From 8d6a2305324438726e7c009c6249aa7aa1319e5f Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期一, 22 八月 2022 10:24:30 +0800
Subject: [PATCH] 优化Context信息,防止泄漏问题
---
src/main/java/com/ruoyi/common/constant/UserConstants.java | 5 -----
src/main/java/com/ruoyi/framework/security/service/SysLoginService.java | 4 ++++
src/main/java/com/ruoyi/project/system/controller/SysRoleController.java | 2 +-
src/main/java/com/ruoyi/framework/security/context/PermissionContextHolder.java | 12 +++++++++---
4 files changed, 14 insertions(+), 9 deletions(-)
diff --git a/src/main/java/com/ruoyi/common/constant/UserConstants.java b/src/main/java/com/ruoyi/common/constant/UserConstants.java
index 737c9d5..c6c7797 100644
--- a/src/main/java/com/ruoyi/common/constant/UserConstants.java
+++ b/src/main/java/com/ruoyi/common/constant/UserConstants.java
@@ -12,11 +12,6 @@
*/
public static final String SYS_USER = "SYS_USER";
- /**
- * ss鏍囪鐨勬潈闄愬瓧绗�
- */
- public static final String SS_PERMISSION = "SS_PERMISSION";
-
/** 姝e父鐘舵�� */
public static final String NORMAL = "0";
diff --git a/src/main/java/com/ruoyi/framework/security/context/PermissionContextHolder.java b/src/main/java/com/ruoyi/framework/security/context/PermissionContextHolder.java
index fcd93b6..2fcd65b 100644
--- a/src/main/java/com/ruoyi/framework/security/context/PermissionContextHolder.java
+++ b/src/main/java/com/ruoyi/framework/security/context/PermissionContextHolder.java
@@ -1,5 +1,9 @@
package com.ruoyi.framework.security.context;
+import org.springframework.web.context.request.RequestAttributes;
+import org.springframework.web.context.request.RequestContextHolder;
+import com.ruoyi.common.core.text.Convert;
+
/**
* 鏉冮檺淇℃伅
*
@@ -7,15 +11,17 @@
*/
public class PermissionContextHolder
{
- private static final ThreadLocal<String> contextHolder = new ThreadLocal<>();
+ private static final String PERMISSION_CONTEXT_ATTRIBUTES = "PERMISSION_CONTEXT";
public static void setContext(String permission)
{
- contextHolder.set(permission);
+ RequestContextHolder.currentRequestAttributes().setAttribute(PERMISSION_CONTEXT_ATTRIBUTES, permission,
+ RequestAttributes.SCOPE_REQUEST);
}
public static String getContext()
{
- return contextHolder.get();
+ return Convert.toStr(RequestContextHolder.currentRequestAttributes().getAttribute(PERMISSION_CONTEXT_ATTRIBUTES,
+ RequestAttributes.SCOPE_REQUEST));
}
}
diff --git a/src/main/java/com/ruoyi/framework/security/service/SysLoginService.java b/src/main/java/com/ruoyi/framework/security/service/SysLoginService.java
index 3261d3b..9b7380e 100644
--- a/src/main/java/com/ruoyi/framework/security/service/SysLoginService.java
+++ b/src/main/java/com/ruoyi/framework/security/service/SysLoginService.java
@@ -89,6 +89,10 @@
throw new ServiceException(e.getMessage());
}
}
+ finally
+ {
+ AuthenticationContextHolder.clearContext();
+ }
AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success")));
LoginUser loginUser = (LoginUser) authentication.getPrincipal();
recordLoginInfo(loginUser.getUserId());
diff --git a/src/main/java/com/ruoyi/project/system/controller/SysRoleController.java b/src/main/java/com/ruoyi/project/system/controller/SysRoleController.java
index 7bdd909..69f6366 100644
--- a/src/main/java/com/ruoyi/project/system/controller/SysRoleController.java
+++ b/src/main/java/com/ruoyi/project/system/controller/SysRoleController.java
@@ -251,7 +251,7 @@
/**
* 鑾峰彇瀵瑰簲瑙掕壊閮ㄩ棬鏍戝垪琛�
*/
- @PreAuthorize("@ss.hasPermi('system:role:list')")
+ @PreAuthorize("@ss.hasPermi('system:role:query')")
@GetMapping(value = "/deptTree/{roleId}")
public AjaxResult deptTree(@PathVariable("roleId") Long roleId)
{
--
Gitblit v1.9.3