use of com.baidu.disconf.web.service.user.dto.Visitor in project disconf by knightliao.
the class LoginInterceptor method preHandle.
/**
* 采用两级缓存。先访问session,<br/>
* 如果存在,则直接使用,并更新 threadlocal <br/>
* 如果不存在,则访问 redis,<br/>
* 如果redis存在,则更新session和threadlocal<br/>
* 如果redis也不存在,则认为没有登录
*/
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
//
// 去掉不需拦截的path
//
String requestPath = request.getRequestURI();
// 显示所有用户的请求
LOG.info(request.getRequestURI());
if (notInterceptPathList != null) {
// 更精确的定位
for (String path : notInterceptPathList) {
if (requestPath.contains(path)) {
return true;
}
}
}
/**
* 种植Cookie
*/
plantCookie(request, response);
/**
* 登录与否判断
*/
//
// 判断session中是否有visitor
//
HttpSession session = request.getSession();
Visitor visitor = (Visitor) session.getAttribute(UserConstant.USER_KEY);
//
if (visitor == null) {
Visitor redisVisitor = redisLogin.isLogin(request);
//
if (redisVisitor != null) {
// 更新session中的登录信息
redisLogin.updateSessionVisitor(session, redisVisitor);
} else {
// 还是没有登录
returnJsonSystemError(request, response, "login.error", ErrorCode.LOGIN_ERROR);
return false;
}
} else {
// 每次都更新session中的登录信息
redisLogin.updateSessionVisitor(session, visitor);
}
return true;
}
use of com.baidu.disconf.web.service.user.dto.Visitor in project disconf by knightliao.
the class RedisLoginImpl method login.
/**
* 登录
*/
@Override
public void login(HttpServletRequest request, User user, int expireTime) {
Visitor visitor = new Visitor();
//
//
//
visitor.setId(user.getId());
visitor.setLoginUserId(user.getId());
visitor.setLoginUserName(user.getName());
visitor.setRoleId(user.getRoleId());
visitor.setAppIds(user.getOwnApps());
//
// 更新session
//
updateSessionVisitor(request.getSession(), visitor);
//
// 更新Redis数据
//
updateRedisVisitor(visitor, request, expireTime);
}
use of com.baidu.disconf.web.service.user.dto.Visitor in project disconf by knightliao.
the class LogMailBean method sendHtmlEmail.
/**
* 发送HTML邮箱
*
* @return
*/
public boolean sendHtmlEmail(String toEmail, String title, String content) {
LOG.info("send to " + toEmail);
LOG.info("title: " + title);
LOG.info("content" + content);
if (StringUtils.isBlank(toEmail)) {
return false;
}
String localName = "";
Visitor visitor = ThreadContext.getSessionVisitor();
if (visitor != null) {
LOG.info(visitor.toString());
localName += visitor.getLoginUserName() + " ";
}
try {
InetAddress addr = InetAddress.getLocalHost();
localName += addr.getHostName().toString();
} catch (UnknownHostException e) {
LOG.warn("When send alarm mail,we can't get hostname", e);
}
String mailTitle = localName + "/" + getSystemDate();
int len = 0;
int lenLimit = ALARM_MAIL_TITLE_LENGTH;
if (title != null) {
len = title.length();
if (len > lenLimit) {
len = lenLimit;
}
mailTitle += title.substring(0, len);
}
String mailTo = toEmail;
String mailFrom = emailProperties.getFromEmail();
String[] mailToList = mailTo.split(";");
if (content == null) {
return false;
} else {
try {
mailBean.sendHtmlMail(mailFrom, mailToList, mailTitle, content);
} catch (Exception e) {
LOG.error("When send alarm mail,we can't send it", e);
return false;
}
}
return true;
}
use of com.baidu.disconf.web.service.user.dto.Visitor in project disconf by knightliao.
the class LogMailBean method sendLogExceptionEmail.
