新增登录互踢功能

stmms-biz/src/main/java/cn/com/qmth/stmms/biz/exam/model/Marker.java

@@ -101,6 +101,12 @@ public class Marker implements Serializable {
     @ExcelField(title = "大题", align = 2, sort = 20)
     private String groupName;
 
+    /**
+     * 登录token
+     */
+    @Column(name = "web_token")
+    private String webToken;
+
     @Transient
     private int number;
 
@@ -351,4 +357,12 @@ public class Marker implements Serializable {
         this.markSetting = markSetting;
     }
 
+    public String getWebToken() {
+        return webToken;
+    }
+
+    public void setWebToken(String webToken) {
+        this.webToken = webToken;
+    }
+
 }

stmms-biz/src/main/java/cn/com/qmth/stmms/biz/user/model/User.java

@@ -87,6 +87,12 @@ public class User implements Serializable {
     @Column(name = "updated_time")
     private Date updatedTime;
 
+    /**
+     * 登录token
+     */
+    @Column(name = "web_token")
+    private String webToken;
+
     public Integer getId() {
         return id;
     }
@@ -183,4 +189,12 @@ public class User implements Serializable {
         this.enable = enable;
     }
 
+    public String getWebToken() {
+        return webToken;
+    }
+
+    public void setWebToken(String webToken) {
+        this.webToken = webToken;
+    }
+
 }

stmms-web/src/main/java/cn/com/qmth/stmms/admin/interceptor/AdminInterceptor.java

@@ -24,15 +24,15 @@ public class AdminInterceptor extends CommonInterceptor {
     private UserService userService;
 
     @Override
-    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
-            throws Exception {
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
         return validateAdminUser(request, response);
     }
 
     private boolean validateAdminUser(HttpServletRequest request, HttpServletResponse response) throws Exception {
         User user = buildUser(RequestUtils.getWebUser(request));
-        if (user != null && (user.getRole() == Role.SYS_ADMIN || user.getRole() == Role.SCHOOL_ADMIN
-                || user.getRole() == Role.SUBJECT_HEADER || user.getRole() == Role.SCHOOL_VIEWER)) {
+        if (user != null
+                && (user.getRole() == Role.SYS_ADMIN || user.getRole() == Role.SCHOOL_ADMIN
+                        || user.getRole() == Role.SUBJECT_HEADER || user.getRole() == Role.SCHOOL_VIEWER)) {
             return true;
         }
         return sessionExpire(request, response, "/login");
@@ -41,9 +41,13 @@ public class AdminInterceptor extends CommonInterceptor {
     protected User buildUser(WebUser wu) {
         User user = null;
         if (wu != null) {
+            User local = userService.findById(wu.getId());
+            if (!wu.getWebToken().equals(local.getWebToken())) {
+                return null;
+            }
             user = wu.getUser();
             if (user == null) {
-                user = userService.findById(wu.getId());
+                user = local;
                 if (user != null) {
                     wu.setDataObject(user);
                     wu.setName(user.getName());

stmms-web/src/main/java/cn/com/qmth/stmms/common/controller/LoginController.java

@@ -1,6 +1,7 @@
 package cn.com.qmth.stmms.common.controller;
 
 import java.util.Date;
+import java.util.UUID;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -51,7 +52,7 @@ public class LoginController {
     @RequestMapping(value = "/login", method = RequestMethod.GET)
     public ModelAndView login(HttpServletRequest request) {
         StmmsSession session = RequestUtils.getSession(request);
-        session.setParameter(LOGIN_TYPE_KEY,null);
+        session.setParameter(LOGIN_TYPE_KEY, null);
         ModelAndView view = new ModelAndView("modules/sys/login");
         view.addObject("indexLogo", indexLogo);
         view.addObject("showType", "admin-login");
@@ -69,9 +70,11 @@ public class LoginController {
                 if (u.getPassword().equals(Md5EncryptUtils.md5(user.getPassword()))) {
                     u.setLastLoginTime(new Date());
                     u.setLastLoginIp(request.getRemoteAddr());
+                    String webToken = UUID.randomUUID().toString();
+                    u.setWebToken(webToken);
                     userService.save(u);
 
