登录增加cookie校验

src/main/java/com/uas/platform/b2bManage/controller/AccountController.java

@@ -13,7 +13,6 @@ import com.uas.platform.b2bManage.support.SecurityConstant;
 import com.uas.platform.b2bManage.web.BaseController;
 import com.uas.platform.core.util.AgentUtils;
 import com.uas.platform.core.util.encry.Md5Utils;
-import javassist.NotFoundException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.ui.ModelMap;
 import org.springframework.web.bind.annotation.*;
@@ -83,14 +82,15 @@ public class AccountController extends BaseController {
      * 退出
      *
      * @param sessionStatus session状态
-     * @param session session
+     * @param session HttpSession
      * @return 访问路径
      * @throws IOException IO异常
      */
 	@RequestMapping(value = "/logout", method = RequestMethod.POST)
 	public ModelMap logout(SessionStatus sessionStatus, HttpSession session) throws IOException {
-		SystemSession.clear();
+        session.removeAttribute("user");
         session.invalidate();
+        SystemSession.clear();
         sessionStatus.setComplete();
         User user = SystemSession.getUser();
         if (null != user) {

src/main/java/com/uas/platform/b2bManage/core/support/SystemSession.java

@@ -2,6 +2,8 @@ package com.uas.platform.b2bManage.core.support;
 
 import com.uas.platform.b2bManage.model.User;
 
+import javax.servlet.http.HttpSession;
+
 /**
  * 每次请求服务器时，用户信息存放在本次线程中
  * 
@@ -10,7 +12,9 @@ import com.uas.platform.b2bManage.model.User;
  */
 public class SystemSession {
 
-	private static ThreadLocal<User> local = new ThreadLocal<User>();
+	private static ThreadLocal<User> local = new ThreadLocal<>();
+
+	private static ThreadLocal<HttpSession> localSession = new ThreadLocal<>();
 
 	public static void setUser(User session) {
 		local.set(session);
@@ -24,4 +28,7 @@ public class SystemSession {
 		local.set(null);
 	}
 
+    public static void setSession(HttpSession session) {
+		localSession.set(session);
+    }
 }

src/main/java/com/uas/platform/b2bManage/model/Constant.java

@@ -42,4 +42,9 @@ public class Constant {
      * 默认YES
      */
     public static final Short YES = 1;
+
+    /**
+     * 设置cookie名称
+     */
+    public static final String COOKIE_NAME = "myCookie";
 }

src/main/java/com/uas/platform/b2bManage/model/UseLog.java

@@ -10,7 +10,8 @@ import java.util.Date;
 /**
  * 使用日志
  *
- * Created by hejq on 2018-04-26.
+ * @author hejq
+ * @date 2018-04-26
  */
 @Table(name = "log$manage")
 @Entity
@@ -33,38 +34,38 @@ public class UseLog implements Serializable {
      * 姓名
      */
     @Column(name = "log_name")
-    private String name;
+    private String name = "";
 
     /**
      * 手机
      */
     @Column(name = "log_tel")
-    private String tel;
+    private String tel = "";
 
     /**
      * 时间
      */
     @Column(name = "log_time")
-    private Date time;
+    private Date time = new Date(System.currentTimeMillis());
 
     /**
      * 标题
      */
     @Column(name = "log_title")
-    private String title;
+    private String title = "";
 
     /**
      * 详情
      */
     @Column(name = "log_message")
     @Length(max = 1000)
-    private String message;
+    private String message = "";
 
     /**
      * ip
      */
     @Column(name = "log_ip")
-    private String ip;
+    private String ip = "";
 
     /**
      * 含参定义日志
@@ -77,8 +78,11 @@ public class UseLog implements Serializable {
         this.title = title;
         this.ip = ip;
         this.message = message;
-        this.name = SystemSession.getUser().getName();
-        this.tel = SystemSession.getUser().getTel();
+        User user =SystemSession.getUser();
+        if (null != user) {
+            this.name = SystemSession.getUser().getName();
+            this.tel = SystemSession.getUser().getTel();
+        }
         this.time = new Date(System.currentTimeMillis());
     }
 

