext;

-    /**
-     * 用户为key，登陆信息（最后登陆时间）
-     */
-    private ConcurrentHashMap<String, Object> loginInfo;
-

    public static ApplicationContext getApplicationContext() {
        return applicationContext;
@@ -174,15 +173,18 @@ public class Application implements ApplicationContextAware, ServletContextAware
     * @return
     */
    public static Principal getPrincipal() {
-        HttpSession session = getSession();
-        if (Objects.nonNull(session)) {
-            Principal principal = JSONTools.deserialize(String.valueOf(session.getAttribute(ApplicationDictionary.PRINCIPAL)), Principal.class);
-            // log.info("后来访问获取sessionId={},userName={}", session.getId(), principal != null ? principal.getUserInfo().getUsername() : "null");
-            return principal;
-        } else {
-            log.info("后来访问获取session为空");
-            return null;
-        }
+//        HttpSession session = getSession();
+//        if (Objects.nonNull(session)) {
+//            Principal principal = JSONTools.deserialize(String.valueOf(session.getAttribute(ApplicationDictionary.PRINCIPAL)), Principal.class);
+//            // log.info("后来访问获取sessionId={},userName={}", session.getId(), principal != null ? principal.getUserInfo().getUsername() : "null");
+//            return principal;
+//        } else {
+//            log.info("后来访问获取session为空");
+//            return null;
+//        }
+
+        PrincipalService principalService = Application.getBean(PrincipalService.class);
+        return principalService.getPrincipal();
    }
    /**
     * 获取用户主要信息
@@ -190,7 +192,6 @@ public class Application implements ApplicationContextAware, ServletContextAware
     * @return
     */
    public static HttpSession getSession() {
-
        HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
        if (Objects.nonNull(request)) {
            HttpSession session = request.getSession();

--- a/src/main/java/cn/quantgroup/cashloanflowboss/core/configuration/ApplicationSecurityHandler.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/core/configuration/ApplicationSecurityHandler.java
@@ -3,6 +3,7 @@ package cn.quantgroup.cashloanflowboss.core.configuration;
 import cn.quantgroup.cashloanflowboss.api.login.model.Principal;
 import cn.quantgroup.cashloanflowboss.api.login.service.LoginService;
 import cn.quantgroup.cashloanflowboss.api.login.service.LoginServiceImpl;
+import cn.quantgroup.cashloanflowboss.api.login.service.PrincipalService;
 import cn.quantgroup.cashloanflowboss.api.role.entity.Role;
 import cn.quantgroup.cashloanflowboss.component.security.Authority;
 import cn.quantgroup.cashloanflowboss.component.security.SecurityHandler;
@@ -34,19 +35,18 @@ public class ApplicationSecurityHandler implements SecurityHandler {
    @Autowired
    private LoginService loginService;

-    @Autowired
-    private HttpServletRequest request;
+//    @Autowired
+//    private HttpServletRequest request;

-    @Resource(name = "redisTemplate")
-    private ValueOperations<String, Principal> loginOperations;
+    @Autowired
+    private PrincipalService principalService;

    @Override
    public Tuple<Boolean, ApplicationStatus> doAuthentication(MethodInvocation invocation, String authorityId, Authority[] authority) {

-        String token = Application.getBossToken(request);
-        Principal principal = loginOperations.get(token);
+//        Principal principal = principalService.getPrincipal();

-//        Principal principal = Application.getPrincipal();
+        Principal principal = Application.getPrincipal();

        // 检查是否已登录
        if (principal == null) {

--- a/src/main/java/cn/quantgroup/cashloanflowboss/core/configuration/web/CorsFilter.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/core/configuration/web/CorsFilter.java
@@ -36,7 +36,7 @@ public class CorsFilter implements Filter {
        //允许请求的类型
        resp.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH");
        //允许的请求头字段
-        resp.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, cluster");
+        resp.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, cluster, boss-token");
        //设置预检请求的有效期
        //浏览器同源策略：出于安全考虑，浏览器限制跨域的http请求。怎样限制呢？通过发送两次请求：预检请求、用户请求。
        //1、预检请求作用：获知服务器是否允许该跨域请求：如果允许，才发起第二次真实的请求；如果不允许，则拦截第二次请求

--- a/src/main/java/cn/quantgroup/cashloanflowboss/core/constants/Constants.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/core/constants/Constants.java
@@ -14,5 +14,5 @@ public interface Constants {
    String TOKEN = "token";
    String TRUE = "true";
    String START_THIS = "#this";
-    String UI_HEADER_TOKEN = "boss_token";
+    String UI_HEADER_TOKEN = "boss-token";
 }