diff --git a/README.md b/README.md index 9034fb2a..6cead382 100644 --- a/README.md +++ b/README.md @@ -767,9 +767,12 @@ Tips: 历史版本(V1.3.x)目前已经Release至稳定版本, 进入维护阶段 - 9、GLUE模式任务实例更新逻辑优化,原根据超时时间更新改为根据版本号更新,源码变动版本号加一; #### 6.12 版本 V1.6.1 特性 (Coding) -- 1、通讯协议二进制据增强校验,处理非正常请求; +- 1、通讯协议二进制据增强校验,拦截非正常请求; - 2、数据库地址配置优化; -- 2、rolling日志,日志界面风格同glue任务编辑器; +- 3、WebIDE交互重构; +- 4、前端部分组件优化; +- 5、增强权限校验,采用动态登录TOKEN; +- 5、rolling日志,日志界面风格同glue任务编辑器; #### TODO LIST diff --git a/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/interceptor/PermissionInterceptor.java b/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/interceptor/PermissionInterceptor.java index 97bcf5fc..d8ba4bef 100644 --- a/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/interceptor/PermissionInterceptor.java +++ b/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/interceptor/PermissionInterceptor.java @@ -2,11 +2,13 @@ package com.xxl.job.admin.controller.interceptor; import com.xxl.job.admin.controller.annotation.PermessionLimit; import com.xxl.job.admin.core.util.CookieUtil; +import com.xxl.job.admin.core.util.PropertiesUtil; import org.springframework.web.method.HandlerMethod; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import java.math.BigInteger; /** * 权限拦截, 简易版 @@ -15,10 +17,16 @@ import javax.servlet.http.HttpServletResponse; public class PermissionInterceptor extends HandlerInterceptorAdapter { public static final String LOGIN_IDENTITY_KEY = "LOGIN_IDENTITY"; - public static final String LOGIN_IDENTITY_VAL = "sdf!121sdf$78sd!8"; + public static final String LOGIN_IDENTITY_TOKEN; + static { + String username = PropertiesUtil.getString("xxl.job.login.username"); + String password = PropertiesUtil.getString("xxl.job.login.password"); + String temp = username + "_" + password; + LOGIN_IDENTITY_TOKEN = new BigInteger(1, temp.getBytes()).toString(16); + } public static boolean login(HttpServletResponse response, boolean ifRemember){ - CookieUtil.set(response, LOGIN_IDENTITY_KEY, LOGIN_IDENTITY_VAL, ifRemember); + CookieUtil.set(response, LOGIN_IDENTITY_KEY, LOGIN_IDENTITY_TOKEN, ifRemember); return true; } public static void logout(HttpServletRequest request, HttpServletResponse response){ @@ -26,7 +34,7 @@ public class PermissionInterceptor extends HandlerInterceptorAdapter { } public static boolean ifLogin(HttpServletRequest request){ String indentityInfo = CookieUtil.getValue(request, LOGIN_IDENTITY_KEY); - if (indentityInfo==null || !LOGIN_IDENTITY_VAL.equals(indentityInfo.trim())) { + if (indentityInfo==null || !LOGIN_IDENTITY_TOKEN.equals(indentityInfo.trim())) { return false; } return true; @@ -43,7 +51,9 @@ public class PermissionInterceptor extends HandlerInterceptorAdapter { HandlerMethod method = (HandlerMethod)handler; PermessionLimit permission = method.getMethodAnnotation(PermessionLimit.class); if (permission == null || permission.limit()) { - throw new Exception("登陆失效"); + response.sendRedirect("/toLogin"); + //request.getRequestDispatcher("/toLogin").forward(request, response); + return false; } } diff --git a/xxl-job-admin/src/main/webapp/WEB-INF/template/common/common.exception.ftl b/xxl-job-admin/src/main/webapp/WEB-INF/template/common/common.exception.ftl index 749b1f46..15e09b53 100644 --- a/xxl-job-admin/src/main/webapp/WEB-INF/template/common/common.exception.ftl +++ b/xxl-job-admin/src/main/webapp/WEB-INF/template/common/common.exception.ftl @@ -22,18 +22,10 @@
- -