/**
*/
public void sendLogExceptionEmail(String message, Throwable e) {
StringBuffer titleBuffer = new StringBuffer();
StringBuffer logInfo = new StringBuffer();
StringBuffer mailInfo = new StringBuffer();
//
// 确定 标题
//
Visitor visitor = ThreadContext.getSessionVisitor();
if (null != visitor) {
titleBuffer.append("Current Login UcId: " + visitor.getId());
titleBuffer.append(" ");
}
if (message != null) {
titleBuffer.append(message);
} else if (e != null && e.getMessage() != null) {
titleBuffer.append(e.getMessage());
}
String title = titleBuffer.toString();
String systemDate = getSystemDate();
logInfo.append(systemDate);
logInfo.append("\t");
logInfo.append(title);
mailInfo.append(systemDate);
mailInfo.append("\t");
mailInfo.append(title);
if (null != e) {
logInfo.append("\n");
logInfo.append(getExceptionInfo(e, systemDate, "\n", "\t"));
mailInfo.append("<br>");
mailInfo.append(getExceptionInfo(e, systemDate, "<br>", "\t"));
}
sendErrorMail(mailInfo.toString(), title);
}
use of com.baidu.disconf.web.service.user.dto.Visitor in project disconf by knightliao.
the class RoleResourceAspect method decideAccess.
/**
* 判断当前用户对访问的方法是否有权限
*
* @param pjp 方法
* @param requestMapping 方法上的annotation
*
* @return
*
* @throws Throwable
*/
@Around("anyPublicMethod() && @annotation(requestMapping) && !@annotation(com.baidu.dsp.common.annotation.NoAuth)")
public Object decideAccess(ProceedingJoinPoint pjp, RequestMapping requestMapping) throws Throwable {
// 获取method上的url,若未标注value则默认为空字符串
String[] values = requestMapping.value();
String methodUrl = "";
if (values.length != 0) {
methodUrl = values[0];
}
String clsUrl = pjp.getTarget().getClass().getAnnotation(RequestMapping.class).value()[0];
// 拼接method和class上标注的url
if (!clsUrl.endsWith(RoleResourceConstant.URL_SPLITOR) && !methodUrl.startsWith(RoleResourceConstant.URL_SPLITOR)) {
clsUrl += RoleResourceConstant.URL_SPLITOR;
}
String urlPattarn = clsUrl + methodUrl;
if (!urlPattarn.endsWith(RoleResourceConstant.URL_SPLITOR)) {
urlPattarn += RoleResourceConstant.URL_SPLITOR;
}
if (noAuthCheckUrl != null && noAuthCheckUrl.contains(urlPattarn)) {
LOG.info("don't need to check this url: " + urlPattarn);
} else {
// 获取method上标注的http method,若未标注method则默认为GET
RequestMethod[] methods = requestMapping.method();
RequestMethod methodType = RequestMethod.GET;
if (methods.length != 0) {
methodType = methods[0];
}
String urlInfo = urlPattarn + ", method:" + methodType.toString();
// 获取用户角色
Visitor visitor = ThreadContext.getSessionVisitor();
if (visitor == null) {
LOG.warn("No session visitor!");
throw new AccessDeniedException("No session visitor! " + urlInfo);
}
Integer roleId = visitor.getRoleId();
String visitorInfo = ", UserId:" + visitor.getId() + ", RoleId:" + roleId;
Boolean isPriviledged = true;
// 判断用户是否有权限访问方法
if (!this.isMethodAccessible(urlPattarn, methodType, roleId)) {
isPriviledged = false;
throw new AccessDeniedException("Access Denied: " + urlInfo + visitorInfo);
}
LOG.info("Accessing URL:" + urlInfo + visitorInfo + ", Is priviledged:" + isPriviledged.toString());
}
Object rtnOb = null;
try {
// 执行方法
rtnOb = pjp.proceed();
} catch (Throwable t) {
LOG.info(t.getMessage());
throw t;
}
return rtnOb;
}
Aggregations