diff --git a/modules/core/src/main/java/com/jeesite/common/shiro/filter/FormFilter.java b/modules/core/src/main/java/com/jeesite/common/shiro/filter/FormFilter.java index 3d57ca9d..1b56a733 100644 --- a/modules/core/src/main/java/com/jeesite/common/shiro/filter/FormFilter.java +++ b/modules/core/src/main/java/com/jeesite/common/shiro/filter/FormFilter.java @@ -269,17 +269,17 @@ public class FormFilter extends org.apache.shiro.web.filter.authc.FormAuthentica if (Global.getPropertyToBoolean("shiro.isGenerateNewSessionAfterLogin", "false")){ String[] keys = new String[] { ValidCodeUtils.VALID_CODE }; Map attrMap = MapUtils.newHashMap(); - final Session sessionOld = UserUtils.getSession(); + final Session oldSession = UserUtils.getSession(); for (String key : keys) { - Object value = sessionOld.getAttribute(key); + Object value = oldSession.getAttribute(key); if (value != null) { attrMap.put(key, value); } } UserUtils.getSubject().logout(); // 恢复生成新的Session之前的Session数据 - final Session sessionNew = UserUtils.getSession(); - attrMap.forEach(sessionNew::setAttribute); + final Session newSession = UserUtils.getSession(); + attrMap.forEach(newSession::setAttribute); } return super.executeLogin(request, response); } @@ -291,13 +291,15 @@ public class FormFilter extends org.apache.shiro.web.filter.authc.FormAuthentica try { return instance.onLoginSuccess(null, null, request, response); } catch (Exception e) { - e.printStackTrace(); + logger.error(e.getMessage(), e); } return false; } /** * 登录成功调用事件 + * @param token 通过 onLoginSuccess 静态方法调用时可能为空 + * @param subject 通过 onLoginSuccess 静态方法调用时可能为空 */ @Override protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest servletRequest, ServletResponse response) throws Exception { @@ -316,16 +318,18 @@ public class FormFilter extends org.apache.shiro.web.filter.authc.FormAuthentica /** * 登录失败调用事件(静态方便其他位置调用) */ + @SuppressWarnings("UnusedReturnValue") public static boolean onLoginFailure(AuthenticationException e, HttpServletRequest request, HttpServletResponse response) { return instance.onLoginFailure(null, e, request, response); } /** * 登录失败调用事件 + * @param token 通过 onLoginFailure 静态方法调用时可能为空 */ @Override protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) { - String message = StringUtils.EMPTY; + String message; if (e.getMessage() != null && StringUtils.startsWith(e.getMessage(), "msg:")) { message = StringUtils.replace(e.getMessage(), "msg:", ""); } else if (e instanceof IncorrectCredentialsException || e instanceof UnknownAccountException) { diff --git a/modules/core/src/main/java/com/jeesite/common/shiro/realm/AuthorizingRealm.java b/modules/core/src/main/java/com/jeesite/common/shiro/realm/AuthorizingRealm.java index ceadbc00..29904ced 100644 --- a/modules/core/src/main/java/com/jeesite/common/shiro/realm/AuthorizingRealm.java +++ b/modules/core/src/main/java/com/jeesite/common/shiro/realm/AuthorizingRealm.java @@ -8,6 +8,7 @@ import com.jeesite.common.codec.EncodeUtils; import com.jeesite.common.codec.SM3Utils; import com.jeesite.common.codec.ShaUtils; import com.jeesite.common.config.Global; +import com.jeesite.common.network.IpUtils; import com.jeesite.common.shiro.authc.FormToken; import com.jeesite.common.utils.SpringUtils; import com.jeesite.modules.sys.entity.Log; @@ -20,8 +21,8 @@ import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authz.AuthorizationInfo; -import org.apache.shiro.session.Session; -import org.apache.shiro.subject.Subject; + +import java.util.Date; /** * 系统认证授权实现类 @@ -70,8 +71,8 @@ public class AuthorizingRealm extends BaseAuthorizingRealm { * 获取用户授权信息,默认返回类型 SimpleAuthorizationInfo */ @Override - protected AuthorizationInfo doGetAuthorizationInfo(LoginInfo loginInfo, Subject subject, Session session, User user) { - return super.doGetAuthorizationInfo(loginInfo, subject, session, user); + protected AuthorizationInfo doGetAuthorizationInfo(LoginInfo loginInfo, User user) { + return super.doGetAuthorizationInfo(loginInfo, user); } /** @@ -116,13 +117,20 @@ public class AuthorizingRealm extends BaseAuthorizingRealm { @Override public void onLoginSuccess(LoginInfo loginInfo, HttpServletRequest request) { super.onLoginSuccess(loginInfo, request); - + // 更新登录IP、时间、会话ID等 User user = UserUtils.get(loginInfo.getId()); + user.setOldLastLoginIp(user.getLastLoginIp()); + user.setOldLastLoginDate(user.getLastLoginDate()); + user.setLastLoginIp(IpUtils.getRemoteAddr(request)); + user.setLastLoginDate(new Date()); getUserService().updateUserLoginInfo(user); - + // 记录用户登录日志 LogUtils.saveLog(user, request, "系统登录", Log.TYPE_LOGIN_LOGOUT); + + // 登录成功后,验证码计算器清零 + BaseAuthorizingRealm.isValidCodeLogin(user.getLoginCode(), user.getCorpCode_(), loginInfo.getParam("deviceType"), "success"); } @Override diff --git a/modules/core/src/main/java/com/jeesite/common/shiro/realm/LdapAuthorizingRealm.java b/modules/core/src/main/java/com/jeesite/common/shiro/realm/LdapAuthorizingRealm.java index bd68bd78..7acb58a1 100644 --- a/modules/core/src/main/java/com/jeesite/common/shiro/realm/LdapAuthorizingRealm.java +++ b/modules/core/src/main/java/com/jeesite/common/shiro/realm/LdapAuthorizingRealm.java @@ -25,8 +25,6 @@ import org.apache.shiro.realm.ldap.DefaultLdapRealm; import org.apache.shiro.realm.ldap.JndiLdapContextFactory; import org.apache.shiro.realm.ldap.LdapContextFactory; import org.apache.shiro.realm.ldap.LdapUtils; -import org.apache.shiro.session.Session; -import org.apache.shiro.subject.Subject; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.util.StringUtils; @@ -123,8 +121,8 @@ public class LdapAuthorizingRealm extends BaseAuthorizingRealm { } @Override - protected AuthorizationInfo doGetAuthorizationInfo(LoginInfo loginInfo, Subject subject, Session session, User user) { - return super.doGetAuthorizationInfo(loginInfo, subject, session, user); + protected AuthorizationInfo doGetAuthorizationInfo(LoginInfo loginInfo, User user) { + return super.doGetAuthorizationInfo(loginInfo, user); } @Override diff --git a/modules/core/src/main/java/com/jeesite/modules/sys/web/LoginController.java b/modules/core/src/main/java/com/jeesite/modules/sys/web/LoginController.java index c194246c..339ced00 100644 --- a/modules/core/src/main/java/com/jeesite/modules/sys/web/LoginController.java +++ b/modules/core/src/main/java/com/jeesite/modules/sys/web/LoginController.java @@ -53,9 +53,7 @@ public class LoginController extends BaseController{ public String login(HttpServletRequest request, HttpServletResponse response, Model model) { // 地址中如果包含JSESSIONID,则跳转一次,去掉JSESSIONID信息。 if (StringUtils.containsIgnoreCase(request.getRequestURI(), ";JSESSIONID=")){ - String queryString = request.getQueryString(); - queryString = queryString == null ? "" : "?" + queryString; - ServletUtils.redirectUrl(request, response, adminPath + "/login" + queryString); + redirectUrl(request, response, "/login"); return null; } @@ -63,9 +61,7 @@ public class LoginController extends BaseController{ Subject subject = UserUtils.getSubject(); LoginInfo loginInfo = UserUtils.getLoginInfo(subject); if(loginInfo != null){ - String queryString = request.getQueryString(); - queryString = queryString == null ? "" : "?" + queryString; - ServletUtils.redirectUrl(request, response, adminPath + "/index" + queryString); + redirectUrl(request, response, "/index"); return null; } @@ -109,12 +105,10 @@ public class LoginController extends BaseController{ // // 如果已经登录,则跳转到管理首页 // LoginInfo loginInfo = UserUtils.getLoginInfo(); // if(loginInfo != null){ // 注释掉,已经登录的账号,正常返回登录失败信息,方便前端判断。 -// String queryString = request.getQueryString(); -// queryString = queryString == null ? "" : "?" + queryString; -// ServletUtils.redirectUrl(request, response, adminPath + "/index" + queryString); +// redirectUrl(request, response, "/index"); // return null; // } - + // 获取登录失败数据 model.addAllAttributes(FormFilter.getLoginFailureData(request, response)); @@ -148,9 +142,7 @@ public class LoginController extends BaseController{ public String index(HttpServletRequest request, HttpServletResponse response, Model model) { // 地址中如果包含JSESSIONID,则跳转一次,去掉JSESSIONID信息。 if (StringUtils.containsIgnoreCase(request.getRequestURI(), ";JSESSIONID=")){ - String queryString = request.getQueryString(); - queryString = queryString == null ? "" : "?" + queryString; - ServletUtils.redirectUrl(request, response, adminPath + "/index" + queryString); + redirectUrl(request, response, "/index"); return null; } @@ -159,37 +151,36 @@ public class LoginController extends BaseController{ LoginInfo loginInfo = UserUtils.getLoginInfo(subject); if(loginInfo == null){ subject.logout(); - String queryString = request.getQueryString(); - queryString = queryString == null ? "" : "?" + queryString; - ServletUtils.redirectUrl(request, response, adminPath + "/login" + queryString); + redirectUrl(request, response, "/login"); return null; } // 当前用户对象信息 User user = UserUtils.get(loginInfo.getId()); if (user == null){ - UserUtils.getSubject().logout(); - String queryString = request.getQueryString(); - queryString = queryString == null ? "" : "?" + queryString; - ServletUtils.redirectUrl(request, response, adminPath + "/login" + queryString); + subject.logout(); + redirectUrl(request, response, "/login"); return null; } // 如果是登录操作,则初始化一些登录参数 - Session session = UserUtils.getSession(); + Session session = UserUtils.getSession(subject); boolean isLogin = Global.TRUE.equals(session.getAttribute(BaseAuthorizingRealm.IS_LOGIN_OPER)); if (isLogin){ - // 获取后接着清除,防止下次获取仍然认为是登录状态 + // 清除登录状态,防止下次调用误认为是登录 session.removeAttribute(BaseAuthorizingRealm.IS_LOGIN_OPER); + // 设置共享SessionId的Cookie值(第三方系统使用) String cookieName = Global.getProperty("session.shareSessionIdCookieName"); if (StringUtils.isNotBlank(cookieName)){ CookieUtils.setCookie(response, cookieName, (String)session.getId(), "/"); } + // 如果登录设置了语言,则切换语言 if (loginInfo.getParam("lang") != null){ Global.setLang(loginInfo.getParam("lang"), request, response); } + // 根据当前用户子系统,切换到默认系统下 for(Role role : user.getRoleList()) { if (role.getSysCodes() != null) { @@ -209,12 +200,10 @@ public class LoginController extends BaseController{ } } - // 验证下用户权限,以便调用doGetAuthorizationInfo方法,保存单点登录登出句柄 + // 验证下用户权限,以便调用doGetAuthorizationInfo方法 else if (!subject.isPermitted("user")){ subject.logout(); - String queryString = request.getQueryString(); - queryString = queryString == null ? "" : "?" + queryString; - ServletUtils.redirectUrl(request, response, adminPath + "/login" + queryString); + redirectUrl(request, response, "/login"); return null; } @@ -311,7 +300,16 @@ public class LoginController extends BaseController{ // 返回主页面视图 return "modules/sys/sysIndex"; } - + + /** + * 带参数跳转地址 + */ + private void redirectUrl(HttpServletRequest request, HttpServletResponse response, String url) { + String queryString = request.getQueryString(); + queryString = queryString == null ? "" : "?" + queryString; + ServletUtils.redirectUrl(request, response, adminPath + url + queryString); + } + /** * 侧边栏菜单数据 */