manager/my-worker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

登录 subject.isPermitted("user") 调用2次,优化为1次

Browse Source
This commit is contained in:
thinkgem
2025-10-10 20:52:06 +08:00
parent 07b24e3685
commit 57e947e985
1 changed files with 15 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
modules/core/src/main/java/com/jeesite/modules/sys/web/LoginController.java
View File

@@ -19,7 +19,6 @@ import com.jeesite.modules.sys.entity.User;
import com.jeesite.modules.sys.utils.PwdUtils; import com.jeesite.modules.sys.utils.PwdUtils;
import com.jeesite.modules.sys.utils.UserUtils; import com.jeesite.modules.sys.utils.UserUtils;
import io.swagger.annotations.Api; import io.swagger.annotations.Api;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.annotation.RequiresPermissions; import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.session.Session; import org.apache.shiro.session.Session;
@@ -60,9 +59,9 @@ public class LoginController extends BaseController{
return null; return null;
} }
LoginInfo loginInfo = UserUtils.getLoginInfo();
// 如果已经登录,则跳转到管理首页 // 如果已经登录,则跳转到管理首页
Subject subject = UserUtils.getSubject();
LoginInfo loginInfo = UserUtils.getLoginInfo(subject);
if(loginInfo != null){ if(loginInfo != null){
String queryString = request.getQueryString(); String queryString = request.getQueryString();
queryString = queryString == null ? "" : "?" + queryString; queryString = queryString == null ? "" : "?" + queryString;
@@ -155,18 +154,9 @@ public class LoginController extends BaseController{
return null; return null;
} }
// 验证下用户权限以便调用doGetAuthorizationInfo方法保存单点登录登出句柄
Subject subject = SecurityUtils.getSubject();
if (!subject.isPermitted("user")){
subject.logout();
String queryString = request.getQueryString();
queryString = queryString == null ? "" : "?" + queryString;
ServletUtils.redirectUrl(request, response, adminPath + "/login" + queryString);
return null;
}
// 获取登录用户信息未加载shiro模块时会为空直接访问则提示操作权限不足。 // 获取登录用户信息未加载shiro模块时会为空直接访问则提示操作权限不足。
LoginInfo loginInfo = UserUtils.getLoginInfo(); Subject subject = UserUtils.getSubject();
LoginInfo loginInfo = UserUtils.getLoginInfo(subject);
if(loginInfo == null){ if(loginInfo == null){
subject.logout(); subject.logout();
String queryString = request.getQueryString(); String queryString = request.getQueryString();
@@ -174,7 +164,7 @@ public class LoginController extends BaseController{
ServletUtils.redirectUrl(request, response, adminPath + "/login" + queryString); ServletUtils.redirectUrl(request, response, adminPath + "/login" + queryString);
return null; return null;
} }
// 当前用户对象信息 // 当前用户对象信息
User user = UserUtils.get(loginInfo.getId()); User user = UserUtils.get(loginInfo.getId());
if (user == null){ if (user == null){
@@ -219,6 +209,15 @@ public class LoginController extends BaseController{
} }
} }
// 验证下用户权限以便调用doGetAuthorizationInfo方法保存单点登录登出句柄
else if (!subject.isPermitted("user")){
subject.logout();
String queryString = request.getQueryString();
queryString = queryString == null ? "" : "?" + queryString;
ServletUtils.redirectUrl(request, response, adminPath + "/login" + queryString);
return null;
}
// 获取当前会话对象,并返回一些数据 // 获取当前会话对象,并返回一些数据
if (!StringUtils.equals(request.getParameter("__be"), Global.YES)) { if (!StringUtils.equals(request.getParameter("__be"), Global.YES)) {
model.addAllAttributes(FormFilter.getLoginSuccessData(request, response, user, session)); model.addAllAttributes(FormFilter.getLoginSuccessData(request, response, user, session));
@@ -283,7 +282,7 @@ public class LoginController extends BaseController{
try { try {
request.getRequestDispatcher(passwordModifyUrl).forward(request, response); request.getRequestDispatcher(passwordModifyUrl).forward(request, response);
} catch (Exception e) { } catch (Exception e) {
e.printStackTrace(); logger.error(e.getMessage(), e);
} }
return null; return null;
} }