优化登录逻辑,性能提升
This commit is contained in:
thinkgem
@@ -269,17 +269,17 @@ public class FormFilter extends org.apache.shiro.web.filter.authc.FormAuthentica
|
||||
if (Global.getPropertyToBoolean("shiro.isGenerateNewSessionAfterLogin", "false")){
|
||||
String[] keys = new String[] { ValidCodeUtils.VALID_CODE };
|
||||
Map<String, Object> attrMap = MapUtils.newHashMap();
|
||||
final Session sessionOld = UserUtils.getSession();
|
||||
final Session oldSession = UserUtils.getSession();
|
||||
for (String key : keys) {
|
||||
Object value = sessionOld.getAttribute(key);
|
||||
Object value = oldSession.getAttribute(key);
|
||||
if (value != null) {
|
||||
attrMap.put(key, value);
|
||||
}
|
||||
}
|
||||
UserUtils.getSubject().logout();
|
||||
// 恢复生成新的Session之前的Session数据
|
||||
final Session sessionNew = UserUtils.getSession();
|
||||
attrMap.forEach(sessionNew::setAttribute);
|
||||
final Session newSession = UserUtils.getSession();
|
||||
attrMap.forEach(newSession::setAttribute);
|
||||
}
|
||||
return super.executeLogin(request, response);
|
||||
}
|
||||
@@ -291,13 +291,15 @@ public class FormFilter extends org.apache.shiro.web.filter.authc.FormAuthentica
|
||||
try {
|
||||
return instance.onLoginSuccess(null, null, request, response);
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
logger.error(e.getMessage(), e);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* 登录成功调用事件
|
||||
* @param token 通过 onLoginSuccess 静态方法调用时可能为空
|
||||
* @param subject 通过 onLoginSuccess 静态方法调用时可能为空
|
||||
*/
|
||||
@Override
|
||||
protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest servletRequest, ServletResponse response) throws Exception {
|
||||
@@ -316,16 +318,18 @@ public class FormFilter extends org.apache.shiro.web.filter.authc.FormAuthentica
|
||||
/**
|
||||
* 登录失败调用事件(静态方便其他位置调用)
|
||||
*/
|
||||
@SuppressWarnings("UnusedReturnValue")
|
||||
public static boolean onLoginFailure(AuthenticationException e, HttpServletRequest request, HttpServletResponse response) {
|
||||
return instance.onLoginFailure(null, e, request, response);
|
||||
}
|
||||
|
||||
/**
|
||||
* 登录失败调用事件
|
||||
* @param token 通过 onLoginFailure 静态方法调用时可能为空
|
||||
*/
|
||||
@Override
|
||||
protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) {
|
||||
String message = StringUtils.EMPTY;
|
||||
String message;
|
||||
if (e.getMessage() != null && StringUtils.startsWith(e.getMessage(), "msg:")) {
|
||||
message = StringUtils.replace(e.getMessage(), "msg:", "");
|
||||
} else if (e instanceof IncorrectCredentialsException || e instanceof UnknownAccountException) {
|
||||
|
||||
@@ -8,6 +8,7 @@ import com.jeesite.common.codec.EncodeUtils;
|
||||
import com.jeesite.common.codec.SM3Utils;
|
||||
import com.jeesite.common.codec.ShaUtils;
|
||||
import com.jeesite.common.config.Global;
|
||||
import com.jeesite.common.network.IpUtils;
|
||||
import com.jeesite.common.shiro.authc.FormToken;
|
||||
import com.jeesite.common.utils.SpringUtils;
|
||||
import com.jeesite.modules.sys.entity.Log;
|
||||
@@ -20,8 +21,8 @@ import org.apache.shiro.authc.AuthenticationException;
|
||||
import org.apache.shiro.authc.AuthenticationInfo;
|
||||
import org.apache.shiro.authc.AuthenticationToken;
|
||||
import org.apache.shiro.authz.AuthorizationInfo;
|
||||
import org.apache.shiro.session.Session;
|
||||
import org.apache.shiro.subject.Subject;
|
||||
|
||||
import java.util.Date;
|
||||
|
||||
/**
|
||||
* 系统认证授权实现类
|
||||
@@ -70,8 +71,8 @@ public class AuthorizingRealm extends BaseAuthorizingRealm {
|
||||
* 获取用户授权信息,默认返回类型 SimpleAuthorizationInfo
|
||||
*/
|
||||
@Override
|
||||
protected AuthorizationInfo doGetAuthorizationInfo(LoginInfo loginInfo, Subject subject, Session session, User user) {
|
||||
return super.doGetAuthorizationInfo(loginInfo, subject, session, user);
