From d9b554547b4a2fe1dd86ffa2a6bb55c1f9877908 Mon Sep 17 00:00:00 2001 From: thinkgem Date: Fri, 10 Oct 2025 20:52:22 +0800 Subject: [PATCH] =?UTF-8?q?=E7=99=BB=E5=BD=95=20subject.isPermitted("user"?= =?UTF-8?q?)=20=E8=B0=83=E7=94=A82=E6=AC=A1=EF=BC=8C=E4=BC=98=E5=8C=96?= =?UTF-8?q?=E4=B8=BA1=E6=AC=A1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../modules/sys/web/LoginController.java | 29 +++++++++---------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/modules/core/src/main/java/com/jeesite/modules/sys/web/LoginController.java b/modules/core/src/main/java/com/jeesite/modules/sys/web/LoginController.java index b39ff714..c194246c 100644 --- a/modules/core/src/main/java/com/jeesite/modules/sys/web/LoginController.java +++ b/modules/core/src/main/java/com/jeesite/modules/sys/web/LoginController.java @@ -21,7 +21,6 @@ import com.jeesite.modules.sys.utils.UserUtils; import io.swagger.v3.oas.annotations.tags.Tag; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; -import org.apache.shiro.SecurityUtils; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.annotation.RequiresPermissions; import org.apache.shiro.session.Session; @@ -60,9 +59,9 @@ public class LoginController extends BaseController{ return null; } - LoginInfo loginInfo = UserUtils.getLoginInfo(); - // 如果已经登录,则跳转到管理首页 + Subject subject = UserUtils.getSubject(); + LoginInfo loginInfo = UserUtils.getLoginInfo(subject); if(loginInfo != null){ String queryString = request.getQueryString(); queryString = queryString == null ? "" : "?" + queryString; @@ -155,18 +154,9 @@ public class LoginController extends BaseController{ return null; } - // 验证下用户权限,以便调用doGetAuthorizationInfo方法,保存单点登录登出句柄 - Subject subject = SecurityUtils.getSubject(); - if (!subject.isPermitted("user")){ - subject.logout(); - String queryString = request.getQueryString(); - queryString = queryString == null ? "" : "?" + queryString; - ServletUtils.redirectUrl(request, response, adminPath + "/login" + queryString); - return null; - } - // 获取登录用户信息,未加载shiro模块时会为空,直接访问则提示操作权限不足。 - LoginInfo loginInfo = UserUtils.getLoginInfo(); + Subject subject = UserUtils.getSubject(); + LoginInfo loginInfo = UserUtils.getLoginInfo(subject); if(loginInfo == null){ subject.logout(); String queryString = request.getQueryString(); @@ -174,7 +164,7 @@ public class LoginController extends BaseController{ ServletUtils.redirectUrl(request, response, adminPath + "/login" + queryString); return null; } - + // 当前用户对象信息 User user = UserUtils.get(loginInfo.getId()); if (user == null){ @@ -219,6 +209,15 @@ public class LoginController extends BaseController{ } } + // 验证下用户权限,以便调用doGetAuthorizationInfo方法,保存单点登录登出句柄 + else if (!subject.isPermitted("user")){ + subject.logout(); + String queryString = request.getQueryString(); + queryString = queryString == null ? "" : "?" + queryString; + ServletUtils.redirectUrl(request, response, adminPath + "/login" + queryString); + return null; + } + // 获取当前会话对象,并返回一些数据 if (!StringUtils.equals(request.getParameter("__be"), Global.YES)) { model.addAllAttributes(FormFilter.getLoginSuccessData(request, response, user, session));