diff --git a/backend/src/main/java/io/metersphere/controller/LoginController.java b/backend/src/main/java/io/metersphere/controller/LoginController.java index 4cb84d1e4e..5099706ff5 100644 --- a/backend/src/main/java/io/metersphere/controller/LoginController.java +++ b/backend/src/main/java/io/metersphere/controller/LoginController.java @@ -35,7 +35,8 @@ public class LoginController { try { subject.login(token); if (subject.isAuthenticated()) { - return ResultHolder.success(""); + // 返回 userDTO + return ResultHolder.success(subject.getSession().getAttribute("user")); } else { return ResultHolder.error("login fail"); } diff --git a/backend/src/main/java/io/metersphere/security/ShiroDBRealm.java b/backend/src/main/java/io/metersphere/security/ShiroDBRealm.java index ae11bb25cb..02275b7c1a 100644 --- a/backend/src/main/java/io/metersphere/security/ShiroDBRealm.java +++ b/backend/src/main/java/io/metersphere/security/ShiroDBRealm.java @@ -1,6 +1,8 @@ package io.metersphere.security; +import io.metersphere.dto.UserDTO; +import io.metersphere.service.UserService; import io.metersphere.user.SessionUser; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.*; @@ -10,6 +12,8 @@ import org.apache.shiro.subject.PrincipalCollection; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import javax.annotation.Resource; + /** * 自定义Realm 注入service 可能会导致在 service的aop 失效,例如@Transactional, @@ -23,6 +27,8 @@ import org.slf4j.LoggerFactory; public class ShiroDBRealm extends AuthorizingRealm { private Logger logger = LoggerFactory.getLogger(ShiroDBRealm.class); + @Resource + private UserService userService; /** * 权限认证 @@ -40,10 +46,16 @@ public class ShiroDBRealm extends AuthorizingRealm { UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken; String userId = token.getUsername(); String password = String.valueOf(token.getPassword()); - SessionUser sessionUser = new SessionUser(); + UserDTO user = userService.getUserDTO(userId); + String msg; + if (user == null) { + msg = "not exist user is trying to login, user:" + userId; + logger.warn(msg); + throw new UnknownAccountException(msg); + } + // TODO 密码验证,roles 等内容填充 - sessionUser.setName(userId); - sessionUser.setId(userId); + SessionUser sessionUser = SessionUser.fromUser(user); SecurityUtils.getSubject().getSession().setAttribute("user", sessionUser); return new SimpleAuthenticationInfo(userId, password, getName()); } diff --git a/backend/src/main/java/io/metersphere/user/SessionUser.java b/backend/src/main/java/io/metersphere/user/SessionUser.java index 0a36e97649..187a39621f 100644 --- a/backend/src/main/java/io/metersphere/user/SessionUser.java +++ b/backend/src/main/java/io/metersphere/user/SessionUser.java @@ -1,26 +1,18 @@ package io.metersphere.user; +import io.metersphere.dto.UserDTO; +import org.springframework.beans.BeanUtils; + import java.io.Serializable; -public class SessionUser implements Serializable { +public class SessionUser extends UserDTO implements Serializable { private static final long serialVersionUID = -7149638440406959033L; - private String id; - private String name; - public String getId() { - return id; + public static SessionUser fromUser(UserDTO user) { + SessionUser sessionUser = new SessionUser(); + BeanUtils.copyProperties(user, sessionUser); + return sessionUser; } - public void setId(String id) { - this.id = id; - } - - public String getName() { - return name; - } - - public void setName(String name) { - this.name = name; - } } diff --git a/frontend/src/login/Login.vue b/frontend/src/login/Login.vue index f8fb291c29..a3275f4705 100644 --- a/frontend/src/login/Login.vue +++ b/frontend/src/login/Login.vue @@ -41,6 +41,10 @@