|
|
@@ -67,49 +67,41 @@ public class SecurityInterceptor extends HandlerInterceptorAdapter {
|
|
|
// 请求页面为 /login的话,特殊处理
|
|
|
if (url.equals("/login")) {
|
|
|
// session 中有登陆信息,重定向到首页
|
|
|
- if (user != null) {
|
|
|
- response.sendRedirect("");
|
|
|
- return false;
|
|
|
- }
|
|
|
// 没有登陆信息,则尝试自动登陆
|
|
|
- user = autoLogin(request);
|
|
|
- if (user != null) {
|
|
|
+ if (user != null || autoLogin(request) != null) {
|
|
|
response.sendRedirect("");
|
|
|
return false;
|
|
|
}
|
|
|
return true;
|
|
|
}
|
|
|
|
|
|
- // session 中不存在登陆信息
|
|
|
- if (user == null) {
|
|
|
- // 尝试自动登陆
|
|
|
- user = autoLogin(request);
|
|
|
- if (user == null) {
|
|
|
- logger.info("No session for path: " + url);
|
|
|
- // 如果是 XMLHttpRequest ,抛出异常,否则重定向
|
|
|
- if (Objects.equals("XMLHttpRequest", request.getHeader("X-Requested-With"))) {
|
|
|
- throw new SecurityException("未登录");
|
|
|
- }
|
|
|
- String returnUrl = request.getRequestURL().toString();
|
|
|
- String queryString = request.getQueryString();
|
|
|
- if (!StringUtils.isEmpty(queryString)) {
|
|
|
- returnUrl += "?" + queryString;
|
|
|
+ // session 中有登陆信息,进行下一步
|
|
|
+ // 没有登陆信息,则尝试自动登陆
|
|
|
+ if (user != null || (user = autoLogin(request)) != null) {
|
|
|
+ // 只允许管理员访问
|
|
|
+ if (user.getRole() != Role.Admin) {
|
|
|
+ for (String pattern : this.adminPatterns) {
|
|
|
+ if (pathMatcher.match(pattern, url)) {
|
|
|
+ throw new OperationException("权限不足");
|
|
|
+ }
|
|
|
}
|
|
|
- response.sendRedirect(contextPath + "/login?returnUrl=" + URLEncoder.encode(returnUrl, "UTF-8"));
|
|
|
- return false;
|
|
|
}
|
|
|
- }
|
|
|
-
|
|
|
- // 只允许管理员访问
|
|
|
- if (user.getRole() != Role.Admin) {
|
|
|
- for (String pattern : this.adminPatterns) {
|
|
|
- if (pathMatcher.match(pattern, url)) {
|
|
|
- throw new OperationException("权限不足");
|
|
|
- }
|
|
|
+ SystemSession.setUser(user);
|
|
|
+ return true;
|
|
|
+ } else {
|
|
|
+ logger.info("No session for path: " + url);
|
|
|
+ // 如果是 XMLHttpRequest ,抛出异常,否则重定向
|
|
|
+ if (Objects.equals("XMLHttpRequest", request.getHeader("X-Requested-With"))) {
|
|
|
+ throw new SecurityException("未登录");
|
|
|
+ }
|
|
|
+ String returnUrl = request.getRequestURL().toString();
|
|
|
+ String queryString = request.getQueryString();
|
|
|
+ if (!StringUtils.isEmpty(queryString)) {
|
|
|
+ returnUrl += "?" + queryString;
|
|
|
}
|
|
|
+ response.sendRedirect(contextPath + "/login?returnUrl=" + URLEncoder.encode(returnUrl, "UTF-8"));
|
|
|
+ return false;
|
|
|
}
|
|
|
- SystemSession.setUser(user);
|
|
|
- return true;
|
|
|
}
|
|
|
|
|
|
/**
|
sunyj