优化shiro.successUrl登录成功后跳转页面参数，支持ajax登录后跳转，sso下登录跳转

2018-07-22 21:22:13 +08:00
parent 4f8e2ccb4e
commit 5dfa01c421
3 changed files with 42 additions and 24 deletions
--- a/modules/core/src/main/java/com/jeesite/common/shiro/filter/LogoutFilter.java
+++ b/modules/core/src/main/java/com/jeesite/common/shiro/filter/LogoutFilter.java
@@ -39,17 +39,19 @@ public class LogoutFilter extends org.apache.shiro.web.filter.authc.LogoutFilter
 	        String redirectUrl = getRedirectUrl(request, response, subject);
 	        //try/catch added for SHIRO-298:
 	        try {
-	        	// 记录用户退出日志（@Deprecated v4.0.5支持setAuthorizingRealm，之后版本可删除此if子句）
+	        	Object principal = subject.getPrincipal();
-	        	if (authorizingRealm == null){
+	        	if (principal != null){
-		    		LogUtils.saveLog(UserUtils.getUser(), ServletUtils.getRequest(),
+	        		// 记录用户退出日志（@Deprecated v4.0.5支持setAuthorizingRealm，之后版本可删除此if子句）
-		    				"系统退出", Log.TYPE_LOGIN_LOGOUT);
+		        	if (authorizingRealm == null){
 			    		LogUtils.saveLog(UserUtils.getUser(), ServletUtils.getRequest(),
 			    				"系统退出", Log.TYPE_LOGIN_LOGOUT);
 		        	}
 		        	// 退出成功之前初始化授权信息并处理登录后的操作
 		        	else{
 		        		authorizingRealm.onLogoutSuccess((LoginInfo)subject.getPrincipal(),
 		        				(HttpServletRequest)request);
 		        	}
 	        	}
 	        	// 退出成功之前初始化授权信息并处理登录后的操作
 	        	else{
 	        		authorizingRealm.onLogoutSuccess((LoginInfo)subject.getPrincipal(),
 	        				(HttpServletRequest)request);
 	        	}
 	    		// 退出登录	
 	    		subject.logout();
 	        } catch (SessionException ise) {
--- a/modules/core/src/main/java/com/jeesite/modules/config/ShiroConfig.java
+++ b/modules/core/src/main/java/com/jeesite/modules/config/ShiroConfig.java
@@ -101,7 +101,7 @@ public class ShiroConfig {
 		ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
 		bean.setSecurityManager(securityManager);
 		bean.setLoginUrl(Global.getProperty("shiro.loginUrl"));
-		bean.setSuccessUrl(Global.getProperty("shiro.successUrl"));
+		bean.setSuccessUrl(Global.getProperty("adminPath")+"/index");
 		Map<String, Filter> filters = bean.getFilters();
 		filters.put("cas", shiroCasFilter(casAuthorizingRealm));
 		filters.put("authc", shiroAuthcFilter(authorizingRealm));
--- a/modules/core/src/main/java/com/jeesite/modules/sys/web/LoginController.java
+++ b/modules/core/src/main/java/com/jeesite/modules/sys/web/LoginController.java
@@ -231,29 +231,45 @@ public class LoginController extends BaseController{
 		//获取当前会话对象
 		Session session = UserUtils.getSession();
-		// 设置共享SessionId的Cookie值（第三方系统使用）
+		// 是否是登录操作
-		String cookieName = Global.getProperty("session.shareSessionIdCookieName");
+		boolean isLogin = "true".equals(loginInfo.getParam("__login"));
-		if (StringUtils.isNotBlank(cookieName)){
+		if (isLogin){
-			CookieUtils.setCookie((HttpServletResponse)response, cookieName, (String)session.getId());
+			// 获取后接着清除，防止下次获取仍然认为是登录状态
-		}
+			loginInfo.getParams().remove("__login");
-
+			// 设置共享SessionId的Cookie值（第三方系统使用）
-		// 如果是登录操作，则设置登录信息（移动端用）
+			String cookieName = Global.getProperty("session.shareSessionIdCookieName");
-		model.addAttribute("result", Global.TRUE);
+			if (StringUtils.isNotBlank(cookieName)){
-		if (request.getParameter("username") != null && request.getParameter("password") != null){
+				CookieUtils.setCookie((HttpServletResponse)response, cookieName, (String)session.getId());
 			}
 			// 如果登录设置了语言，则切换语言
 			if (loginInfo.getParam("lang") != null){
 				Global.setLang(loginInfo.getParam("lang"), request, response);
 			}
 			model.addAttribute("message", text("sys.login.success"));
 		}else{
 			model.addAttribute("message", text("sys.login.getInfo"));
 		}
-		model.addAttribute("sessionid", (String)session.getId());
+
 		// 获取登录成功页面
 		String successUrl = Global.getProperty("shiro.successUrl");
 		if (!StringUtils.contains(successUrl, "://")){
 			successUrl = request.getContextPath() + successUrl;
 		}
 		// 登录操作如果是Ajax操作，直接返回登录信息字符串。
 		if (ServletUtils.isAjaxRequest(request)){
 			model.addAttribute("result", Global.TRUE);
 			// 如果是登录，则返回登录成功信息，否则返回获取成功信息
 			if (isLogin){
 				model.addAttribute("message", text("sys.login.success"));
 			}else{
 				model.addAttribute("message", text("sys.login.getInfo"));
 			}
 			model.addAttribute("sessionid", (String)session.getId());
 			model.addAttribute("__url", successUrl); // 告诉浏览器登录后跳转的页面
 			return ServletUtils.renderObject(response, model);
 		}
 		// 如果是登录操作，则跳转到登录成功页
 		else if (isLogin){
 			return REDIRECT + successUrl;
 		}
 		// 是否允许刷新主页，如果已登录，再次访问主页，则退出原账号。
 		if (!ObjectUtils.toBoolean(Global.getConfig("shiro.isAllowRefreshIndex", "true"))){