修改在获得用户session方法里面因为使用threadLocal,可能会出现串数据的问题，统一使用getCurrentUserFromRedis和...

修改在获得用户session方法里面因为使用threadLocal,可能会出现串数据的问题，统一使用getCurrentUserFromRedis和 getXSessionFromRedis方法规避风险

修改在获得用户session方法里面因为使用threadLocal,可能会出现串数据的问题，统一使用getCurrentUserFromRedis和...
修改在获得用户session方法里面因为使用threadLocal,可能会出现串数据的问题，统一使用getCurrentUserFromRedis和 getXSessionFromRedis方法规避风险
47e4eb2b · 技术部—现金贷—曾丽宾 · a574abac · 47e4eb2b · 47e4eb2b · 47e4eb2b
Commit 47e4eb2b authored Jun 09, 2017 by 技术部—现金贷—曾丽宾
5 changed files
--- a/src/main/java/cn/quantgroup/xyqb/controller/IBaseController.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/IBaseController.java
@@ -15,6 +15,7 @@ import static cn.quantgroup.xyqb.session.XyqbSessionContextHolder.getXSessionFro
 */
 public interface IBaseController {

+  @Deprecated
  default User getCurrentUser() {
    SessionStruct session = getXSession();
    if (session == null) {
@@ -23,10 +24,19 @@ public interface IBaseController {
    return getXSession().getValues().getUser();
  }

+  @Deprecated
  default SessionStruct getSessionStruct() {
    return getXSession();
  }

+  default User getCurrentUserFromRedis() {
+    SessionStruct session = getXSessionFromRedis();
+    if (session == null) {
+      return null;
+    }
+    return session.getValues().getUser();
+  }
+
  default SessionStruct getCurrentSessionFromRedis(){
    return   getXSessionFromRedis();
  }

--- a/src/main/java/cn/quantgroup/xyqb/controller/internal/platform/PlatformAPIController.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/internal/platform/PlatformAPIController.java
@@ -47,7 +47,7 @@ public class PlatformAPIController implements IBaseController {

  @RequestMapping("/page/next")
  public JsonResult nextPage(String key, String target, @RequestParam(required = false, defaultValue = "") String currentPage) {
-    User user = getCurrentUser();
+    User user = getCurrentUserFromRedis();
    if (null == user) {
      return JsonResult.buildErrorStateResult("未找到用户", null);
    }

--- a/src/main/java/cn/quantgroup/xyqb/controller/internal/user/UserController.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/internal/user/UserController.java
@@ -88,7 +88,7 @@ public class UserController implements IBaseController {

  @RequestMapping("/test")
  public JsonResult test() {
-    return JsonResult.buildSuccessResult("", getCurrentUser());
+    return JsonResult.buildSuccessResult("", getCurrentUserFromRedis());
  }

  @RequestMapping("/login/fast")
@@ -368,7 +368,7 @@ public class UserController implements IBaseController {

  @RequestMapping("/syncUserInfo")
  public JsonResult syncUserInfo() {
-    User user = getCurrentUser();
+    User user = getCurrentUserFromRedis();
    if (null == user) {
      return JsonResult.buildErrorStateResult(null, null);
    }
@@ -450,7 +450,7 @@ public class UserController implements IBaseController {

  @RequestMapping("/associate_wechat")
  public JsonResult associateWithWechat(String openId) {
-    User user = getCurrentUser();
+    User user = getCurrentUserFromRedis();
    Long userId = user.getId();
    WechatUserInfo userInfo = wechatService.findWechatUserInfoFromDb(openId);
    LOGGER.info("微信关联openId,user:[{}],openId:[{}],wechatUserInfo:[{}]",user,openId,userInfo);

--- a/src/main/java/cn/quantgroup/xyqb/controller/internal/user/UserDetailController.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/internal/user/UserDetailController.java
@@ -42,7 +42,7 @@ public class UserDetailController implements IBaseController {
      if (!info.isValid()) {
        return JsonResult.buildErrorStateResult("身份证号码错误", null);
      }
-      User user = getCurrentUser();
+      User user = getCurrentUserFromRedis();
      if (user == null) {
        return JsonResult.buildErrorStateResult("系统错误", null);
      }

--- a/src/main/java/cn/quantgroup/xyqb/filter/RequestFilter.java
+++ b/src/main/java/cn/quantgroup/xyqb/filter/RequestFilter.java
@@ -49,7 +49,7 @@ public class RequestFilter implements Filter {
    SessionStruct sessionStruct;
    if (!isMatch(requestPath)) {
      //获取session信息,如果没有获取到session信息则返回错误信息
-      sessionStruct = XyqbSessionContextHolder.getXSession();
+      sessionStruct = XyqbSessionContextHolder.getXSessionFromRedis();
      if (sessionStruct == null) {
        response.setStatus(401);
        response.setHeader("Content-Type", "application/json;charset=utf-8");
@@ -61,7 +61,7 @@ public class RequestFilter implements Filter {
      try {
        filterChain.doFilter(request, response);
      } finally {
-        sessionStruct = XyqbSessionContextHolder.getXSession();
+        sessionStruct = XyqbSessionContextHolder.getXSessionFromRedis();
        if (sessionStruct != null) {
          try {
            sessionService.persistSession(sessionStruct.getSid(), sessionStruct.getValues());