Example 16 with SysUser
use of com.cdeledu.model.rbac.SysUser in project wechat by dllwh.
the class LoginController method resetPwd.
@ResponseBody
@RequestMapping(value = "resetPwd")
@SystemLog(desc = "重置密码", opType = SysOpType.UPDATE, tableName = "sys_user")
public AjaxJson resetPwd(String oldPassWord, String newPassWord) {
AjaxJson result = new AjaxJson();
SysUser currenLoginUser = ShiroHelper.getPrincipal();
// 判断用户是否为空,不为空,则清空session中的用户object
if (currenLoginUser != null) {
if (StringUtils.isNoneBlank(oldPassWord) && StringUtils.isNoneBlank(newPassWord)) {
String password = PasswordUtil.encrypt(currenLoginUser.getUserName(), oldPassWord.trim());
if (currenLoginUser.getPassword().equalsIgnoreCase(password)) {
SysUser sysUser = new SysUser();
sysUser.setId(currenLoginUser.getId());
sysUser.setPassword(PasswordUtil.encrypt(currenLoginUser.getUserName(), newPassWord.trim()));
try {
userService.update(sysUser);
result.setSuccess(true);
result.setMsg(MessageConstant.MSG_OPERATION_SUCCESS);
} catch (Exception e) {
e.printStackTrace();
result.setSuccess(false);
result.setMsg(MessageConstant.MSG_OPERATION_FAILED);
}
} else {
result.setSuccess(false);
result.setMsg("错误提示:请输入正确的原密码");
}
} else {
result.setSuccess(false);
result.setMsg("错误提示:旧密码或新密码不能为空");
}
} else {
result.setSuccess(false);
result.setMsg("当前用户尚未登录,请重新登录");
}
return result;
}
Also used :
SysUser(com.cdeledu.model.rbac.SysUser)
AjaxJson(com.cdeledu.common.base.AjaxJson)
SystemLog(com.cdeledu.core.annotation.SystemLog)
ResponseBody(org.springframework.web.bind.annotation.ResponseBody)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 17 with SysUser
use of com.cdeledu.model.rbac.SysUser in project wechat by dllwh.
the class LoginController method doLogin.
/**
* @方法:用户登录
* @创建人:独泪了无痕
* @param request
* @return
*/
@RequestMapping(params = "doLogin")
public String doLogin(Model model) {
SysUser managerUser = ShiroHelper.getPrincipal();
List<SysUserRole> roleList = null;
try {
if (null != managerUser) {
// 获取菜单、角色列表
roleList = userService.getUserRole(managerUser);
// 如果没有角色,则不允许登录
if (roleList != null && roleList.size() > 0) {
// model.addAttribute("avatar", );
return "main/center";
} else {
model.addAttribute("tips", "该用户没有角色,无法登录");
return FilterHelper.LOGIN_SHORT;
}
} else {
model.addAttribute("tips", "该用户长时间未操作,请重新登录");
return FilterHelper.LOGIN_SHORT;
}
} catch (Exception e) {
return FilterHelper.LOGIN_SHORT;
}
}
Also used :
SysUser(com.cdeledu.model.rbac.SysUser)
SysUserRole(com.cdeledu.model.rbac.SysUserRole)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 18 with SysUser
use of com.cdeledu.model.rbac.SysUser in project wechat by dllwh.
the class LoginController method doLogout.
/**
* @方法:退出系统
* @创建人:独泪了无痕
* @return
*/
@RequestMapping(params = "doLogout")
public String doLogout(HttpServletRequest request) {
SysUser currenLoginUser = ShiroHelper.getPrincipal();
// 判断用户是否为空,不为空,则清空session中的用户object
if (currenLoginUser != null) {
// 保存退出日志
HttpSession session = request.getSession();
session.removeAttribute(GlobalConstants.USER_SESSION);
String userName = currenLoginUser.getUserName();
String ip = getIp(request);
String browser = getBrowser(request);
try {
ShiroHelper.logout();
LogManager.getInstance().executeLog(LogTaskFactory.loginLog(userName, "成功退出系统", -1, ip, browser));
} catch (Exception e) {
LogManager.getInstance().executeLog(LogTaskFactory.loginLog(userName, "退出失败,原因:" + e.getMessage(), -2, ip, browser));
}
}
return FilterHelper.LOGIN_SHORT;
}
Also used :
SysUser(com.cdeledu.model.rbac.SysUser)
HttpSession(javax.servlet.http.HttpSession)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 19 with SysUser
use of com.cdeledu.model.rbac.SysUser in project wechat by dllwh.
the class CustomSessionManager method getSessionEntity.
