[代码完善](v2.5): 修复禁用用户后用户还可以操作的Bug

close elunez#443
csctwx · Aug 1, 2020 · bf541e8 · bf541e8
1 parent fca6404
commit bf541e8
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 1 deletion.
diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/security/service/OnlineUserService.java b/eladmin-system/src/main/java/me/zhengjie/modules/security/service/OnlineUserService.java
@@ -21,6 +21,7 @@
 import me.zhengjie.modules.security.service.dto.OnlineUserDto;
 import me.zhengjie.utils.*;
 import org.springframework.data.domain.Pageable;
+import org.springframework.scheduling.annotation.Async;
 import org.springframework.stereotype.Service;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -173,4 +174,17 @@ public void checkLoginOnUser(String userName, String igoreToken){
         }
     }
 
+    /**
+     * 根据用户名强退用户
+     * @param username /
+     */
+    @Async
+    public void kickOutForUsername(String username) {
+        List<OnlineUserDto> onlineUsers = getAll(username);
+        for (OnlineUserDto onlineUser : onlineUsers) {
+            if (onlineUser.getUserName().equals(username)) {
+                kickOut(onlineUser.getKey());
+            }
+        }
+    }
 }
diff --git a/...min-system/src/main/java/me/zhengjie/modules/security/service/UserDetailsServiceImpl.java b/...min-system/src/main/java/me/zhengjie/modules/security/service/UserDetailsServiceImpl.java
@@ -24,6 +24,7 @@
 import me.zhengjie.modules.system.service.RoleService;
 import me.zhengjie.modules.system.service.UserService;
 import me.zhengjie.modules.system.service.dto.UserDto;
+import org.springframework.http.HttpStatus;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Service;
@@ -72,7 +73,7 @@ public JwtUserDto loadUserByUsername(String username) {
                 throw new UsernameNotFoundException("");
             } else {
                 if (!user.getEnabled()) {
-                    throw new BadRequestException("账号未激活");
+                    throw new BadRequestException("账号未激活！");
                 }
                 jwtUserDto = new JwtUserDto(
                         user,

diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/system/service/impl/UserServiceImpl.java b/eladmin-system/src/main/java/me/zhengjie/modules/system/service/impl/UserServiceImpl.java
@@ -17,6 +17,7 @@
 
 import lombok.RequiredArgsConstructor;
 import me.zhengjie.config.FileProperties;
+import me.zhengjie.modules.security.service.OnlineUserService;
 import me.zhengjie.modules.security.service.UserCacheClean;
 import me.zhengjie.modules.system.domain.User;
 import me.zhengjie.exception.EntityExistException;
@@ -58,6 +59,7 @@ public class UserServiceImpl implements UserService {
     private final FileProperties properties;
     private final RedisUtils redisUtils;
     private final UserCacheClean userCacheClean;
+    private final OnlineUserService onlineUserService;
 
     @Override
     public Object queryAll(UserQueryCriteria criteria, Pageable pageable) {
@@ -117,6 +119,10 @@ public void update(User resources) {
         if(!resources.getUsername().equals(user.getUsername())){
             redisUtils.del("user::username:" + user.getUsername());
         }
+        // 如果用户被禁用，则清除用户登录信息
+        if(!resources.getEnabled()){
+            onlineUserService.kickOutForUsername(resources.getUsername());
+        }
         user.setUsername(resources.getUsername());
         user.setEmail(resources.getEmail());
         user.setEnabled(resources.getEnabled());