增强权限校验,采用动态登录TOKEN;
This commit is contained in:
parent
bdf5837e26
commit
049091c4a8
|
@ -767,9 +767,12 @@ Tips: 历史版本(V1.3.x)目前已经Release至稳定版本, 进入维护阶段
|
||||||
- 9、GLUE模式任务实例更新逻辑优化,原根据超时时间更新改为根据版本号更新,源码变动版本号加一;
|
- 9、GLUE模式任务实例更新逻辑优化,原根据超时时间更新改为根据版本号更新,源码变动版本号加一;
|
||||||
|
|
||||||
#### 6.12 版本 V1.6.1 特性 (Coding)
|
#### 6.12 版本 V1.6.1 特性 (Coding)
|
||||||
- 1、通讯协议二进制据增强校验,处理非正常请求;
|
- 1、通讯协议二进制据增强校验,拦截非正常请求;
|
||||||
- 2、数据库地址配置优化;
|
- 2、数据库地址配置优化;
|
||||||
- 2、rolling日志,日志界面风格同glue任务编辑器;
|
- 3、WebIDE交互重构;
|
||||||
|
- 4、前端部分组件优化;
|
||||||
|
- 5、增强权限校验,采用动态登录TOKEN;
|
||||||
|
- 5、rolling日志,日志界面风格同glue任务编辑器;
|
||||||
|
|
||||||
|
|
||||||
#### TODO LIST
|
#### TODO LIST
|
||||||
|
|
|
@ -2,11 +2,13 @@ package com.xxl.job.admin.controller.interceptor;
|
||||||
|
|
||||||
import com.xxl.job.admin.controller.annotation.PermessionLimit;
|
import com.xxl.job.admin.controller.annotation.PermessionLimit;
|
||||||
import com.xxl.job.admin.core.util.CookieUtil;
|
import com.xxl.job.admin.core.util.CookieUtil;
|
||||||
|
import com.xxl.job.admin.core.util.PropertiesUtil;
|
||||||
import org.springframework.web.method.HandlerMethod;
|
import org.springframework.web.method.HandlerMethod;
|
||||||
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
|
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
import java.math.BigInteger;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 权限拦截, 简易版
|
* 权限拦截, 简易版
|
||||||
|
@ -15,10 +17,16 @@ import javax.servlet.http.HttpServletResponse;
|
||||||
public class PermissionInterceptor extends HandlerInterceptorAdapter {
|
public class PermissionInterceptor extends HandlerInterceptorAdapter {
|
||||||
|
|
||||||
public static final String LOGIN_IDENTITY_KEY = "LOGIN_IDENTITY";
|
public static final String LOGIN_IDENTITY_KEY = "LOGIN_IDENTITY";
|
||||||
public static final String LOGIN_IDENTITY_VAL = "sdf!121sdf$78sd!8";
|
public static final String LOGIN_IDENTITY_TOKEN;
|
||||||
|
static {
|
||||||
|
String username = PropertiesUtil.getString("xxl.job.login.username");
|
||||||
|
String password = PropertiesUtil.getString("xxl.job.login.password");
|
||||||
|
String temp = username + "_" + password;
|
||||||
|
LOGIN_IDENTITY_TOKEN = new BigInteger(1, temp.getBytes()).toString(16);
|
||||||
|
}
|
||||||
|
|
||||||
public static boolean login(HttpServletResponse response, boolean ifRemember){
|
public static boolean login(HttpServletResponse response, boolean ifRemember){
|
||||||
CookieUtil.set(response, LOGIN_IDENTITY_KEY, LOGIN_IDENTITY_VAL, ifRemember);
|
CookieUtil.set(response, LOGIN_IDENTITY_KEY, LOGIN_IDENTITY_TOKEN, ifRemember);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
public static void logout(HttpServletRequest request, HttpServletResponse response){
|
public static void logout(HttpServletRequest request, HttpServletResponse response){
|
||||||
|
@ -26,7 +34,7 @@ public class PermissionInterceptor extends HandlerInterceptorAdapter {
|
||||||
}
|
}
|
||||||
public static boolean ifLogin(HttpServletRequest request){
|
