From 10820bf441f5557ce4d9111891b12e21b3f56da4 Mon Sep 17 00:00:00 2001
From: thinkgem <thinkgem@163.com>
Date: Sun, 12 Oct 2025 14:07:28 +0800
Subject: [PATCH] =?UTF-8?q?=E7=99=BB=E5=BD=95=E6=88=90=E5=8A=9F=E5=92=8C?=
 =?UTF-8?q?=E9=80=80=E5=87=BA=E6=88=90=E5=8A=9F=E6=8E=A5=E5=8F=A3=EF=BC=8C?=
 =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E8=BF=94=E5=9B=9E=E5=80=BC?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../common/shiro/realm/AuthorizingRealm.java  | 43 ++++---------------
 .../shiro/realm/CasAuthorizingRealm.java      | 27 ++++++------
 .../shiro/realm/LdapAuthorizingRealm.java     | 38 +++-------------
 3 files changed, 28 insertions(+), 80 deletions(-)

diff --git a/modules/core/src/main/java/com/jeesite/common/shiro/realm/AuthorizingRealm.java b/modules/core/src/main/java/com/jeesite/common/shiro/realm/AuthorizingRealm.java
index 29904ced..688e8710 100644
--- a/modules/core/src/main/java/com/jeesite/common/shiro/realm/AuthorizingRealm.java
+++ b/modules/core/src/main/java/com/jeesite/common/shiro/realm/AuthorizingRealm.java
@@ -8,22 +8,16 @@ import com.jeesite.common.codec.EncodeUtils;
 import com.jeesite.common.codec.SM3Utils;
 import com.jeesite.common.codec.ShaUtils;
 import com.jeesite.common.config.Global;
-import com.jeesite.common.network.IpUtils;
 import com.jeesite.common.shiro.authc.FormToken;
-import com.jeesite.common.utils.SpringUtils;
 import com.jeesite.modules.sys.entity.Log;
 import com.jeesite.modules.sys.entity.User;
-import com.jeesite.modules.sys.service.UserService;
 import com.jeesite.modules.sys.utils.LogUtils;
-import com.jeesite.modules.sys.utils.UserUtils;
 import jakarta.servlet.http.HttpServletRequest;
 import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.authc.AuthenticationInfo;
 import org.apache.shiro.authc.AuthenticationToken;
 import org.apache.shiro.authz.AuthorizationInfo;
 
-import java.util.Date;
-
 /**
  * 系统认证授权实现类
  * @author ThinkGem
@@ -34,8 +28,6 @@ public class AuthorizingRealm extends BaseAuthorizingRealm  {
 	public static final int HASH_ITERATIONS = 1024;
 	public static final int SALT_SIZE = 8;
 
-	private UserService userService;
-	
 	public AuthorizingRealm() {
 		super();
 	}
@@ -115,38 +107,21 @@ public class AuthorizingRealm extends BaseAuthorizingRealm  {
 	}
 	
 	@Override
-	public void onLoginSuccess(LoginInfo loginInfo, HttpServletRequest request) {
-		super.onLoginSuccess(loginInfo, request);
-
-		// 更新登录IP、时间、会话ID等
-		User user = UserUtils.get(loginInfo.getId());
-		user.setOldLastLoginIp(user.getLastLoginIp());
-		user.setOldLastLoginDate(user.getLastLoginDate());
-		user.setLastLoginIp(IpUtils.getRemoteAddr(request));
-		user.setLastLoginDate(new Date());
-		getUserService().updateUserLoginInfo(user);
+	public User onLoginSuccess(LoginInfo loginInfo, HttpServletRequest request) {
+		User user = super.onLoginSuccess(loginInfo, request);
 