/**
* ----------------------------------------------- [私有方法]
*/
private OnlineUser getSessionEntity(Session session) {
/**
* 获取登录信息
*/
Object obj = session.getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);
if (null == obj) {
return null;
}
if (obj instanceof SimplePrincipalCollection) {
SimplePrincipalCollection spc = (SimplePrincipalCollection) obj;
obj = spc.getPrimaryPrincipal();
if (null != obj && obj instanceof SysUser) {
OnlineUser onlineUser = new OnlineUser((SysUser) obj);
// 最后一次和系统交互的时间
onlineUser.setLastAccess(session.getLastAccessTime());
// 主机的ip地址
onlineUser.setHost(session.getHost());
// session ID
onlineUser.setSessionId(session.getId().toString());
// 会话到期
onlineUser.setTimeout(session.getTimeout());
// 会话创建
onlineUser.setStartTime(session.getStartTimestamp());
SessionStatus sessionStatus = (SessionStatus) session.getAttribute(CacheConstans.SESSION_STATUS);
boolean status = Boolean.TRUE;
if (null != sessionStatus) {
status = sessionStatus.getOnlineStatus();
}
onlineUser.setSessionStatus(status);
return onlineUser;
}
}
return null;
}
Also used :
SysUser(com.cdeledu.model.rbac.SysUser)
OnlineUser(com.cdeledu.model.system.OnlineUser)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
Example 20 with SysUser
use of com.cdeledu.model.rbac.SysUser in project wechat by dllwh.
the class ShiroRealm method doGetAuthorizationInfo.
/**
* @方法描述: 为当前登录的Subject授予角色和权限
* @说明: 该方法的调用时机为需授权资源被访问时,:并且每次访问需授权资源时都会执行该方法中的逻辑
* @param principals
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
try {
// ① 获取当前登录的用户名
SysUser currentUser = (SysUser) principals.fromRealm(getName()).iterator().next();
if (currentUser == null) {
// 自动跳转到unauthorizedUrl指定的地址
return null;
}
// ② 从数据库中获取当前登录用户的详细信息
// ③ 获取当前登录用户的角色
/**
* 角色名的集合
*/
Set<String> roleList = Sets.newConcurrentHashSet();
List<SysUserRole> sysUserRolelist = userService.getUserRole(currentUser);
for (SysUserRole role : sysUserRolelist) {
if (role != null) {
roleList.add(role.getRoleCode());
}
}
// ④ 获取权限
SimpleAuthorizationInfo simpleAuthorInfo = new SimpleAuthorizationInfo();
// ④ 1.为当前用户设置角色
simpleAuthorInfo.addRoles(roleList);
// ④ 2.为当前用户设置访问权限
List<String> opPerms = sysMenuService.getMenuPermsByUserId(currentUser);
if (ListUtilHelper.isNotEmpty(opPerms)) {
simpleAuthorInfo.addStringPermissions(opPerms);
}
return simpleAuthorInfo;
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
Also used :
SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo)
SysUser(com.cdeledu.model.rbac.SysUser)
AuthenticationException(org.apache.shiro.authc.AuthenticationException)
DisabledAccountException(org.apache.shiro.authc.DisabledAccountException)
ExcessiveAttemptsException(org.apache.shiro.authc.ExcessiveAttemptsException)
LockedAccountException(org.apache.shiro.authc.LockedAccountException)
UnknownAccountException(org.apache.shiro.authc.UnknownAccountException)
SysUserRole(com.cdeledu.model.rbac.SysUserRole)
Aggregations
SysUser (com.cdeledu.model.rbac.SysUser)21
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)11
AjaxJson (com.cdeledu.common.base.AjaxJson)8
ResponseBody (org.springframework.web.bind.annotation.ResponseBody)8
SystemLog (com.cdeledu.core.annotation.SystemLog)7
SysUserRole (com.cdeledu.model.rbac.SysUserRole)4
HttpSession (javax.servlet.http.HttpSession)3
AuthenticationException (org.apache.shiro.authc.AuthenticationException)2
DisabledAccountException (org.apache.shiro.authc.DisabledAccountException)2
ExcessiveAttemptsException (org.apache.shiro.authc.ExcessiveAttemptsException)2
LockedAccountException (org.apache.shiro.authc.LockedAccountException)2
UnknownAccountException (org.apache.shiro.authc.UnknownAccountException)2
Transactional (org.springframework.transaction.annotation.Transactional)2
OnlineUser (com.cdeledu.model.system.OnlineUser)1
HashMap (java.util.HashMap)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
SimpleAuthenticationInfo (org.apache.shiro.authc.SimpleAuthenticationInfo)1
UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)1
SimpleAuthorizationInfo (org.apache.shiro.authz.SimpleAuthorizationInfo)1
SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)1
