bug修复

distributed-print/src/main/java/com/qmth/distributed/print/auth/DistributedPrintAuthenticationService.java

@@ -12,6 +12,7 @@ import com.qmth.teachcloud.common.enums.PrivilegePropertyEnum;
 import com.qmth.teachcloud.common.enums.RoleTypeEnum;
 import com.qmth.teachcloud.common.service.CacheService;
 import com.qmth.teachcloud.common.service.TBSessionService;
+import com.qmth.teachcloud.common.util.RedisUtil;
 import com.qmth.teachcloud.common.util.ServletUtil;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -29,10 +30,10 @@ public class DistributedPrintAuthenticationService implements AuthorizationServi
     private final static Logger log = LoggerFactory.getLogger(DistributedPrintAuthenticationService.class);
 
     @Resource
-    TBSessionService tbSessionService;
+    CacheService cacheService;
 
     @Resource
-    CacheService cacheService;
+    RedisUtil redisUtil;
 
     @Override
     public AccessEntity findByIdentity(String identity, SignatureType signatureType, String path) {
@@ -42,7 +43,15 @@ public class DistributedPrintAuthenticationService implements AuthorizationServi
     @Override
     public boolean hasPermission(AccessEntity accessEntity, String path) {
         if (Objects.nonNull(accessEntity) && Objects.nonNull(accessEntity.getIdentity())) {
-            TBSession tbSession = tbSessionService.getById(accessEntity.getIdentity());
+            TBSession tbSession = (TBSession) redisUtil.getUserSession(accessEntity.getIdentity());
+            if (Objects.isNull(tbSession)) {
+                log.warn("Authorization faile: session id not exists: " + accessEntity.getIdentity());
+                throw ExceptionResultEnum.NOT_LOGIN.exception();
+            }
+            if (tbSession.getExpireTime() <= System.currentTimeMillis()) {
+                log.warn("Authorization faile: session has expired, expire time=" + tbSession.getExpireTime());
+                throw ExceptionResultEnum.NOT_LOGIN.exception();
+            }
             List<String> privilegeUrl = cacheService.privilegeUrlCache(PrivilegePropertyEnum.NO_AUTH);
             //无需鉴权的url
             int noAuthCount = Objects.nonNull(privilegeUrl) ? (int) privilegeUrl.stream().filter(s -> s.equalsIgnoreCase(path)).count() : 0;

teachcloud-report/src/main/java/com/qmth/teachcloud/report/auth/TeachcloudReportAuthenticationService.java

@@ -11,7 +11,7 @@ import com.qmth.teachcloud.common.enums.ExceptionResultEnum;
 import com.qmth.teachcloud.common.enums.PrivilegePropertyEnum;
 import com.qmth.teachcloud.common.enums.RoleTypeEnum;
 import com.qmth.teachcloud.common.service.CacheService;
-import com.qmth.teachcloud.common.service.TBSessionService;
+import com.qmth.teachcloud.common.util.RedisUtil;
 import com.qmth.teachcloud.common.util.ServletUtil;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -29,10 +29,10 @@ public class TeachcloudReportAuthenticationService implements AuthorizationServi
     private final static Logger log = LoggerFactory.getLogger(TeachcloudReportAuthenticationService.class);
 
     @Resource
-    TBSessionService tbSessionService;
+    CacheService cacheService;
 
     @Resource
-    CacheService cacheService;
+    RedisUtil redisUtil;
 
     @Override
     public AccessEntity findByIdentity(String identity, SignatureType signatureType, String path) {
@@ -42,7 +42,15 @@ public class TeachcloudReportAuthenticationService implements AuthorizationServi
     @Override
     public boolean hasPermission(AccessEntity accessEntity, String path) {
         if (Objects.nonNull(accessEntity) && Objects.nonNull(accessEntity.getIdentity())) {
-            TBSession tbSession = tbSessionService.getById(accessEntity.getIdentity());
+            TBSession tbSession = (TBSession) redisUtil.getUserSession(accessEntity.getIdentity());
+            if (Objects.isNull(tbSession)) {
+                log.warn("Authorization faile: session id not exists: " + accessEntity.getIdentity());
+                throw ExceptionResultEnum.NOT_LOGIN.exception();
+            }
+            if (tbSession.getExpireTime() <= System.currentTimeMillis()) {
+                log.warn("Authorization faile: session has expired, expire time=" + tbSession.getExpireTime());
+                throw ExceptionResultEnum.NOT_LOGIN.exception();
+            }
             List<String> privilegeUrl = cacheService.privilegeUrlCache(PrivilegePropertyEnum.NO_AUTH);
             //无需鉴权的url
             int noAuthCount = Objects.nonNull(privilegeUrl) ? (int) privilegeUrl.stream().filter(s -> s.equalsIgnoreCase(path)).count() : 0;