package cn.ztuo.bitrade.interceptor;
import cn.ztuo.bitrade.constant.SysConstant;
import cn.ztuo.bitrade.entity.Admin;
import cn.ztuo.bitrade.service.AdminService;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.annotation.Logical;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.json.JSONException;
import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.BeanFactory;
import org.springframework.kafka.annotation.KafkaListener;
import org.springframework.stereotype.Component;
import org.springframework.web.context.support.WebApplicationContextUtils;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.io.PrintWriter;
@Component
public class SessionInterceptor implements HandlerInterceptor {
private static final Logger logger = LoggerFactory.getLogger(SessionInterceptor.class);
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
BeanFactory factory = WebApplicationContextUtils.getRequiredWebApplicationContext(request.getServletContext());
AdminService adminService = (AdminService) factory.getBean("adminService");
System.out.println(request.getContextPath());
Subject currentUser = SecurityUtils.getSubject();
//判断用户是通过记住我功能自动登录,此时session失效
if(!currentUser.isAuthenticated() && currentUser.isRemembered()){
try {
Admin admin = adminService.findByUsername(currentUser.getPrincipals().toString());
//对密码进行加密后验证
UsernamePasswordToken token = new UsernamePasswordToken(admin.getUsername(), admin.getPassword(),currentUser.isRemembered());
//把当前用户放入session
currentUser.login(token);
Session session = currentUser.getSession();
session.setAttribute(SysConstant.SESSION_ADMIN,admin);
//设置会话的过期时间--ms,默认是30分钟,设置负数表示永不过期
session.setTimeout(30*60*1000L);
}catch (Exception e){
//自动登录失败,跳转到登录页面
//response.sendRedirect(request.getContextPath()+"/system/employee/sign/in");
ajaxReturn(response, 4000, "unauthorized");
return false;
}
if(!currentUser.isAuthenticated()){
//自动登录失败,跳转到登录页面
ajaxReturn(response, 4000, "unauthorized");
return false;
}
}
return true;
}
public void ajaxReturn(HttpServletResponse response, int code, String msg) throws IOException, JSONException {
response.setCharacterEncoding("UTF-8");
response.setContentType("text/json; charset=UTF-8");
PrintWriter out = response.getWriter();
JSONObject json = new JSONObject();
json.put("code", code);
json.put("message", msg);
out.print(json.toString());
out.flush();
out.close();
}
public String getRemoteIp(HttpServletRequest request) {
if (StringUtils.isNotBlank(request.getHeader("X-Real-IP"))) {
return request.getHeader("X-Real-IP");
} else if (StringUtils.isNotBlank(request.getHeader("X-Forwarded-For"))) {
return request.getHeader("X-Forwarded-For");
} else if (StringUtils.isNotBlank(request.getHeader("Proxy-Client-IP"))) {
return request.getHeader("Proxy-Client-IP");
}
return request.getRemoteAddr();
}
@Override
public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
}
}
