SecurityFrameworkUtils 返回用户信息时，增加判断逻辑，保证正确性

2021-03-09 00:35:04 +08:00 · 2021-03-09 00:35:04 +08:00 · d79bf7956c
parent ad54e58acd
commit d79bf7956c
2 changed files with 27 additions and 8 deletions
--- a/src/main/java/cn/iocoder/dashboard/framework/security/core/util/SecurityFrameworkUtils.java
+++ b/src/main/java/cn/iocoder/dashboard/framework/security/core/util/SecurityFrameworkUtils.java
@ -2,7 +2,10 @@ package cn.iocoder.dashboard.framework.security.core.util;

 import cn.iocoder.dashboard.framework.security.core.LoginUser;
 import cn.iocoder.dashboard.framework.web.core.util.WebFrameworkUtils;
+import org.springframework.lang.Nullable;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
 import org.springframework.util.StringUtils;
@ -40,9 +43,20 @@ public class SecurityFrameworkUtils {

    /**
     * 获取当前用户
+     *
+     * @return 当前用户
     */
+    @Nullable
    public static LoginUser getLoginUser() {
-        return (LoginUser) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
+        SecurityContext context = SecurityContextHolder.getContext();
+        if (context == null) {
+            return null;
+        }
+        Authentication authentication = context.getAuthentication();
+        if (authentication == null) {
+            return null;
+        }
+        return (LoginUser) authentication.getPrincipal();
    }

    /**
@ -50,8 +64,10 @@ public class SecurityFrameworkUtils {
     *
     * @return 用户编号
     */
+    @Nullable
    public static Long getLoginUserId() {
-        return getLoginUser().getId();
+        LoginUser loginUser = getLoginUser();
+        return loginUser != null ? loginUser.getId() : null;
    }

    /**
@ -59,8 +75,10 @@ public class SecurityFrameworkUtils {
     *
     * @return 角色编号数组
     */
+    @Nullable
    public static Set<Long> getLoginUserRoleIds() {
-        return getLoginUser().getRoleIds();
+        LoginUser loginUser = getLoginUser();
+        return loginUser != null ? loginUser.getRoleIds() : null;
    }

    /**
--- a/src/main/java/cn/iocoder/dashboard/modules/system/service/auth/impl/SysAuthServiceImpl.java
+++ b/src/main/java/cn/iocoder/dashboard/modules/system/service/auth/impl/SysAuthServiceImpl.java
@ -162,22 +162,23 @@ public class SysAuthServiceImpl implements SysAuthService {
    public void logout(String token) {
        // 查询用户信息
        LoginUser loginUser = userSessionService.getLoginUser(token);
-        if(loginUser == null) {
+        if (loginUser == null) {
            return;
        }
-        // 删除session
+        // 删除 session
        userSessionService.deleteUserSession(token);
-        this.createLogoutLog(loginUser.getUsername(), SysLoginResultEnum.SUCCESS);
+        // 记录登出日子和
+        this.createLogoutLog(loginUser.getUsername());
    }

-    private void createLogoutLog(String username, SysLoginResultEnum loginResult) {
+    private void createLogoutLog(String username) {
        SysLoginLogCreateReqVO reqVO = new SysLoginLogCreateReqVO();
        reqVO.setLogType(SysLoginLogTypeEnum.LOGOUT_SELF.getType());
        reqVO.setTraceId(TracerUtils.getTraceId());
        reqVO.setUsername(username);
        reqVO.setUserAgent(ServletUtils.getUserAgent());
        reqVO.setUserIp(ServletUtils.getClientIP());
-        reqVO.setResult(loginResult.getResult());
+        reqVO.setResult(SysLoginResultEnum.SUCCESS.getResult());
        loginLogService.createLoginLog(reqVO);
    }