fix: 修复删除在线用户之后用户还能操作的问题

2020-09-29 15:48:14 +08:00 · 2020-09-29 15:48:14 +08:00 · f5036e85c9
parent 81c8c5c15e
commit f5036e85c9
2 changed files with 30 additions and 0 deletions
--- a/backend/src/main/java/io/metersphere/commons/utils/SessionUtils.java
+++ b/backend/src/main/java/io/metersphere/commons/utils/SessionUtils.java
@ -1,10 +1,14 @@
 package io.metersphere.commons.utils;

 import io.metersphere.commons.user.SessionUser;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.session.Session;
+import org.apache.shiro.session.mgt.DefaultSessionManager;
 import org.apache.shiro.subject.Subject;
+import org.apache.shiro.subject.support.DefaultSubjectContext;

+import java.util.Collection;
 import java.util.Objects;
 import java.util.Optional;

@ -26,6 +30,30 @@ public class SessionUtils {
        }
    }

+    private static Session getSessionByUsername(String username) {
+        DefaultSessionManager sessionManager = CommonBeanFactory.getBean(DefaultSessionManager.class);
+        Collection<Session> sessions = sessionManager.getSessionDAO().getActiveSessions();
+        for (Session session : sessions) {
+            if (null != session && StringUtils.equals(String.valueOf(session.getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY)), username)) {
+                return session;
+            }
+        }
+        return null;
+    }
+
+    /**
+     * 踢除用户
+     *
+     * @param username
+     */
+    public static void kickOutUser(String username) {
+        Session session = getSessionByUsername(username);
+        if (session != null) {
+            DefaultSessionManager sessionManager = CommonBeanFactory.getBean(DefaultSessionManager.class);
+            sessionManager.getSessionDAO().delete(session);
+        }
+    }
+
    //
    public static void putUser(SessionUser sessionUser) {
        SecurityUtils.getSubject().getSession().setAttribute(ATTR_USER, sessionUser);
--- a/backend/src/main/java/io/metersphere/controller/UserController.java
+++ b/backend/src/main/java/io/metersphere/controller/UserController.java
@ -63,6 +63,8 @@ public class UserController {
    @RequiresRoles(RoleConstants.ADMIN)
    public void deleteUser(@PathVariable(value = "userId") String userId) {
        userService.deleteUser(userId);
+        // 踢掉在线用户
+        SessionUtils.kickOutUser(userId);
    }

    @PostMapping("/special/update")