-                    new WebUser(u.getId(), u.getRole()).writeToSession(session);
+                    new WebUser(u.getId(), u.getRole(), webToken).writeToSession(session);
 
                     if (u.getRole() == Role.SYS_ADMIN || u.getRole() == Role.SCHOOL_ADMIN
                             || u.getRole() == Role.SUBJECT_HEADER || u.getRole() == Role.SCHOOL_VIEWER) {
@@ -98,7 +101,7 @@ public class LoginController {
                 modelAndView.addObject("indexLogo", indexLogo);
                 return modelAndView;
             }
-        } else if("mark-login".equals(showType)||"mark-login".equals(loginType)){
+        } else if ("mark-login".equals(showType) || "mark-login".equals(loginType)) {
             Marker marker = markerService.findByLoginName(user.getLoginName());
             if (marker != null) {
                 ModelAndView modelAndView = new ModelAndView("modules/sys/login");
@@ -128,16 +131,17 @@ public class LoginController {
                     modelAndView.addObject("indexLogo", indexLogo);
                     return modelAndView;
                 }
-
-                new WebUser(marker.getId(), Role.MARKER).writeToSession(RequestUtils.getSession(request));
-
+                String webToken = UUID.randomUUID().toString();
+                new WebUser(marker.getId(), Role.MARKER, webToken).writeToSession(RequestUtils.getSession(request));
+                marker.setWebToken(webToken);
+                marker.setLastLoginIp(request.getRemoteAddr());
                 if (marker.getLastLoginTime() == null) {
-                    return new ModelAndView("redirect:/mark/reset");
-                } else {
                     marker.setLastLoginTime(new Date());
-                    marker.setLastLoginIp(request.getRemoteAddr());
                     markerService.save(marker);
+                    return new ModelAndView("redirect:/mark/reset");
                 }
+                marker.setLastLoginTime(new Date());
+                markerService.save(marker);
                 return new ModelAndView("redirect:/mark/index");
             }
 
@@ -146,15 +150,15 @@ public class LoginController {
             view.addObject("showType", showType);
             view.addObject("indexLogo", indexLogo);
             return view;
-        } else{
-        	return new ModelAndView("redirect:/login");
+        } else {
+            return new ModelAndView("redirect:/login");
         }
     }
 
     @RequestMapping(value = "/mark-login", method = RequestMethod.GET)
     public ModelAndView markIndex(HttpServletRequest request) {
-    	StmmsSession session = RequestUtils.getSession(request);
-    	session.setParameter(LOGIN_TYPE_KEY, "mark-login");
+        StmmsSession session = RequestUtils.getSession(request);
+        session.setParameter(LOGIN_TYPE_KEY, "mark-login");
         ModelAndView view = new ModelAndView("modules/sys/login");
         view.addObject(LOGIN_TYPE_KEY, "mark-login");
         view.addObject("indexLogo", indexLogo);
@@ -181,5 +185,4 @@ public class LoginController {
         }
     }
 
-    
 }

stmms-web/src/main/java/cn/com/qmth/stmms/common/domain/WebUser.java

@@ -19,6 +19,8 @@ public class WebUser {
 
     private static final String SESSION_USER_ROLE_KEY = "_web_user_role_";
 
+    private static final String SESSION_USER_TOKEN_KEY = "_web_user_token_";
+
     private Integer id;
 
     private String name;
@@ -27,9 +29,12 @@ public class WebUser {
 
     private Object userData;
 
-    public WebUser(Integer id, Role role) {
+    private String webToken;
+
+    public WebUser(Integer id, Role role, String webToken) {
         this.id = id;
         this.role = role;
+        this.webToken = webToken;
 
         if (id == null || role == null) {
             throw new IllegalArgumentException("webUser init error!");
@@ -39,15 +44,17 @@ public class WebUser {
     public void writeToSession(StmmsSession session) {
         session.setParameter(SESSION_USER_ID_KEY, String.valueOf(id));
         session.setParameter(SESSION_USER_ROLE_KEY, String.valueOf(role.getValue()));
+        session.setParameter(SESSION_USER_TOKEN_KEY, webToken);
     }
 