src/main/java/com/uas/platform/b2bManage/service/impl/UserServiceImpl.java

@@ -12,6 +12,7 @@ import com.uas.platform.b2bManage.service.UserService;
 import com.uas.platform.b2bManage.support.MyException;
 import com.uas.platform.b2bManage.support.SecurityConstant;
 import com.uas.platform.b2bManage.support.StringUtil;
+import com.uas.platform.core.util.AgentUtils;
 import com.uas.platform.core.util.encry.Md5Utils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
@@ -20,8 +21,10 @@ import org.springframework.ui.ModelMap;
 import org.springframework.util.CollectionUtils;
 
 import javax.servlet.ServletException;
+import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
 import java.util.List;
@@ -104,8 +107,11 @@ public class UserServiceImpl implements UserService {
         }
         User user = users.get(0);
         if (Md5Utils.encode(passWord, user.getName()).equals(user.getPassword())) {
+            HttpSession session = request.getSession();
+            session.setAttribute("user", user);
+            Cookie cookie = new Cookie(Constant.COOKIE_NAME,  Md5Utils.encode(AgentUtils.getIp(request), null));
+            response.addCookie(cookie);
             SystemSession.setUser(user);
-            request.getSession().setAttribute("user", user);
         } else {
             throw new MyException("账号或密码错误");
         }

src/main/java/com/uas/platform/b2bManage/web/BaseController.java

@@ -6,6 +6,9 @@ import java.io.PrintWriter;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import com.uas.platform.b2bManage.core.support.SystemSession;
+import com.uas.platform.b2bManage.model.User;
+import com.uas.platform.b2bManage.support.SecurityConstant;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;

src/main/java/com/uas/platform/b2bManage/web/filter/SSOInterceptor.java

@@ -2,9 +2,11 @@ package com.uas.platform.b2bManage.web.filter;
 
 import com.alibaba.fastjson.JSON;
 import com.uas.platform.b2bManage.core.support.SystemSession;
+import com.uas.platform.b2bManage.model.Constant;
 import com.uas.platform.b2bManage.model.User;
 import com.uas.platform.b2bManage.support.SecurityConstant;
 import com.uas.platform.core.util.AgentUtils;
+import com.uas.platform.core.util.encry.Md5Utils;
 import org.apache.log4j.Logger;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@@ -12,10 +14,14 @@ import org.springframework.web.servlet.ModelAndView;
 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
 
 import javax.servlet.*;
+import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
+import java.util.Arrays;
+import java.util.List;
 
 
 /**
@@ -38,23 +44,68 @@ public class SSOInterceptor extends HandlerInterceptorAdapter implements Filter
     }
 
     private final boolean authenticate(HttpServletRequest request, HttpServletResponse response) throws IOException {
-        HttpServletRequest httpRequest = request;
-        logSession(httpRequest);
+        Cookie[] cookies = request.getCookies();
+        List<Cookie> cookieList = Arrays.asList(cookies);
+        final boolean[] cookieExist = {false};
+        boolean cookieFlag = checkCookie(cookieExist, cookieList, request);
+        if (!cookieFlag) {
+            if (!this.onAuthenticateFailed(request, response)) {
+                return false;
+            } else {
+                return true;
+            }
+        }
+        logSession(request);
         User user = SystemSession.getUser();
         // 未登录则要求登录
         if (user == null) {
             logoutSession(request);
-            if(!this.onAuthenticateFailed(request, response)) {
+            if (!this.onAuthenticateFailed(request, response)) {
                 return false;
             } else {
                 return true;
             }
         } else {
-            onAuthenticateSuccess(request);
+            checkLogin(response);
         }
         return true;
     }
 
