我有一个名为SessionBean的Java Spring Bean,由多个用户共享。当新用户访问我的应用程序时,会创建一个SessionBean实例。此bean旨在保存用户的ID和权限信息,以确定他们在我的应用程序上可以看到的内容。但是,如果第二个用户在第一个用户使用它的同时访问该应用程序,则所创建的bean将被第二个用户的凭据覆盖,并且两个用户都使用这些被覆盖的凭据。如何使每个用户SessionBean独立于其他用户?
MainController.java
package com.trac.controller;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.ModelAndView;
import com.trac.verification.*;
import com.trac.bean.SessionBean;
@Controller
public class MainController {
private CompanyOrgVerification org = new CompanyOrgVerification();
@Autowired
private SessionBean session;
@Autowired
private RacfGroupData racfGroup;
//returns the agent search page
@RequestMapping(URIConstants.WELCOME_PAGE)
public ModelAndView welcome(HttpServletRequest request){
this.session = new SessionBean();
String userId = request.getHeader("x-user");
System.out.println(userId.trim());
session.setUserId(userId.trim());
if( racfGroup.getRacfGroups(session.getUserId()) ){
session.setPermission("INFOA", "U"); //Granting the default permissions to anyone with access to the application.
return new ModelAndView("index");
}else{
ModelAndView error = new ModelAndView();
error.setViewName("error");
return error;
}
}
//returns the agent profile page
@RequestMapping(value = URIConstants.PROFILE_PAGE )
public ModelAndView profile(HttpServletRequest request){
Cookie[] cookies = request.getCookies();
String profileEntityNo = "";
for(int i=0; i<cookies.length; i++){
String cookieName = cookies[i].getName().toUpperCase();
switch(cookieName){
case "ENTITYNO": profileEntityNo = cookies[i].getValue().toString().trim();
break;
case "STATE": cookies[i].getValue().toString().trim();
break;
case "NAME": cookies[i].getValue().replace("%20", " ").replace("%2C", ",").trim();
break;
case "DISTRICT": cookies[i].getValue().toString().trim();
break;
}
}
if( session.hasAccessToApp() ){ //check if user is authorized to access page
int structureNo = 3; //company org structure number
String structureCd = "ORG";
org.setSessionBean(session);
org.setProfilePrivileges(profileEntityNo, structureCd, structureNo);
this.setSessionBean( org.getSessionBean() );
ModelAndView profile = new ModelAndView();
profile.setViewName("profile");
profile.addObject("userId", session.getUserId());
profile.addObject("privileges", session.getProfilePrivileges() );
profile.addObject("accessType", session.getAccessType() );
return profile;
}else{
return new ModelAndView("error");
}
}
public SessionBean getSessionBean(){
return session;
}
public void setSessionBean(SessionBean session){
this.session = session;
}
public RacfGroupData getRacfGroup(){
return racfGroup;
}
public void setRacfGroup(RacfGroupData racfGroup){
this.racfGroup = racfGroup;
}
}
SessionBean.java
package com.trac.bean;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
import org.springframework.context.annotation.ScopedProxyMode;
@Component
@Scope(value = "session", proxyMode = ScopedProxyMode.TARGET_CLASS )
public class SessionBean {
private String userId;
private String permission = "";
private final int grant_InfoA = 0;
private final int grant_Trac = 1;
private final int grant_Term = 2;
private final int grant_Conf = 3;
private final int grant_Mark = 4;
private boolean[] profilePrivileges = new boolean [ 5 ]; //holds the user privileges for a profile
private String[] accessType = new String[5];
public void setPermission(String permissionValue, String type){
try{
permission = permissionValue;
setPrivileges(type);
}catch(Exception e){
System.out.println("Exception caught in SessionBean - setPermission. "+e.toString());
}
}
public void setPrivileges(String type){
try{
System.out.println("***Permission String: " + this.permission + "***");
//Default Permission
if(permission.equals("INFOA")){
profilePrivileges[grant_InfoA] = true;
accessType[grant_InfoA] = type;
System.out.println("***Granted access to the application***");
}
//Subsidy Tab Permission
else if(permission.equals("TRAC")){
profilePrivileges[grant_Trac] = true;
accessType[grant_Trac] = type;
System.out.println("***Granted access to Trac subsidy***");
}
//Termination Tab Permission
else if(permission.equals("TERM")){
profilePrivileges[grant_Term] = true;
accessType[grant_Term] = type;
System.out.println("***Granted access to termination info***");
}
//Conference Tab Permission
else if(permission.equals("CONF")){
profilePrivileges[grant_Conf] = true;
accessType[grant_Conf] = type;
System.out.println("***Granted access to conference info***");
}
//Service/Transfer & Term Tabs Permission
else if(permission.equals("MARK")){
profilePrivileges[grant_Mark] = true;
accessType[grant_Mark] = type;
System.out.println("***Granted access to Service/Transfer and Term tabs***");
}
else{
System.out.println("No privileges set. Permission string is: "
+ permission);
}
}catch (Exception e){
System.out.println("^^^^ Exception caught in SessionBean."
+ "setPrivileges ^^^^\n" + e.toString());
}
}
public String getUserId() {
return userId;
}
public void setUserId(String userId) {
this.userId = userId.toUpperCase();
}
public boolean hasAccessToApp(){
if( profilePrivileges[grant_InfoA] == true){
return true;
}else{
return false;
}
}
public boolean[] getProfilePrivileges(){
return profilePrivileges;
}
public String[] getAccessType(){
return accessType;
}
}
答案 0 :(得分:0)
好的,这真的不是我想要的解决方案,但它完成了工作。我所做的是在MainController类的profile()函数中,我从Header中重新拉出userId,就像我在welcome()函数中所做的那样,并在会话中重置它。然后我在SessionBean中创建了一个新函数,它重置了特权和accessType数组,并在MainController的profile()函数中调用它。这使我能够为用户提供正确的权限,而不会受到其他用户权限的任何交叉污染。
如果有人有更好的解决方案,我很高兴听到他们。