优化Context信息,防止泄漏问题

This commit is contained in:
RuoYi 2022-08-22 10:24:20 +08:00
parent 9b3767a954
commit aadb7a41cb
5 changed files with 14 additions and 11 deletions

View File

@ -251,7 +251,7 @@ public class SysRoleController extends BaseController
/** /**
* 获取对应角色部门树列表 * 获取对应角色部门树列表
*/ */
@PreAuthorize("@ss.hasPermi('system:role:list')") @PreAuthorize("@ss.hasPermi('system:role:query')")
@GetMapping(value = "/deptTree/{roleId}") @GetMapping(value = "/deptTree/{roleId}")
public AjaxResult deptTree(@PathVariable("roleId") Long roleId) public AjaxResult deptTree(@PathVariable("roleId") Long roleId)
{ {
@ -260,5 +260,4 @@ public class SysRoleController extends BaseController
ajax.put("depts", deptService.selectDeptTreeList(new SysDept())); ajax.put("depts", deptService.selectDeptTreeList(new SysDept()));
return ajax; return ajax;
} }
} }

View File

@ -12,11 +12,6 @@ public class UserConstants
*/ */
public static final String SYS_USER = "SYS_USER"; public static final String SYS_USER = "SYS_USER";
/**
* ss标记的权限字符
*/
public static final String SS_PERMISSION = "SS_PERMISSION";
/** 正常状态 */ /** 正常状态 */
public static final String NORMAL = "0"; public static final String NORMAL = "0";

View File

@ -1,5 +1,9 @@
package com.ruoyi.framework.security.context; package com.ruoyi.framework.security.context;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
import com.ruoyi.common.core.text.Convert;
/** /**
* 权限信息 * 权限信息
* *
@ -7,15 +11,17 @@ package com.ruoyi.framework.security.context;
*/ */
public class PermissionContextHolder public class PermissionContextHolder
{ {
private static final ThreadLocal<String> contextHolder = new ThreadLocal<>(); private static final String PERMISSION_CONTEXT_ATTRIBUTES = "PERMISSION_CONTEXT";
public static void setContext(String permission) public static void setContext(String permission)
{ {
contextHolder.set(permission); RequestContextHolder.currentRequestAttributes().setAttribute(PERMISSION_CONTEXT_ATTRIBUTES, permission,
RequestAttributes.SCOPE_REQUEST);
} }
public static String getContext() public static String getContext()
{ {
return contextHolder.get(); return Convert.toStr(RequestContextHolder.currentRequestAttributes().getAttribute(PERMISSION_CONTEXT_ATTRIBUTES,
RequestAttributes.SCOPE_REQUEST));
} }
} }

View File

@ -89,6 +89,10 @@ public class SysLoginService
throw new ServiceException(e.getMessage()); throw new ServiceException(e.getMessage());
} }
} }
finally
{
AuthenticationContextHolder.clearContext();
}
AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success"))); AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success")));
LoginUser loginUser = (LoginUser) authentication.getPrincipal(); LoginUser loginUser = (LoginUser) authentication.getPrincipal();
recordLoginInfo(loginUser.getUserId()); recordLoginInfo(loginUser.getUserId());

View File

@ -118,7 +118,6 @@
where m.status = '0' and rm.role_id = #{roleId} where m.status = '0' and rm.role_id = #{roleId}
</select> </select>
<select id="selectMenuById" parameterType="Long" resultMap="SysMenuResult"> <select id="selectMenuById" parameterType="Long" resultMap="SysMenuResult">
<include refid="selectMenuVo"/> <include refid="selectMenuVo"/>
where menu_id = #{menuId} where menu_id = #{menuId}