设置Session方式增加

src/main/java/com/uas/platform/b2b/filter/SimpleCORSFilter.java

@@ -1,14 +1,8 @@
 package com.uas.platform.b2b.filter;
 
-import java.io.IOException;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
+import javax.servlet.*;
 import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
 
 public class SimpleCORSFilter implements Filter {
 
@@ -25,6 +19,7 @@ public class SimpleCORSFilter implements Filter {
 		res.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
 		res.setHeader("Access-Control-Max-Age", "3600");
 		res.setHeader("Access-Control-Allow-Headers", "x-requested-with");
+		res.setHeader("Access-Control-Allow-Credentials", "true");
         chain.doFilter(request, res);
 	}
 

src/main/java/com/uas/platform/b2b/filter/SystemSessionInterceptor.java

@@ -0,0 +1,39 @@
+package com.uas.platform.b2b.filter;
+
+import com.uas.platform.b2b.model.User;
+import com.uas.platform.b2b.support.SystemSession;
+import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+/**
+ * 用户信息拦截器，对所有的请求，自动将Session 中的用户信息设置进
+ * @author hejq
+ * @date 2018-08-30 10:00
+ */
+public class SystemSessionInterceptor extends HandlerInterceptorAdapter {
+
+    /**
+     * 传入的attribute关键字 user
+     */
+    private final String USER_KEY = "user";
+
+    /**
+     * This implementation always returns {@code true}.
+     */
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
+            throws Exception {
+        if (SystemSession.getUser() == null) {
+            HttpSession session = request.getSession(false);
+            if (session != null && session.getAttribute(USER_KEY) != null) {
+                SystemSession.setUser((User) session.getAttribute("user"));
+                response.setStatus(HttpServletResponse.SC_OK);
+            }
+            SystemSession.setSession(session);
+        }
+        return true;
+    }
+}

src/main/java/com/uas/platform/b2b/support/SystemSession.java

@@ -2,6 +2,8 @@ package com.uas.platform.b2b.support;
 
 import com.uas.platform.b2b.model.User;
 
+import javax.servlet.http.HttpSession;
+
 /**
  * 每次请求服务器时，用户信息存放在本次线程中
  * 
@@ -12,6 +14,8 @@ public class SystemSession {
 
 	private static ThreadLocal<User> local = new ThreadLocal<User>();
 
+	private static ThreadLocal<HttpSession> loaclSession = new ThreadLocal<HttpSession>();
+
 	public static void setUser(User session) {
 		local.set(session);
 	}
@@ -24,4 +28,7 @@ public class SystemSession {
 		local.set(null);
 	}
 
+    public static void setSession(HttpSession session) {
+		loaclSession.set(session);
+    }
 }

src/main/webapp/WEB-INF/spring/webmvc.xml

@@ -91,6 +91,11 @@
 			<mvc:exclude-mapping path="/mobile/**" />
 			<bean class="com.uas.platform.b2b.filter.SSOInterceptor"></bean>
 		</mvc:interceptor>
+		<!-- 对所有的请求拦截，将Session中的User信息设置进SystemSession -->
+		<mvc:interceptor>
+			<mvc:mapping path="/**"></mvc:mapping>
+			<bean class="com.uas.platform.b2b.filter.SystemSessionInterceptor"></bean>
+		</mvc:interceptor>
 		<!-- 采用统一私钥签名、认证 -->
 		<mvc:interceptor>
 			<mvc:mapping path="/manage/user"></mvc:mapping>