Search in sources :

Example 1 with Visitor

use of com.baidu.disconf.web.service.user.dto.Visitor in project disconf by knightliao.

the class LoginInterceptor method preHandle.

/**
 * 采用两级缓存。先访问session,<br/>
 * 如果存在,则直接使用,并更新 threadlocal <br/>
 * 如果不存在,则访问 redis,<br/>
 * 如果redis存在,则更新session和threadlocal<br/>
 * 如果redis也不存在,则认为没有登录
 */
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
    // 
    // 去掉不需拦截的path
    // 
    String requestPath = request.getRequestURI();
    // 显示所有用户的请求
    LOG.info(request.getRequestURI());
    if (notInterceptPathList != null) {
        // 更精确的定位
        for (String path : notInterceptPathList) {
            if (requestPath.contains(path)) {
                return true;
            }
        }
    }
    /**
     * 种植Cookie
     */
    plantCookie(request, response);
    /**
     * 登录与否判断
     */
    // 
    // 判断session中是否有visitor
    // 
    HttpSession session = request.getSession();
    Visitor visitor = (Visitor) session.getAttribute(UserConstant.USER_KEY);
    // 
    if (visitor == null) {
        Visitor redisVisitor = redisLogin.isLogin(request);
        // 
        if (redisVisitor != null) {
            // 更新session中的登录信息
            redisLogin.updateSessionVisitor(session, redisVisitor);
        } else {
            // 还是没有登录
            returnJsonSystemError(request, response, "login.error", ErrorCode.LOGIN_ERROR);
            return false;
        }
    } else {
        // 每次都更新session中的登录信息
        redisLogin.updateSessionVisitor(session, visitor);
    }
    return true;
}
Also used : Visitor(com.baidu.disconf.web.service.user.dto.Visitor) HttpSession(javax.servlet.http.HttpSession)

Example 2 with Visitor

use of com.baidu.disconf.web.service.user.dto.Visitor in project disconf by knightliao.

the class RedisLoginImpl method login.

/**
 * 登录
 */
@Override
public void login(HttpServletRequest request, User user, int expireTime) {
    Visitor visitor = new Visitor();
    // 
    // 
    // 
    visitor.setId(user.getId());
    visitor.setLoginUserId(user.getId());
    visitor.setLoginUserName(user.getName());
    visitor.setRoleId(user.getRoleId());
    visitor.setAppIds(user.getOwnApps());
    // 
    // 更新session
    // 
    updateSessionVisitor(request.getSession(), visitor);
    // 
    // 更新Redis数据
    // 
    updateRedisVisitor(visitor, request, expireTime);
}
Also used : Visitor(com.baidu.disconf.web.service.user.dto.Visitor)

Example 3 with Visitor

use of com.baidu.disconf.web.service.user.dto.Visitor in project disconf by knightliao.

the class LogMailBean method sendHtmlEmail.

/**
 * 发送HTML邮箱
 *
 * @return
 */
public boolean sendHtmlEmail(String toEmail, String title, String content) {
    LOG.info("send to " + toEmail);
    LOG.info("title: " + title);
    LOG.info("content" + content);
    if (StringUtils.isBlank(toEmail)) {
        return false;
    }
    String localName = "";
    Visitor visitor = ThreadContext.getSessionVisitor();
    if (visitor != null) {
        LOG.info(visitor.toString());
        localName += visitor.getLoginUserName() + " ";
    }
    try {
        InetAddress addr = InetAddress.getLocalHost();
        localName += addr.getHostName().toString();
    } catch (UnknownHostException e) {
        LOG.warn("When send alarm mail,we can't get hostname", e);
    }
    String mailTitle = localName + "/" + getSystemDate();
    int len = 0;
    int lenLimit = ALARM_MAIL_TITLE_LENGTH;
    if (title != null) {
        len = title.length();
        if (len > lenLimit) {
            len = lenLimit;
        }
        mailTitle += title.substring(0, len);
    }
    String mailTo = toEmail;
    String mailFrom = emailProperties.getFromEmail();
    String[] mailToList = mailTo.split(";");
    if (content == null) {
        return false;
    } else {
        try {
            mailBean.sendHtmlMail(mailFrom, mailToList, mailTitle, content);
        } catch (Exception e) {
            LOG.error("When send alarm mail,we can't send it", e);
            return false;
        }
    }
    return true;
}
Also used : Visitor(com.baidu.disconf.web.service.user.dto.Visitor) UnknownHostException(java.net.UnknownHostException) InetAddress(java.net.InetAddress) UnknownHostException(java.net.UnknownHostException)

Example 4 with Visitor

use of com.baidu.disconf.web.service.user.dto.Visitor in project disconf by knightliao.

the class LogMailBean method sendLogExceptionEmail.