|
||||
protected AuthorizationInfo doGetAuthorizationInfo(LoginInfo loginInfo, User user) {
|
||||
return super.doGetAuthorizationInfo(loginInfo, user);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -116,13 +117,20 @@ public class AuthorizingRealm extends BaseAuthorizingRealm {
|
||||
@Override
|
||||
public void onLoginSuccess(LoginInfo loginInfo, HttpServletRequest request) {
|
||||
super.onLoginSuccess(loginInfo, request);
|
||||
|
||||
|
||||
// 更新登录IP、时间、会话ID等
|
||||
User user = UserUtils.get(loginInfo.getId());
|
||||
user.setOldLastLoginIp(user.getLastLoginIp());
|
||||
user.setOldLastLoginDate(user.getLastLoginDate());
|
||||
user.setLastLoginIp(IpUtils.getRemoteAddr(request));
|
||||
user.setLastLoginDate(new Date());
|
||||
getUserService().updateUserLoginInfo(user);
|
||||
|
||||
|
||||
// 记录用户登录日志
|
||||
LogUtils.saveLog(user, request, "系统登录", Log.TYPE_LOGIN_LOGOUT);
|
||||
|
||||
// 登录成功后,验证码计算器清零
|
||||
BaseAuthorizingRealm.isValidCodeLogin(user.getLoginCode(), user.getCorpCode_(), loginInfo.getParam("deviceType"), "success");
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@@ -25,8 +25,6 @@ import org.apache.shiro.realm.ldap.DefaultLdapRealm;
|
||||
import org.apache.shiro.realm.ldap.JndiLdapContextFactory;
|
||||
import org.apache.shiro.realm.ldap.LdapContextFactory;
|
||||
import org.apache.shiro.realm.ldap.LdapUtils;
|
||||
import org.apache.shiro.session.Session;
|
||||
import org.apache.shiro.subject.Subject;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.util.StringUtils;
|
||||
@@ -123,8 +121,8 @@ public class LdapAuthorizingRealm extends BaseAuthorizingRealm {
|
||||
}
|
||||
|
||||
@Override
|
||||
protected AuthorizationInfo doGetAuthorizationInfo(LoginInfo loginInfo, Subject subject, Session session, User user) {
|
||||
return super.doGetAuthorizationInfo(loginInfo, subject, session, user);
|
||||
protected AuthorizationInfo doGetAuthorizationInfo(LoginInfo loginInfo, User user) {
|
||||
return super.doGetAuthorizationInfo(loginInfo, user);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@@ -53,9 +53,7 @@ public class LoginController extends BaseController{
|
||||
public String login(HttpServletRequest request, HttpServletResponse response, Model model) {
|
||||
// 地址中如果包含JSESSIONID,则跳转一次,去掉JSESSIONID信息。
|
||||
if (StringUtils.containsIgnoreCase(request.getRequestURI(), ";JSESSIONID=")){
|
||||
String queryString = request.getQueryString();
|
||||
queryString = queryString == null ? "" : "?" + queryString;
|
||||
ServletUtils.redirectUrl(request, response, adminPath + "/login" + queryString);
|
||||
redirectUrl(request, response, "/login");
|
||||
return null;
|
||||
}
|
||||
|
||||
@@ -63,9 +61,7 @@ public class LoginController extends BaseController{
|
||||
Subject subject = UserUtils.getSubject();
|
||||
LoginInfo loginInfo = UserUtils.getLoginInfo(subject);
|
||||
if(loginInfo != null){
|
||||
String queryString = request.getQueryString();
|
||||
queryString = queryString == null ? "" : "?" + queryString;
|
||||
ServletUtils.redirectUrl(request, response, adminPath + "/index" + queryString);
|
||||
redirectUrl(request, response, "/index");
|
||||
return null;
|
||||
}
|
||||
|
||||
@@ -109,12 +105,10 @@ public class LoginController extends BaseController{
|
||||
// // 如果已经登录,则跳转到管理首页
|
||||
// LoginInfo loginInfo = UserUtils.getLoginInfo();
|
||||
// if(loginInfo != null){ // 注释掉,已经登录的账号,正常返回登录失败信息,方便前端判断。
|
||||
// String queryString = request.getQueryString();
|
||||
// queryString = queryString == null ? "" : "?" + queryString;
|
||||
// ServletUtils.redirectUrl(request, response, adminPath + "/index" + queryString);
|
||||
// redirectUrl(request, response, "/index");
|
||||
// return null;
|
||||
// }
|
||||
|
||||
|
||||
// 获取登录失败数据
|
||||
model.addAllAttributes(FormFilter.getLoginFailureData(request, response));
|
||||
|
||||
@@ -148,9 +142,7 @@ public class LoginController extends BaseController{
|
||||
public String index(HttpServletRequest request, HttpServletResponse response, Model model) {
|
||||
// 地址中如果包含JSESSIONID,则跳转一次,去掉JSESSIONID信息。
|
||||
if (StringUtils.containsIgnoreCase(request.getRequestURI(), ";JSESSIONID=")){
|
||||
String queryString = request.getQueryString();
|
||||
queryString = queryString == null ? "" : "?" + queryString;
|
||||
ServletUtils.redirectUrl(request, response, adminPath + "/index" + queryString);
|
||||
redirectUrl(request, response, "/index");
|
||||
return null;
|
||||
}
|
||||
|
||||
@@ -159,37 +151,36 @@ public class LoginController extends BaseController{
|
||||
LoginInfo loginInfo = UserUtils.getLoginInfo(subject);
|
||||
if(loginInfo == null){
|
||||
subject.logout();
|
||||
String queryString = request.getQueryString();
|
||||
queryString = queryString == null ? "" : "?" + queryString;
|
||||
ServletUtils.redirectUrl(request, response, adminPath + "/login" + queryString);
|
||||
redirectUrl(request, response, "/login");
|
||||
return null;
|
||||
}
|
||||
|
||||
// 当前用户对象信息
|
||||
User user = UserUtils.get(loginInfo.getId());
|
||||
if (user == null){
|
||||
UserUtils.getSubject().logout();
|
||||
String queryString = request.getQueryString();
|
||||
queryString = queryString == null ? "" : "?" + queryString;
|
||||
ServletUtils.redirectUrl(request, response, adminPath + "/login" + queryString);
|
||||
subject.logout();
|
||||
redirectUrl(request, response, "/login");
|
||||
return null;
|
||||
}
|
||||
|
||||
// 如果是登录操作,则初始化一些登录参数
|
||||
Session session = UserUtils.getSession();
|
||||
Session session = UserUtils.getSession(subject);
|
||||
boolean isLogin = Global.TRUE.equals(session.getAttribute(BaseAuthorizingRealm.IS_LOGIN_OPER));
|
||||
if (isLogin){
|
||||
// 获取后接着清除,防止下次获取仍然认为是登录状态
|
||||
// 清除登录状态,防止下次调用误认为是登录
|
||||
session.removeAttribute(BaseAuthorizingRealm.IS_LOGIN_OPER);
|
||||
|
||||
// 设置共享SessionId的Cookie值(第三方系统使用)
|
||||
String cookieName = Global.getProperty("session.shareSessionIdCookieName");
|
||||
if (StringUtils.isNotBlank(cookieName)){
|
||||
CookieUtils.setCookie(response, cookieName, (String)session.getId(), "/");
|
||||
}
|
||||
|
||||
// 如果登录设置了语言,则切换语言
|
||||
if (loginInfo.getParam("lang") != null){
|
||||
Global.setLang(loginInfo.getParam("lang"), request, response);
|
||||
}
|
||||
|
||||
// 根据当前用户子系统,切换到默认系统下
|
||||
for(Role role : user.getRoleList()) {
|
||||
if (role.getSysCodes() != null) {
|
||||
@@ -209,12 +200,10 @@ public class LoginController extends BaseController{
|
||||
}
|
||||
}
|
||||
|
||||
// 验证下用户权限,以便调用doGetAuthorizationInfo方法,保存单点登录登出句柄
|
||||
// 验证下用户权限,以便调用doGetAuthorizationInfo方法
|
||||
else if (!subject.isPermitted("user")){
|
||||
subject.logout();
|
||||
String queryString = request.getQueryString();
|
||||
queryString = queryString == null ? "" : "?" + queryString;
|
||||
ServletUtils.redirectUrl(request, response, adminPath + "/login" + queryString);
|
||||
redirectUrl(request, response, "/login");
|
||||
return null;
|
||||
}
|
||||
|
||||
@@ -311,7 +300,16 @@ public class LoginController extends BaseController{
|
||||
// 返回主页面视图
|
||||
return "modules/sys/sysIndex";
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* 带参数跳转地址
|
||||
*/
|
||||
private void redirectUrl(HttpServletRequest request, HttpServletResponse response, String url) {
|
||||
String queryString = request.getQueryString();
|
||||
queryString = queryString == null ? "" : "?" + queryString;
|
||||
ServletUtils.redirectUrl(request, response, adminPath + url + queryString);
|
||||
}
|
||||
|
||||
/**
|
||||
* 侧边栏菜单数据
|
||||
*/
|
||||
|
||||
Reference in New Issue
Block a user