public static boolean ifLogin(HttpServletRequest request){
|
||||||
String indentityInfo = CookieUtil.getValue(request, LOGIN_IDENTITY_KEY);
|
String indentityInfo = CookieUtil.getValue(request, LOGIN_IDENTITY_KEY);
|
||||||
if (indentityInfo==null || !LOGIN_IDENTITY_VAL.equals(indentityInfo.trim())) {
|
if (indentityInfo==null || !LOGIN_IDENTITY_TOKEN.equals(indentityInfo.trim())) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
|
@ -43,7 +51,9 @@ public class PermissionInterceptor extends HandlerInterceptorAdapter {
|
||||||
HandlerMethod method = (HandlerMethod)handler;
|
HandlerMethod method = (HandlerMethod)handler;
|
||||||
PermessionLimit permission = method.getMethodAnnotation(PermessionLimit.class);
|
PermessionLimit permission = method.getMethodAnnotation(PermessionLimit.class);
|
||||||
if (permission == null || permission.limit()) {
|
if (permission == null || permission.limit()) {
|
||||||
throw new Exception("登陆失效");
|
response.sendRedirect("/toLogin");
|
||||||
|
//request.getRequestDispatcher("/toLogin").forward(request, response);
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -22,18 +22,10 @@
|
||||||
|
|
||||||
<div class="dialog">
|
<div class="dialog">
|
||||||
<h1>应用程序异常</h1>
|
<h1>应用程序异常</h1>
|
||||||
<p>抱歉!您访问的页面出现异常,请稍后重试或联系管理员。</p>
|
<p>${exceptionMsg}</p>
|
||||||
<p><a href="javascript:showErr();">详 情</a>
|
|
||||||
<a href="javascript:window.location.href='${request.contextPath}/'">返 回</a>
|
<a href="javascript:window.location.href='${request.contextPath}/'">返 回</a>
|
||||||
</p>
|
</p>
|
||||||
<div style="display:none;text-align: left;" id="err">${exceptionMsg}</div>
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<script type="text/javascript">
|
|
||||||
function showErr(){
|
|
||||||
document.getElementById("err").style.display = "";
|
|
||||||
}
|
|
||||||
</script>
|
|
||||||
|
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
|
@ -35,7 +35,7 @@
|
||||||
<#-- left nav -->
|
<#-- left nav -->
|
||||||
<div class="collapse navbar-collapse pull-left" id="navbar-collapse">
|
<div class="collapse navbar-collapse pull-left" id="navbar-collapse">
|
||||||
<ul class="nav navbar-nav">
|
<ul class="nav navbar-nav">
|
||||||
<li class="active" ><a href="#">任务:${jobInfo.jobDesc}<span class="sr-only">(current)</span></a></li>
|
<li class="active" ><a href="javascript:;">任务:${jobInfo.jobDesc}<span class="sr-only">(current)</span></a></li>
|
||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -79,7 +79,7 @@
|
||||||
<div class="modal-dialog ">
|
<div class="modal-dialog ">
|
||||||
<div class="modal-content">
|
<div class="modal-content">
|
||||||
<div class="modal-header">
|
<div class="modal-header">
|
||||||
<h4 class="modal-title" ><i class="fa fa-bars"></i>保存</h4>
|
<h4 class="modal-title" ><i class="fa fa-fw fa-save"></i>保存</h4>
|
||||||
</div>
|
</div>
|
||||||
<div class="modal-body">
|
<div class="modal-body">
|
||||||
<form class="form-horizontal form" role="form" >
|
<form class="form-horizontal form" role="form" >
|
||||||
|
|
Loading…
Reference in New Issue