/**
 */
public void sendLogExceptionEmail(String message, Throwable e) {
    StringBuffer titleBuffer = new StringBuffer();
    StringBuffer logInfo = new StringBuffer();
    StringBuffer mailInfo = new StringBuffer();
    // 
    // 确定 标题
    // 
    Visitor visitor = ThreadContext.getSessionVisitor();
    if (null != visitor) {
        titleBuffer.append("Current Login UcId: " + visitor.getId());
        titleBuffer.append(" ");
    }
    if (message != null) {
        titleBuffer.append(message);
    } else if (e != null && e.getMessage() != null) {
        titleBuffer.append(e.getMessage());
    }
    String title = titleBuffer.toString();
    String systemDate = getSystemDate();
    logInfo.append(systemDate);
    logInfo.append("\t");
    logInfo.append(title);
    mailInfo.append(systemDate);
    mailInfo.append("\t");
    mailInfo.append(title);
    if (null != e) {
        logInfo.append("\n");
        logInfo.append(getExceptionInfo(e, systemDate, "\n", "\t"));
        mailInfo.append("<br>");
        mailInfo.append(getExceptionInfo(e, systemDate, "<br>", "\t"));
    }
    sendErrorMail(mailInfo.toString(), title);
}
Also used : Visitor(com.baidu.disconf.web.service.user.dto.Visitor)

Example 5 with Visitor

use of com.baidu.disconf.web.service.user.dto.Visitor in project disconf by knightliao.

the class RoleResourceAspect method decideAccess.

/**
 * 判断当前用户对访问的方法是否有权限
 *
 * @param pjp            方法
 * @param requestMapping 方法上的annotation
 *
 * @return
 *
 * @throws Throwable
 */
@Around("anyPublicMethod() && @annotation(requestMapping) && !@annotation(com.baidu.dsp.common.annotation.NoAuth)")
public Object decideAccess(ProceedingJoinPoint pjp, RequestMapping requestMapping) throws Throwable {
    // 获取method上的url,若未标注value则默认为空字符串
    String[] values = requestMapping.value();
    String methodUrl = "";
    if (values.length != 0) {
        methodUrl = values[0];
    }
    String clsUrl = pjp.getTarget().getClass().getAnnotation(RequestMapping.class).value()[0];
    // 拼接method和class上标注的url
    if (!clsUrl.endsWith(RoleResourceConstant.URL_SPLITOR) && !methodUrl.startsWith(RoleResourceConstant.URL_SPLITOR)) {
        clsUrl += RoleResourceConstant.URL_SPLITOR;
    }
    String urlPattarn = clsUrl + methodUrl;
    if (!urlPattarn.endsWith(RoleResourceConstant.URL_SPLITOR)) {
        urlPattarn += RoleResourceConstant.URL_SPLITOR;
    }
    if (noAuthCheckUrl != null && noAuthCheckUrl.contains(urlPattarn)) {
        LOG.info("don't need to check this url: " + urlPattarn);
    } else {
        // 获取method上标注的http method,若未标注method则默认为GET
        RequestMethod[] methods = requestMapping.method();
        RequestMethod methodType = RequestMethod.GET;
        if (methods.length != 0) {
            methodType = methods[0];
        }
        String urlInfo = urlPattarn + ", method:" + methodType.toString();
        // 获取用户角色
        Visitor visitor = ThreadContext.getSessionVisitor();
        if (visitor == null) {
            LOG.warn("No session visitor!");
            throw new AccessDeniedException("No session visitor! " + urlInfo);
        }
        Integer roleId = visitor.getRoleId();
        String visitorInfo = ", UserId:" + visitor.getId() + ", RoleId:" + roleId;
        Boolean isPriviledged = true;
        // 判断用户是否有权限访问方法
        if (!this.isMethodAccessible(urlPattarn, methodType, roleId)) {
            isPriviledged = false;
            throw new AccessDeniedException("Access Denied: " + urlInfo + visitorInfo);
        }
        LOG.info("Accessing URL:" + urlInfo + visitorInfo + ", Is priviledged:" + isPriviledged.toString());
    }
    Object rtnOb = null;
    try {
        // 执行方法
        rtnOb = pjp.proceed();
    } catch (Throwable t) {
        LOG.info(t.getMessage());
        throw t;
    }
    return rtnOb;
}
Also used : AccessDeniedException(com.baidu.dsp.common.exception.AccessDeniedException) Visitor(com.baidu.disconf.web.service.user.dto.Visitor) RequestMethod(org.springframework.web.bind.annotation.RequestMethod) Around(org.aspectj.lang.annotation.Around)

Aggregations

Visitor (com.baidu.disconf.web.service.user.dto.Visitor)12 User (com.baidu.disconf.web.service.user.bo.User)2 RequestMethod (org.springframework.web.bind.annotation.RequestMethod)2 ConfigHistory (com.baidu.disconf.web.service.config.bo.ConfigHistory)1 VisitorVo (com.baidu.disconf.web.service.user.vo.VisitorVo)1 AccessDeniedException (com.baidu.dsp.common.exception.AccessDeniedException)1 FieldException (com.baidu.dsp.common.exception.FieldException)1 InetAddress (java.net.InetAddress)1 UnknownHostException (java.net.UnknownHostException)1 ArrayList (java.util.ArrayList)1 Date (java.util.Date)1 HashMap (java.util.HashMap)1 List (java.util.List)1 Map (java.util.Map)1 HttpSession (javax.servlet.http.HttpSession)1 Around (org.aspectj.lang.annotation.Around)1 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)1 ResponseBody (org.springframework.web.bind.annotation.ResponseBody)1