已登录的用户，刷新页面致使acess_token重新被校验的地方修改

git-svn-id: svn+ssh://10.10.101.21/source/platform/platform-b2b@3052 f3bf4e98-0cf0-11e4-a00c-a99a8b9d557d

src/main/java/com/uas/platform/b2b/filter/SecurityInterceptor.java

@@ -281,27 +281,34 @@ public class SecurityInterceptor extends AbstractSecurityInterceptor implements
 	 * @param request
 	 */
 	private void accessTokenLogin(HttpServletRequest request) {
-		if (request.getSession().getAttribute("user") == null) {
-			String token = request.getParameter(tokenParam);
-			// 发现有采用access_token方式
-			if (token != null) {
-				String type = request.getParameter(typeParam);
-				String enUU = request.getParameter(enParam);
-				if ("manage".equals(type) && enUU != null) {
-					Enterprise enterprise = enterpriseService.findById(Long.parseLong(enUU));
-					if (enterprise != null) {
-						Map<String, Object> data = accessTokenService.validFormManage(token);
-						List<Role> roles = roleService.findByEnterprise(enterprise.getUu());
-						// 虚拟用户
-						User user = UserCreater.createVirtual(String.valueOf(data.get("user")), enterprise, roles);
-						user.setIp(AgentUtils.getIp(request));
-						Collection<GrantedAuthority> array = getGrantedAuthorities(user);
-						TrustedAuthenticationToken authenticate = new TrustedAuthenticationToken(user.getUserUU(), array);
-						SecurityContextHolder.getContext().setAuthentication(authenticate);
-						request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
-								SecurityContextHolder.getContext());
-						request.getSession().setAttribute("user", user);
-					}
+		String token = request.getParameter(tokenParam);
+		// 发现有采用access_token方式
+		if (token != null) {
+			Object sUser = request.getSession().getAttribute("user");
+			User user = null;
+			if (sUser != null) {
+				// session里面原先存在user信息，接下来要判断此user是否与token绑定的user信息一致
+				// 一致则跳过，无需再次验证；不一致则替换
+				user = (User) sUser;
+			}
+			String type = request.getParameter(typeParam);
+			String enUU = request.getParameter(enParam);
+			if ("manage".equals(type) && enUU != null) {
+				if (user != null && UserCreater.isVirtual(user) && enUU.equals(String.valueOf(user.getEnterprise().getUu())))
+					return;
+				Enterprise enterprise = enterpriseService.findById(Long.parseLong(enUU));
+				if (enterprise != null) {
+					Map<String, Object> data = accessTokenService.validFormManage(token);
+					List<Role> roles = roleService.findByEnterprise(enterprise.getUu());
+					// 虚拟用户
+					user = UserCreater.createVirtual(String.valueOf(data.get("user")), enterprise, roles);
+					user.setIp(AgentUtils.getIp(request));
+					Collection<GrantedAuthority> array = getGrantedAuthorities(user);
+					TrustedAuthenticationToken authenticate = new TrustedAuthenticationToken(user.getUserUU(), array);
+					SecurityContextHolder.getContext().setAuthentication(authenticate);
+					request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
+							SecurityContextHolder.getContext());
+					request.getSession().setAttribute("user", user);
 				}
 			}
 		}

src/main/java/com/uas/platform/b2b/support/UserCreater.java

@@ -11,6 +11,8 @@ import com.uas.platform.core.model.Constant;
 
 public class UserCreater {
 
+	private static final long defaultUU = -99999L;
+
 	/**
 	 * 创建虚拟用户
 	 * 
@@ -21,7 +23,7 @@ public class UserCreater {
 	public static User createVirtual(String userName, Enterprise enterprise, List<Role> roles) {
 		User user = new User();
 		user.setUserName(userName);
-		user.setUserUU(-99999L);
+		user.setUserUU(defaultUU);
 		user.setEnable(Constant.YES);
 		user.setIssys(Constant.YES);
 
@@ -35,4 +37,8 @@ public class UserCreater {
 		return user;
 	}
 
+	public static boolean isVirtual(User user) {
+		return defaultUU == user.getUserUU();
+	}
+
 }