package cn.ztuo.bitrade.interceptor; import cn.ztuo.bitrade.constant.SysConstant; import cn.ztuo.bitrade.entity.Admin; import cn.ztuo.bitrade.service.AdminService; import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.lang.StringUtils; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.authz.annotation.Logical; import org.apache.shiro.authz.annotation.RequiresPermissions; import org.apache.shiro.session.Session; import org.apache.shiro.subject.Subject; import org.json.JSONException; import org.json.JSONObject; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.BeanFactory; import org.springframework.kafka.annotation.KafkaListener; import org.springframework.stereotype.Component; import org.springframework.web.context.support.WebApplicationContextUtils; import org.springframework.web.method.HandlerMethod; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import java.io.IOException; import java.io.PrintWriter; @Component public class SessionInterceptor implements HandlerInterceptor { private static final Logger logger = LoggerFactory.getLogger(SessionInterceptor.class); @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { BeanFactory factory = WebApplicationContextUtils.getRequiredWebApplicationContext(request.getServletContext()); AdminService adminService = (AdminService) factory.getBean("adminService"); System.out.println(request.getContextPath()); Subject currentUser = SecurityUtils.getSubject(); //判断用户是通过记住我功能自动登录,此时session失效 if(!currentUser.isAuthenticated() && currentUser.isRemembered()){ try { Admin admin = adminService.findByUsername(currentUser.getPrincipals().toString()); //对密码进行加密后验证 UsernamePasswordToken token = new UsernamePasswordToken(admin.getUsername(), admin.getPassword(),currentUser.isRemembered()); //把当前用户放入session currentUser.login(token); Session session = currentUser.getSession(); session.setAttribute(SysConstant.SESSION_ADMIN,admin); //设置会话的过期时间--ms,默认是30分钟,设置负数表示永不过期 session.setTimeout(30*60*1000L); }catch (Exception e){ //自动登录失败,跳转到登录页面 //response.sendRedirect(request.getContextPath()+"/system/employee/sign/in"); ajaxReturn(response, 4000, "unauthorized"); return false; } if(!currentUser.isAuthenticated()){ //自动登录失败,跳转到登录页面 ajaxReturn(response, 4000, "unauthorized"); return false; } } return true; } public void ajaxReturn(HttpServletResponse response, int code, String msg) throws IOException, JSONException { response.setCharacterEncoding("UTF-8"); response.setContentType("text/json; charset=UTF-8"); PrintWriter out = response.getWriter(); JSONObject json = new JSONObject(); json.put("code", code); json.put("message", msg); out.print(json.toString()); out.flush(); out.close(); } public String getRemoteIp(HttpServletRequest request) { if (StringUtils.isNotBlank(request.getHeader("X-Real-IP"))) { return request.getHeader("X-Real-IP"); } else if (StringUtils.isNotBlank(request.getHeader("X-Forwarded-For"))) { return request.getHeader("X-Forwarded-For"); } else if (StringUtils.isNotBlank(request.getHeader("Proxy-Client-IP"))) { return request.getHeader("Proxy-Client-IP"); } return request.getRemoteAddr(); } @Override public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception { } @Override public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception { } }