Ejemplo n.º 1
0
 /** 获取SESSIONID */
 public String getSessionid() {
   try {
     return (String) UserUtils.getSession().getId();
   } catch (Exception e) {
     return "";
   }
 }
Ejemplo n.º 2
0
 /** 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用 */
 @Override
 protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
   Principal principal = (Principal) getAvailablePrincipal(principals);
   // 获取当前已登录的用户
   if (!Global.TRUE.equals(Global.getConfig("user.multiAccountLogin"))) {
     Collection<Session> sessions =
         getSystemService()
             .getSessionDao()
             .getActiveSessions(true, principal, UserUtils.getSession());
     if (sessions.size() > 0) {
       // 如果是登录进来的,则踢出已在线用户
       if (UserUtils.getSubject().isAuthenticated()) {
         for (Session session : sessions) {
           getSystemService().getSessionDao().delete(session);
         }
       }
       // 记住我进来的,并且当前用户已登录,则退出当前用户提示信息。
       else {
         UserUtils.getSubject().logout();
         throw new AuthenticationException("msg:账号已在其它地方登录,请重新登录。");
       }
     }
   }
   User user = getSystemService().getUserByLoginName(principal.getLoginName());
   if (user != null) {
     SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
     List<Menu> list = UserUtils.getMenuList();
     for (Menu menu : list) {
       if (StringUtils.isNotBlank(menu.getPermission())) {
         // 添加基于Permission的权限信息
         for (String permission : StringUtils.split(menu.getPermission(), ",")) {
           info.addStringPermission(permission);
         }
       }
     }
     // 添加用户权限
     info.addStringPermission("user");
     // 添加用户角色信息
     for (Role role : user.getRoleList()) {
       info.addRole(role.getEnname());
     }
     // 更新登录IP和时间
     getSystemService().updateUserLoginInfo(user);
     // 记录登录日志
     LogUtils.saveLog(Servlets.getRequest(), "系统登录");
     return info;
   } else {
     return null;
   }
 }
Ejemplo n.º 3
0
  /** 认证回调函数, 登录时调用 */
  @Override
  protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) {
    UsernamePasswordToken token = (UsernamePasswordToken) authcToken;

    int activeSessionSize = getSystemService().getSessionDao().getActiveSessions(false).size();
    if (logger.isDebugEnabled()) {
      logger.debug(
          "login submit, active session size: {}, username: {}",
          activeSessionSize,
          token.getUsername());
    }

    // 校验登录验证码
    if (LoginController.isValidateCodeLogin(token.getUsername(), false, false)) {
      Session session = UserUtils.getSession();
      String code = (String) session.getAttribute(ValidateCodeServlet.VALIDATE_CODE);
      if (token.getCaptcha() == null || !token.getCaptcha().toUpperCase().equals(code)) {
        throw new AuthenticationException("msg:验证码错误, 请重试.");
      }
    }

    // 校验用户名密码
    User user = getSystemService().getUserByLoginName(token.getUsername());
    if (user != null) {
      if (Global.NO.equals(user.getLoginFlag())) {
        throw new AuthenticationException("msg:该帐号已禁止登录.");
      }
      byte[] salt = Encodes.decodeHex(user.getPassword().substring(0, 16));
      return new SimpleAuthenticationInfo(
          new Principal(user, token.isMobileLogin()),
          user.getPassword().substring(16),
          ByteSource.Util.bytes(salt),
          getName());
    } else {
      return null;
    }
  }