示例#1
0
 public HttpHeaders menu() throws JsonProcessingException {
   HttpServletRequest request = ServletActionContext.getRequest();
   List<NavMenuVO> menus =
       menuService.authUserMenu(
           AuthContextHolder.getAuthUserDetails().getAuthorities(), request.getContextPath());
   request.setAttribute("rootMenus", menus);
   request.setAttribute("menuJsonData", mapper.writeValueAsString(menus));
   return new DefaultHttpHeaders("/layout/menu").disableCaching();
 }
示例#2
0
  public HttpHeaders doPasswd() {
    AuthUserDetails authUserDetails = AuthContextHolder.getAuthUserDetails();
    Assert.notNull(authUserDetails);
    HttpServletRequest request = ServletActionContext.getRequest();
    String oldpasswd = request.getParameter("oldpasswd");
    String newpasswd = request.getParameter("newpasswd");
    Assert.isTrue(StringUtils.isNotBlank(oldpasswd));
    Assert.isTrue(StringUtils.isNotBlank(newpasswd));

    User user = userService.findByUid(authUserDetails.getUid());
    String encodedPasswd = userService.encodeUserPasswd(user, oldpasswd);
    if (!encodedPasswd.equals(user.getPassword())) {
      setModel(OperationResult.buildFailureResult("原密码不正确,请重新输入"));
    } else {
      userService.save(user, newpasswd);
      setModel(OperationResult.buildSuccessResult("密码修改成功,请在下次登录使用新密码"));
    }
    return new DefaultHttpHeaders().disableCaching();
  }
示例#3
0
 public AuthUserDetails getAuthUserDetails() {
   return AuthContextHolder.getAuthUserDetails();
 }
  /** 重写父类方法,当登录成功后,重置失败标志 */
  @Override
  protected boolean onLoginSuccess(
      AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response)
      throws Exception {
    HttpServletResponse httpServletResponse = (HttpServletResponse) response;
    HttpServletRequest httpServletRequest = (HttpServletRequest) request;

    SourceUsernamePasswordToken sourceUsernamePasswordToken = (SourceUsernamePasswordToken) token;
    User authAccount =
        userService.findByAuthTypeAndAuthUid(
            User.AuthTypeEnum.SYS, sourceUsernamePasswordToken.getUsername());
    Date now = DateUtils.currentDate();

    // 更新Access Token,并设置半年后过期
    if (StringUtils.isBlank(authAccount.getAccessToken())
        || authAccount.getAccessTokenExpireTime().before(now)) {
      authAccount.setAccessToken(UUID.randomUUID().toString());
      authAccount.setAccessTokenExpireTime(
          new DateTime(DateUtils.currentDate()).plusMonths(6).toDate());
      userService.save(authAccount);
    }

    // 写入登入记录信息
    UserLogonLog userLogonLog = new UserLogonLog();
    userLogonLog.setLogonTime(DateUtils.currentDate());
    userLogonLog.setLogonYearMonthDay(DateUtils.formatDate(userLogonLog.getLogoutTime()));
    userLogonLog.setRemoteAddr(httpServletRequest.getRemoteAddr());
    userLogonLog.setRemoteHost(httpServletRequest.getRemoteHost());
    userLogonLog.setRemotePort(httpServletRequest.getRemotePort());
    userLogonLog.setLocalAddr(httpServletRequest.getLocalAddr());
    userLogonLog.setLocalName(httpServletRequest.getLocalName());
    userLogonLog.setLocalPort(httpServletRequest.getLocalPort());
    userLogonLog.setServerIP(IPAddrFetcher.getGuessUniqueIP());
    userLogonLog.setHttpSessionId(httpServletRequest.getSession().getId());
    userLogonLog.setUserAgent(httpServletRequest.getHeader("User-Agent"));
    userLogonLog.setXforwardFor(IPAddrFetcher.getRemoteIpAddress(httpServletRequest));
    userLogonLog.setAuthType(authAccount.getAuthType());
    userLogonLog.setAuthUid(authAccount.getAuthUid());
    userLogonLog.setAuthGuid(authAccount.getAuthGuid());
    userService.userLogonLog(authAccount, userLogonLog);

    if (isMobileAppAccess(request)) {
      return true;
    } else {
      // 根据不同登录类型转向不同成功界面
      AuthUserDetails authUserDetails = AuthContextHolder.getAuthUserDetails();

      // 判断密码是否已到期,如果是则转向密码修改界面
      Date credentialsExpireTime = authAccount.getCredentialsExpireTime();
      if (credentialsExpireTime != null && credentialsExpireTime.before(DateUtils.currentDate())) {
        httpServletResponse.sendRedirect(
            httpServletRequest.getContextPath()
                + authUserDetails.getUrlPrefixBySource()
                + "/profile/credentials-expire");
        return false;
      }

      // 如果是强制转向指定successUrl则清空SavedRequest
      if (forceSuccessUrl) {
        WebUtils.getAndClearSavedRequest(httpServletRequest);
      }

      return super.onLoginSuccess(token, subject, request, httpServletResponse);
    }
  }