SecurityFrameworkUtils 返回用户信息时,增加判断逻辑,保证正确性

This commit is contained in:
YunaiV 2021-03-09 00:35:04 +08:00
parent ad54e58acd
commit d79bf7956c
2 changed files with 27 additions and 8 deletions

View File

@ -2,7 +2,10 @@ package cn.iocoder.dashboard.framework.security.core.util;
import cn.iocoder.dashboard.framework.security.core.LoginUser; import cn.iocoder.dashboard.framework.security.core.LoginUser;
import cn.iocoder.dashboard.framework.web.core.util.WebFrameworkUtils; import cn.iocoder.dashboard.framework.web.core.util.WebFrameworkUtils;
import org.springframework.lang.Nullable;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.util.StringUtils; import org.springframework.util.StringUtils;
@ -40,9 +43,20 @@ public class SecurityFrameworkUtils {
/** /**
* 获取当前用户 * 获取当前用户
*
* @return 当前用户
*/ */
@Nullable
public static LoginUser getLoginUser() { public static LoginUser getLoginUser() {
return (LoginUser) SecurityContextHolder.getContext().getAuthentication().getPrincipal(); SecurityContext context = SecurityContextHolder.getContext();
if (context == null) {
return null;
}
Authentication authentication = context.getAuthentication();
if (authentication == null) {
return null;
}
return (LoginUser) authentication.getPrincipal();
} }
/** /**
@ -50,8 +64,10 @@ public class SecurityFrameworkUtils {
* *
* @return 用户编号 * @return 用户编号
*/ */
@Nullable
public static Long getLoginUserId() { public static Long getLoginUserId() {
return getLoginUser().getId(); LoginUser loginUser = getLoginUser();
return loginUser != null ? loginUser.getId() : null;
} }
/** /**
@ -59,8 +75,10 @@ public class SecurityFrameworkUtils {
* *
* @return 角色编号数组 * @return 角色编号数组
*/ */
@Nullable
public static Set<Long> getLoginUserRoleIds() { public static Set<Long> getLoginUserRoleIds() {
return getLoginUser().getRoleIds(); LoginUser loginUser = getLoginUser();
return loginUser != null ? loginUser.getRoleIds() : null;
} }
/** /**

View File

@ -167,17 +167,18 @@ public class SysAuthServiceImpl implements SysAuthService {
} }
// 删除 session // 删除 session
userSessionService.deleteUserSession(token); userSessionService.deleteUserSession(token);
this.createLogoutLog(loginUser.getUsername(), SysLoginResultEnum.SUCCESS); // 记录登出日子和
this.createLogoutLog(loginUser.getUsername());
} }
private void createLogoutLog(String username, SysLoginResultEnum loginResult) { private void createLogoutLog(String username) {
SysLoginLogCreateReqVO reqVO = new SysLoginLogCreateReqVO(); SysLoginLogCreateReqVO reqVO = new SysLoginLogCreateReqVO();
reqVO.setLogType(SysLoginLogTypeEnum.LOGOUT_SELF.getType()); reqVO.setLogType(SysLoginLogTypeEnum.LOGOUT_SELF.getType());
reqVO.setTraceId(TracerUtils.getTraceId()); reqVO.setTraceId(TracerUtils.getTraceId());
reqVO.setUsername(username); reqVO.setUsername(username);
reqVO.setUserAgent(ServletUtils.getUserAgent()); reqVO.setUserAgent(ServletUtils.getUserAgent());
reqVO.setUserIp(ServletUtils.getClientIP()); reqVO.setUserIp(ServletUtils.getClientIP());
reqVO.setResult(loginResult.getResult()); reqVO.setResult(SysLoginResultEnum.SUCCESS.getResult());
loginLogService.createLoginLog(reqVO); loginLogService.createLoginLog(reqVO);
} }