+    /**
+     * 校验cookie是否存在
+     *
+     * @param cookieExist 是否存在cookie
+     * @param cookieList cookie列表
+     * @param request HttpServletRequest
+     */
+    private boolean checkCookie(boolean[] cookieExist, List<Cookie> cookieList, HttpServletRequest request) {
+        String ipMd5 = Md5Utils.encode(AgentUtils.getIp(request), null);
+        cookieList.forEach(cookie -> {
+            switch (cookie.getName()) {
+                case (Constant.COOKIE_NAME):
+                    if (cookie.getValue().equals(ipMd5)) {
+                        cookieExist[0] = true;
+                        break;
+                    }
+                default:
+            }
+        });
+        return cookieExist[0];
+    }
+
+    /**
+     * 校验登录信息
+     *
+     * @param response HttpServletResponse
+     * @throws IOException IO异常
+     */
+    protected static void checkLogin(HttpServletResponse response) throws IOException {
+        User user = SystemSession.getUser();
+        if (null == user) {
+            response.sendRedirect(SecurityConstant.LOGIN_URL);
+        }
+    }
+
     /**
      * 将user信息放在当前线程里面
      *
@@ -79,7 +130,7 @@ public class SSOInterceptor extends HandlerInterceptorAdapter implements Filter
     /**
      * 验证成功，获取用户信息
      *
-     * @param request
+     * @param request HttpServletRequest
      */
     protected void onAuthenticateSuccess(HttpServletRequest request) {
         User user = (User) request.getAttribute("user");
@@ -88,23 +139,35 @@ public class SSOInterceptor extends HandlerInterceptorAdapter implements Filter
         }
     }
 
+    /**
+     * 验证失败重新登录
+     *
+     * @param request HttpServletRequest
+     * @param response HttpServletResponse
+     * @return
+     * @throws IOException IO异常
+     */
     private boolean onAuthenticateFailed(HttpServletRequest request, HttpServletResponse response) throws IOException {
-        SystemSession.clear();
-        User user = (User) request.getSession().getAttribute("user");
-        if (user != null) {
-            SystemSession.setUser(user);
+        HttpSession session = request.getSession();
+        removeLocalSession(session);
+        if (SecurityConstant.AUTHENTICATION_URL.equals(request.getRequestURI())) {
             return true;
-        } else {
-            if (SecurityConstant.AUTHENTICATION_URL.equals(request.getRequestURI())) {
-                return true;
-            }
-            AntPathRequestMatcher matcher = new AntPathRequestMatcher("/account/enterprise/info/**");
-            if (matcher.matches(request)) {
-                return true;
-            }
-            response.setStatus(HttpStatus.UNAUTHORIZED.value());
-            response.sendRedirect(SecurityConstant.LOGIN_URL);
-            return false;
+        }
+        response.setStatus(HttpStatus.UNAUTHORIZED.value());
+        response.sendRedirect(SecurityConstant.LOGIN_URL);
+        return false;
+    }
+
+    /**
+     * 清除登录信息
+     * @param session HttpSession
+     */
+    private void removeLocalSession(HttpSession session) {
+        SystemSession.clear();
+        session.invalidate();
+        User user = SystemSession.getUser();
+        if (null != user) {
+            removeLocalSession(session);
         }
     }
 

src/main/java/com/uas/platform/b2bManage/web/filter/SystemSessionInterceptor.java

@@ -0,0 +1,39 @@
+package com.uas.platform.b2bManage.web.filter;
+
+import com.uas.platform.b2bManage.core.support.SystemSession;
+import com.uas.platform.b2bManage.model.User;
+import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+/**
+ * 用户信息拦截器，对所有的请求，自动将Session 中的用户信息设置进
+ *
+ * @author hejq
+ * @date 2018-08-30 10:00
+ */
+public class SystemSessionInterceptor extends HandlerInterceptorAdapter {
+
+    /**
+     * 传入的attribute关键字 user
+     */
+    private final String USER_KEY = "user";
+
+    /**
+     * This implementation always returns {@code true}.
+     */
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
+            throws Exception {
+        if (SystemSession.getUser() == null) {
+            HttpSession session = request.getSession(false);
+            if (session != null && session.getAttribute(USER_KEY) != null) {
+                SystemSession.setUser((User) session.getAttribute(USER_KEY));
+            }
+            SystemSession.setSession(session);
+        }
+        return true;
+    }
+}

src/main/webapp/WEB-INF/webmvc.xml

@@ -72,6 +72,11 @@
             <mvc:exclude-mapping path="/**/*invalid*"/>
 			<bean class="com.uas.platform.b2bManage.web.filter.SSOInterceptor"></bean>
 		</mvc:interceptor>
+		<!-- 对所有的请求拦截，将Session中的User信息设置进SystemSession -->
+		<mvc:interceptor>
+			<mvc:mapping path="/**"></mvc:mapping>
+			<bean class="com.uas.platform.b2bManage.web.filter.SystemSessionInterceptor"></bean>
+		</mvc:interceptor>
 	</mvc:interceptors>
 
 </beans>