     public static WebUser buildFromSession(StmmsSession session) {
         WebUser wu = null;
         String userId = StringUtils.trimToNull(session.getParameter(SESSION_USER_ID_KEY));
         String userRole = StringUtils.trimToNull(session.getParameter(SESSION_USER_ROLE_KEY));
+        String webToken = StringUtils.trimToNull(session.getParameter(SESSION_USER_TOKEN_KEY));
         if (StringUtils.isNumeric(userId) && StringUtils.isNumeric(userRole)) {
             try {
-                wu = new WebUser(Integer.valueOf(userId), Role.findByValue(Integer.valueOf(userRole)));
+                wu = new WebUser(Integer.valueOf(userId), Role.findByValue(Integer.valueOf(userRole)), webToken);
             } catch (Exception e) {
             }
         }
@@ -93,9 +100,17 @@ public class WebUser {
     public boolean isSchoolAdmin() {
         return role == Role.SCHOOL_ADMIN;
     }
-    
+
     public boolean isSchoolViewer() {
         return role == Role.SCHOOL_VIEWER;
     }
 
+    public String getWebToken() {
+        return webToken;
+    }
+
+    public void setWebToken(String webToken) {
+        this.webToken = webToken;
+    }
+
 }

stmms-web/src/main/java/cn/com/qmth/stmms/common/interceptor/CommonInterceptor.java

@@ -30,8 +30,7 @@ public class CommonInterceptor extends HandlerInterceptorAdapter {
     private SessionService sessionService;
 
     @Override
-    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
-            throws Exception {
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
         buildWebUser(request, response);
         return true;
     }
@@ -83,6 +82,24 @@ public class CommonInterceptor extends HandlerInterceptorAdapter {
         return false;
     }
 
+    /**
+     * 强制失效session，执行请求跳转
+     * 
+     * @param request
+     * @param response
+     * @param redirectURI
+     * @return
+     * @throws IOException
+     */
+    protected boolean sessionExpireStatus(HttpServletRequest request, HttpServletResponse response, String redirectURI)
+            throws IOException {
+        StmmsSession session = RequestUtils.getSession(request);
+        session.setInvalid(true);
+        response.sendError(HttpServletResponse.SC_UNAUTHORIZED, redirectURI);
+        sessionService.put(request, response, session);
+        return false;
+    }
+
     /**
      * 从session中构造WebUser对象
      * 

stmms-web/src/main/java/cn/com/qmth/stmms/mark/interceptor/MarkInterceptor.java

@@ -23,8 +23,7 @@ public class MarkInterceptor extends CommonInterceptor {
     private MarkerService markerService;
 
     @Override
-    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
-            throws Exception {
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
         String uri = RequestUtils.getURI(request);
         Marker marker = buildMarker(RequestUtils.getWebUser(request));
         if (marker != null) {
@@ -36,15 +35,22 @@ public class MarkInterceptor extends CommonInterceptor {
             }
             return true;
         }
-        return sessionExpire(request, response, "/mark-login");
+        if (uri.endsWith("mark/index")) {
+            return redirect(request, response, "/mark-login");
+        }
+        return sessionExpireStatus(request, response, "/mark-login");
     }
 
     private Marker buildMarker(WebUser wu) {
         Marker marker = null;
         if (wu != null && !wu.isSchoolAdmin() && !wu.isSchoolViewer() && !wu.isSubjectHeader()) {
+            Marker local = markerService.findById(wu.getId());
+            if (!wu.getWebToken().equals(local.getWebToken())) {
+                return null;
+            }
             marker = wu.getMarker();
             if (marker == null) {
-                marker = markerService.findById(wu.getId());
+                marker = local;
                 if (marker != null) {
                     wu.setDataObject(marker);
                     wu.setName(marker.getName());

stmms-web/src/main/webapp/WEB-INF/application.properties

@@ -1,9 +1,9 @@
 #jdbc config
 driverClassName=com.mysql.jdbc.Driver
 #jdbc config
-url=jdbc:mysql://192.168.10.208:3306/stmms_ft_201805?useUnicode=true&characterEncoding=UTF-8
+url=jdbc:mysql://localhost:3306/stmms_ft?useUnicode=true&characterEncoding=UTF-8
 username=root
-password=123456
+password=root
 