 		// 记录用户登录日志
 		LogUtils.saveLog(user, request, "系统登录", Log.TYPE_LOGIN_LOGOUT);
-
-		// 登录成功后，验证码计算器清零
-		BaseAuthorizingRealm.isValidCodeLogin(user.getLoginCode(), user.getCorpCode_(), loginInfo.getParam("deviceType"), "success");
+		return user;
 	}
-	
+
 	@Override
-	public void onLogoutSuccess(LoginInfo loginInfo, HttpServletRequest request) {
-		super.onLogoutSuccess(loginInfo, request);
-		
-		// 记录用户退出日志
-		User user = UserUtils.get(loginInfo.getId());
-		LogUtils.saveLog(user, request, "系统退出", Log.TYPE_LOGIN_LOGOUT);
-	}
+	public User onLogoutSuccess(LoginInfo loginInfo, HttpServletRequest request) {
+		User user = super.onLogoutSuccess(loginInfo, request);
 
-	public UserService getUserService() {
-		if (userService == null){
-			userService = SpringUtils.getBean(UserService.class);
-		}
-		return userService;
+		// 记录用户退出日志
+		LogUtils.saveLog(user, request, "系统退出", Log.TYPE_LOGIN_LOGOUT);
+		return user;
 	}
 	
 }
diff --git a/modules/core/src/main/java/com/jeesite/common/shiro/realm/CasAuthorizingRealm.java b/modules/core/src/main/java/com/jeesite/common/shiro/realm/CasAuthorizingRealm.java
index b1237959..59353805 100644
--- a/modules/core/src/main/java/com/jeesite/common/shiro/realm/CasAuthorizingRealm.java
+++ b/modules/core/src/main/java/com/jeesite/common/shiro/realm/CasAuthorizingRealm.java
@@ -17,7 +17,6 @@ import com.jeesite.modules.sys.entity.EmpUser;
 import com.jeesite.modules.sys.entity.Log;
 import com.jeesite.modules.sys.entity.User;
 import com.jeesite.modules.sys.service.EmpUserService;
-import com.jeesite.modules.sys.service.UserService;
 import com.jeesite.modules.sys.utils.LogUtils;
 import com.jeesite.modules.sys.utils.UserUtils;
 import jakarta.servlet.http.HttpServletRequest;
@@ -40,14 +39,13 @@ import java.util.Map;
  */
 @SuppressWarnings("deprecation")
 public class CasAuthorizingRealm extends BaseAuthorizingRealm  {
-
-	private UserService userService;
-	private EmpUserService empUserService;
 	
 	private CasOutHandler casOutHandler;
 	private String casServerUrl; 			// CAS 服务器地址
     private String casServerCallbackUrl; 	// CAS 服务器回调地址
     private TicketValidator ticketValidator;// CAS 令牌验证类
+
+	private EmpUserService empUserService;
 	
 	public CasAuthorizingRealm() {
 		super();
@@ -175,28 +173,27 @@ public class CasAuthorizingRealm extends BaseAuthorizingRealm  {
 	}
 	
 	@Override
-	public void onLoginSuccess(LoginInfo loginInfo, HttpServletRequest request) {
+	public User onLoginSuccess(LoginInfo loginInfo, HttpServletRequest request) {
+		User user = super.onLoginSuccess(loginInfo, request);
+
 		// 单点登录登出句柄（登录时注入session），在这之前必须获取下授权信息
 		String ticket = loginInfo.getParam("ticket");
 		casOutHandler.recordSession(request, ticket);
 		//System.out.print("__sid: "+request.getSession().getId());
 		//System.out.println(" == "+UserUtils.getSession().getId());
+
+		// 记录用户登录日志
+		LogUtils.saveLog(user, request, "系统登录", Log.TYPE_LOGIN_LOGOUT);
+		return user;
 	}
 	
 	@Override
-	public void onLogoutSuccess(LoginInfo loginInfo, HttpServletRequest request) {
-		super.onLogoutSuccess(loginInfo, request);
+	public User onLogoutSuccess(LoginInfo loginInfo, HttpServletRequest request) {
+		User user = super.onLogoutSuccess(loginInfo, request);
 		
