ak
/
xx-job
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

增强权限校验,采用动态登录TOKEN;

This commit is contained in:
xueli.xue 2017-03-22 20:36:46 +08:00
parent bdf5837e26
commit 049091c4a8
4 changed files with 23 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
README.md
View File

@ -767,9 +767,12 @@ Tips: 历史版本(V1.3.x)目前已经Release至稳定版本, 进入维护阶段
- 9、GLUE模式任务实例更新逻辑优化原根据超时时间更新改为根据版本号更新源码变动版本号加一 - 9、GLUE模式任务实例更新逻辑优化原根据超时时间更新改为根据版本号更新源码变动版本号加一
#### 6.12 版本 V1.6.1 特性 (Coding) #### 6.12 版本 V1.6.1 特性 (Coding)
- 1、通讯协议二进制据增强校验处理非正常请求; - 1、通讯协议二进制据增强校验拦截非正常请求;
- 2、数据库地址配置优化 - 2、数据库地址配置优化
- 2、rolling日志日志界面风格同glue任务编辑器 - 3、WebIDE交互重构
- 4、前端部分组件优化
- 5、增强权限校验采用动态登录TOKEN
- 5、rolling日志日志界面风格同glue任务编辑器
#### TODO LIST #### TODO LIST

18
xxl-job-admin/src/main/java/com/xxl/job/admin/controller/interceptor/PermissionInterceptor.java
View File

@ -2,11 +2,13 @@ package com.xxl.job.admin.controller.interceptor;
import com.xxl.job.admin.controller.annotation.PermessionLimit; import com.xxl.job.admin.controller.annotation.PermessionLimit;
import com.xxl.job.admin.core.util.CookieUtil; import com.xxl.job.admin.core.util.CookieUtil;
import com.xxl.job.admin.core.util.PropertiesUtil;
import org.springframework.web.method.HandlerMethod; import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import java.math.BigInteger;
/** /**
* 权限拦截, 简易版 * 权限拦截, 简易版
@ -15,10 +17,16 @@ import javax.servlet.http.HttpServletResponse;
public class PermissionInterceptor extends HandlerInterceptorAdapter { public class PermissionInterceptor extends HandlerInterceptorAdapter {
public static final String LOGIN_IDENTITY_KEY = "LOGIN_IDENTITY"; public static final String LOGIN_IDENTITY_KEY = "LOGIN_IDENTITY";
public static final String LOGIN_IDENTITY_VAL = "sdf!121sdf$78sd!8"; public static final String LOGIN_IDENTITY_TOKEN;
static {
String username = PropertiesUtil.getString("xxl.job.login.username");
String password = PropertiesUtil.getString("xxl.job.login.password");
String temp = username + "_" + password;
LOGIN_IDENTITY_TOKEN = new BigInteger(1, temp.getBytes()).toString(16);
}
public static boolean login(HttpServletResponse response, boolean ifRemember){ public static boolean login(HttpServletResponse response, boolean ifRemember){
CookieUtil.set(response, LOGIN_IDENTITY_KEY, LOGIN_IDENTITY_VAL, ifRemember); CookieUtil.set(response, LOGIN_IDENTITY_KEY, LOGIN_IDENTITY_TOKEN, ifRemember);
return true; return true;
} }
public static void logout(HttpServletRequest request, HttpServletResponse response){ public static void logout(HttpServletRequest request, HttpServletResponse response){
@ -26,7 +34,7 @@ public class PermissionInterceptor extends HandlerInterceptorAdapter {
} }
public static boolean ifLogin(HttpServletRequest request){ public static boolean ifLogin(HttpServletRequest request){
String indentityInfo = CookieUtil.getValue(request, LOGIN_IDENTITY_KEY); String indentityInfo = CookieUtil.getValue(request, LOGIN_IDENTITY_KEY);
if (indentityInfo==null || !LOGIN_IDENTITY_VAL.equals(indentityInfo.trim())) { if (indentityInfo==null || !LOGIN_IDENTITY_TOKEN.equals(indentityInfo.trim())) {
return false; return false;
} }
return true; return true;
@ -43,7 +51,9 @@ public class PermissionInterceptor extends HandlerInterceptorAdapter {
HandlerMethod method = (HandlerMethod)handler; HandlerMethod method = (HandlerMethod)handler;
PermessionLimit permission = method.getMethodAnnotation(PermessionLimit.class); PermessionLimit permission = method.getMethodAnnotation(PermessionLimit.class);
if (permission == null || permission.limit()) { if (permission == null || permission.limit()) {
throw new Exception("登陆失效"); response.sendRedirect("/toLogin");
//request.getRequestDispatcher("/toLogin").forward(request, response);
return false;
} }
} }

10
xxl-job-admin/src/main/webapp/WEB-INF/template/common/common.exception.ftl
View File

@ -22,18 +22,10 @@
<div class="dialog"> <div class="dialog">
<h1>应用程序异常</h1> <h1>应用程序异常</h1>
<p>抱歉您访问的页面出现异常请稍后重试或联系管理员</p> <p>${exceptionMsg}</p>
<p><a href="javascript:showErr();"> </a>
<a href="javascript:window.location.href='${request.contextPath}/'"> </a> <a href="javascript:window.location.href='${request.contextPath}/'"> </a>
</p> </p>
<div style="display:none;text-align: left;" id="err">${exceptionMsg}</div>
</div> </div>
<script type="text/javascript">
function showErr(){
document.getElementById("err").style.display = "";
}
</script>
</body> </body>
</html> </html>

4
xxl-job-admin/src/main/webapp/WEB-INF/template/jobcode/jobcode.index.ftl
View File

@ -35,7 +35,7 @@
<#-- left nav --> <#-- left nav -->
<div class="collapse navbar-collapse pull-left" id="navbar-collapse"> <div class="collapse navbar-collapse pull-left" id="navbar-collapse">
<ul class="nav navbar-nav"> <ul class="nav navbar-nav">
<li class="active" ><a href="#">任务:${jobInfo.jobDesc}<span class="sr-only">(current)</span></a></li> <li class="active" ><a href="javascript:;">任务:${jobInfo.jobDesc}<span class="sr-only">(current)</span></a></li>
</ul> </ul>
</div> </div>
@ -79,7 +79,7 @@
<div class="modal-dialog "> <div class="modal-dialog ">
<div class="modal-content"> <div class="modal-content">
<div class="modal-header"> <div class="modal-header">
<h4 class="modal-title" ><i class="fa fa-bars"></i>保存</h4> <h4 class="modal-title" ><i class="fa fa-fw fa-save"></i>保存</h4>
</div> </div>
<div class="modal-body"> <div class="modal-body">
<form class="form-horizontal form" role="form" > <form class="form-horizontal form" role="form" >