 #cookie config
 cookie.max.age=36000

stmms-web/src/main/webapp/WEB-INF/views/modules/mark/markNew.jsp

@@ -40,6 +40,13 @@
 <body>
 	<div class="container-fluid" id="container"></div>
 	<script type="text/javascript">
+	$(document).ajaxError(function(evt, req, settings){
+		if(req.status==401) {
+			alert("权限失效，请重新登录！");
+			 window.location.href = req.statusText;
+       	}
+	});
+
 		$(document).ready(function() {
 			var mc = new MarkControl({
 				container : $('#container'),

stmms-web/src/main/webapp/WEB-INF/views/modules/mark/markTrack.jsp

@@ -32,6 +32,13 @@
 <body>
 	<div class="container-fluid" id="container"></div>
 	<script type="text/javascript">
+	$(document).ajaxError(function(evt, req, settings){
+		if(req.status==401) {
+			alert("权限失效，请重新登录！");
+			 window.location.href = req.statusText;
+       	}
+	});
+
 		$(document).ready(function() {
 			var mc = new MarkControl({
 				container : $('#container'),

stmms-web/src/main/webapp/sql/stmms_ft.sql

@@ -88,6 +88,7 @@ CREATE TABLE `b_user` (
   `last_login_ip` varchar(64) DEFAULT NULL COMMENT '最后一次登录IP',
   `created_time` datetime NOT NULL COMMENT '创建时间',
   `updated_time` datetime DEFAULT NULL COMMENT '修改时间',
+  `web_token` varchar(128) DEFAULT NULL COMMENT '登录密钥',
   PRIMARY KEY (`id`),
   KEY `index1` (`login_name`),
   KEY `index2` (`school_id`,`enable`)
@@ -325,6 +326,7 @@ CREATE TABLE `eb_marker` (
   `valid_count` int(11) DEFAULT NULL COMMENT '有效数量',
   `class_count` int(11) NOT NULL COMMENT '班级数量',
   `mark_setting` text DEFAULT NULL COMMENT '个性化评卷参数设置',
+  `web_token` varchar(128) DEFAULT NULL COMMENT '登录密钥',
   PRIMARY KEY (`id`),
   KEY `index1` (`login_name`),
   KEY `index2` (`exam_id`,`subject_code`,`group_number`)
@@ -521,6 +523,42 @@ CREATE TABLE `m_trial_track` (
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='试评轨迹表';
 
 
+# Dump of table m_problem_type
+# ------------------------------------------------------------
+
+DROP TABLE IF EXISTS `m_problem_type`;
+CREATE TABLE `m_problem_type` (
+  `id` int(11) NOT NULL AUTO_INCREMENT COMMENT '主键',
+  `exam_id` int(11) NOT NULL COMMENT '考试ID',
+  `name` varchar(128) NOT NULL COMMENT '名称',
+  `is_custom` tinyint(1) NOT NULL COMMENT '是否自定义',
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='问题类型表';
+
+
+# Dump of table m_problem_history
+# ------------------------------------------------------------
+
+DROP TABLE IF EXISTS `m_problem_history`;
+CREATE TABLE `m_problem_history` (
+  `id` int(11) NOT NULL AUTO_INCREMENT COMMENT '主键',
+  `exam_id` int(11) NOT NULL COMMENT '考试ID',
+  `subject_code` varchar(255) NOT NULL DEFAULT '' COMMENT '科目代码',
+  `student_id` int(11) NOT NULL COMMENT '考生ID',
+  `library_id` int(11) NOT NULL COMMENT '评卷任务ID',
+  `exam_number` varchar(64) NOT NULL COMMENT '准考证号',
+  `problem_id` int(11) NOT NULL COMMENT '问题ID',
+  `status` varchar(11) NOT NULL COMMENT '状态',
+  `user_id` int(11) DEFAULT NULL COMMENT '操作人ID',
+  `total_score` float DEFAULT NULL COMMENT '总分',
+  `score_list` varchar(255) DEFAULT NULL COMMENT '给分分点',
+  `create_time` datetime NOT NULL,
+  `update_time` datetime DEFAULT NULL,
+  PRIMARY KEY (`id`),
+  KEY `index1` (`exam_id`,`subject_code`,`status`) USING BTREE
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='问题卷历史表';
+
+
 # Dump of table s_basic_group
 # ------------------------------------------------------------