 		// 记录用户退出日志
-		User user = UserUtils.get(loginInfo.getId());
 		LogUtils.saveLog(user, request, "系统退出", Log.TYPE_LOGIN_LOGOUT);
-	}
-
-	public UserService getUserService() {
-		if (userService == null){
-			userService = SpringUtils.getBean(UserService.class);
-		}
-		return userService;
+		return user;
 	}
 
 	public EmpUserService getEmpUserService() {
diff --git a/modules/core/src/main/java/com/jeesite/common/shiro/realm/LdapAuthorizingRealm.java b/modules/core/src/main/java/com/jeesite/common/shiro/realm/LdapAuthorizingRealm.java
index 7acb58a1..6529355d 100644
--- a/modules/core/src/main/java/com/jeesite/common/shiro/realm/LdapAuthorizingRealm.java
+++ b/modules/core/src/main/java/com/jeesite/common/shiro/realm/LdapAuthorizingRealm.java
@@ -6,14 +6,10 @@ package com.jeesite.common.shiro.realm;
 
 import com.jeesite.common.shiro.authc.FormToken;
 import com.jeesite.common.shiro.authc.LdapToken;
-import com.jeesite.common.utils.SpringUtils;
 import com.jeesite.common.web.http.ServletUtils;
 import com.jeesite.modules.sys.entity.Log;
 import com.jeesite.modules.sys.entity.User;
-import com.jeesite.modules.sys.service.EmpUserService;
-import com.jeesite.modules.sys.service.UserService;
 import com.jeesite.modules.sys.utils.LogUtils;
-import com.jeesite.modules.sys.utils.UserUtils;
 import jakarta.servlet.http.HttpServletRequest;
 import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.authc.AuthenticationInfo;
@@ -54,9 +50,6 @@ public class LdapAuthorizingRealm extends BaseAuthorizingRealm  {
      */
     private LdapContextFactory contextFactory;
 
-	private UserService userService;
-	private EmpUserService empUserService;
-
     /**
      * Default no-argument constructor that defaults the internal {@link LdapContextFactory} instance to a
      * {@link JndiLdapContextFactory}.
@@ -126,41 +119,24 @@ public class LdapAuthorizingRealm extends BaseAuthorizingRealm  {
 	}
 	
 	@Override
-	public void onLoginSuccess(LoginInfo loginInfo, HttpServletRequest request) {
-		super.onLoginSuccess(loginInfo, request);
+	public User onLoginSuccess(LoginInfo loginInfo, HttpServletRequest request) {
+		User user = super.onLoginSuccess(loginInfo, request);
 
 		//System.out.print("__sid: "+request.getSession().getId());
 		//System.out.println(" == "+UserUtils.getSession().getId());
-		
-		// 更新登录IP、时间、会话ID等
-		User user = UserUtils.get(loginInfo.getId());
-		getUserService().updateUserLoginInfo(user);
-		
+
 		// 记录用户登录日志
 		LogUtils.saveLog(user, ServletUtils.getRequest(), "系统登录", Log.TYPE_LOGIN_LOGOUT);
+		return user;
 	}
 	
 	@Override
-	public void onLogoutSuccess(LoginInfo loginInfo, HttpServletRequest request) {
-		super.onLogoutSuccess(loginInfo, request);
+	public User onLogoutSuccess(LoginInfo loginInfo, HttpServletRequest request) {
+		User user = super.onLogoutSuccess(loginInfo, request);
 		
 		// 记录用户退出日志
-		User user = UserUtils.get(loginInfo.getId());
 		LogUtils.saveLog(user, request, "系统退出", Log.TYPE_LOGIN_LOGOUT);
-	}
-
-	public UserService getUserService() {
-		if (userService == null){
-			userService = SpringUtils.getBean(UserService.class);
-		}
-		return userService;
-	}
-
-	public EmpUserService getEmpUserService() {
-		if (empUserService == null){
-			empUserService = SpringUtils.getBean(EmpUserService.class);
-		}
-		return empUserService;
+		return user;
 	}
 
     /**