Главная Обзор Помощь
Регистрация Вход
usoft
/
platform-b2b
1
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Просмотр исходного кода

数据传输结束后,清除线程里面session信息

git-svn-id: svn+ssh://10.10.101.21/source/platform/platform-b2b@3195 f3bf4e98-0cf0-11e4-a00c-a99a8b9d557d
yingp 10 лет назад
Родитель
e355f51604
Сommit
a58905bd09
2 измененных файлов с 11 добавлено и 5 удалено
Разделённый вид Показать статистику Diff
  1. 6 0
      src/main/java/com/uas/platform/b2b/filter/AccessSignatureInterceptor.java
  2. 5 5
      src/main/java/com/uas/platform/b2b/filter/SecurityInterceptor.java

+ 6 - 0
src/main/java/com/uas/platform/b2b/filter/AccessSignatureInterceptor.java
Просмотреть файл 

@@ -61,5 +61,11 @@ public class AccessSignatureInterceptor extends HandlerInterceptorAdapter {
 
 		response.setStatus(HttpStatus.FORBIDDEN.value());

 		return false;

 	}

+	

+	@Override

+	public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {

+		super.afterCompletion(request, response, handler, ex);

+		SystemSession.clear();

+	}

 

 }

+ 5 - 5
src/main/java/com/uas/platform/b2b/filter/SecurityInterceptor.java
Просмотреть файл 

@@ -108,6 +108,7 @@ public class SecurityInterceptor extends AbstractSecurityInterceptor implements
 
 	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {

 		HttpServletRequest httpRequest = (HttpServletRequest) request;

 		HttpServletResponse httpResponse = (HttpServletResponse) response;

+		clearSession();

 		// 账号密码自动登录

 		autoLogin(httpRequest);

 		// access_token验证登录

@@ -116,7 +117,6 @@ public class SecurityInterceptor extends AbstractSecurityInterceptor implements
 
 		User user = SystemSession.getUser();

 		// 判断session的用户信息是否与Authentication一致

 		if (user == null) {// 未登录则要求登录

-			logoutSession();

 			if (!SecurityConstant.AUTHENTICATION_URL.equals(httpRequest.getServletPath())) {

 				if (httpRequest.getHeader("Accept").contains("application/json"))

 					httpResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);

@@ -130,7 +130,7 @@ public class SecurityInterceptor extends AbstractSecurityInterceptor implements
 
 				&& !authentication.getName().equals(String.valueOf(user.getUserUU()))) {// 用户信息与Authentication不一致

 			logger.error(String.format("用户信息%s@%s与Authentication信息%s@%s不一致", user.getUserUU(), user.getIp(), authentication.getName(),

 					AgentUtils.getIp(httpRequest)));

-			logoutSession();

+			clearSession();

 			if (httpRequest.getContentType().contains("application/json"))

 				httpResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);

 			else

@@ -139,11 +139,11 @@ public class SecurityInterceptor extends AbstractSecurityInterceptor implements
 
 		}

 		if (user.isSys()) {// 超级用户无需验证权限

 			chain.doFilter(request, response);

-			logoutSession();

+			clearSession();

 			return;

 		}

 		invoke(new FilterInvocation(request, response, chain));

-		logoutSession();

+		clearSession();

 	}

 

 	public void invoke(FilterInvocation filter) throws IOException, ServletException {

@@ -252,7 +252,7 @@ public class SecurityInterceptor extends AbstractSecurityInterceptor implements
 
 	/**

 	 * 线程池策略下,不会频繁删除线程,置于线程内的对象须手动删除

 	 */

-	private void logoutSession() {

+	private void clearSession() {

 		SystemSession.clear();

 	}