add: 修改密码接口

site/src/main/java/com/mooctest/crowd/site/anticorruption/impl/data/UserCommon.java

@@ -31,11 +31,10 @@ public class UserCommon extends UserInfo {
 
    private String unionid;
 
-   public UserCommon(RestPasswordCommand command){
+   public void obtainValue(RestPasswordCommand command){
       super.setId(command.getId());
       super.setPassword(command.getPassword());
       this.oldPassword = command.getOldPassword();
-      this.verifyCode = command.getVerifyCode();
       this.password2 = command.getPassword2();
    }
 

site/src/main/java/com/mooctest/crowd/site/command/RestPasswordCommand.java

@@ -16,5 +16,4 @@ public class RestPasswordCommand {
     private String oldPassword;
     private String password;
     private String password2;
-    private String verifyCode;
 }

site/src/main/java/com/mooctest/crowd/site/configuration/ShiroConfiguration.java

@@ -0,0 +1,177 @@
+package com.mooctest.crowd.site.configuration;
+
+import org.apache.shiro.cache.ehcache.EhCacheManager;
+import org.apache.shiro.spring.LifecycleBeanPostProcessor;
+import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
+import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.DependsOn;
+
+/**
+ * Shiro configuration
+ * Created by Liu on 2017/6/6.
+ */
+@Configuration
+public class ShiroConfiguration {
+    /**
+     * LifecycleBeanPostProcessor，这是个DestructionAwareBeanPostProcessor的子类，
+     * 负责org.apache.shiro.util.Initializable类型bean的生命周期的，初始化和销毁。
+     * 主要是AuthorizingRealm类的子类，以及EhCacheManager类。
+     */
+    @Bean(name = "lifecycleBeanPostProcessor")
+    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
+        return new LifecycleBeanPostProcessor();
+    }
+
+    /**
+     * ShiroRealm，这是个自定义的认证类，继承自AuthorizingRealm，
+     * 负责用户的认证和权限的处理，可以参考JdbcRealm的实现。
+     */
+//    @ConditionalOnProperty(prefix = "featureSwitch", name = "client.loginByUserCenter", matchIfMissing = false)
+//    @Bean(name = "shiroRealm")
+//    @DependsOn("lifecycleBeanPostProcessor")
+//    public ShiroRealmAdapt2UserCenter shiroRealmAdapt2UserCenter() {
+//        // System.out.println("\nCreate ShiroRealm Adapt to UserCenter\n");
+//        ShiroRealmAdapt2UserCenter realm = new ShiroRealmAdapt2UserCenter();
+//        return realm;
+//    }
+//
+//    @Bean(name = "shiroRealm")
+//    @DependsOn("lifecycleBeanPostProcessor")
+//    public ShiroRealm shiroRealm() {
+//        // System.out.println("\nCreate ShiroRealm don't Adapt to UserCenter\n");
+//        ShiroRealm realm = new ShiroRealm();
+//        return realm;
+//    }
+
+    /**
+     * EhCacheManager，缓存管理，用户登陆成功后，把用户信息和权限信息缓存起来，
+     * 然后每次用户请求时，放入用户的session中，如果不设置这个bean，每个请求都会查询一次数据库。
+     */
+    @Bean(name = "ehCacheManager")
+    @DependsOn("lifecycleBeanPostProcessor")
+    public EhCacheManager ehCacheManager() {
+        return new EhCacheManager();
+    }
+
+    /**
+     * SecurityManager，权限管理，这个类组合了登陆，登出，权限，session的处理，是个比较重要的类。
+     */
+//    @Bean(name = "securityManager")
+//    public DefaultWebSecurityManager securityManager(AuthorizingRealm shiroRealm) {
+//        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
+//        securityManager.setRealm(shiroRealm);
+//        securityManager.setCacheManager(ehCacheManager());
+//        //securityManager.setSessionManager(defaultWebSessionManager());
+//
+//        return securityManager;
+//    }
+
+    /**
+     * ShiroFilterFactoryBean，是个factorybean，为了生成ShiroFilter。
+     * 它主要保持了三项数据，securityManager，filters，filterChainDefinitionManager。
+     */
+//    @Bean(name = "shiroFilter")
+//    public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
+//        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
+//        shiroFilterFactoryBean.setSecurityManager(securityManager);
+//
+//        Map<String, Filter> filters = new LinkedHashMap<>();
+//        filters.put("authc", new MyAuthorizationFilter());
+//        shiroFilterFactoryBean.setFilters(filters);
+//
+//        Map<String, String> filterChainDefinitionManager = new LinkedHashMap<String, String>();
+//
+//        filterChainDefinitionManager.put("/api/cookie/set", "anon");
+//        filterChainDefinitionManager.put("/api/test/login", "anon");
+//        filterChainDefinitionManager.put("/api/test/register", "anon");
+//        filterChainDefinitionManager.put("/api/featureSwitch", "anon");
+//        filterChainDefinitionManager.put("/api/ossConfiguration","anon");
+//        filterChainDefinitionManager.put("/api/common/tag/**", "authc");
+//        filterChainDefinitionManager.put("/api/common/**", "anon");
+//        filterChainDefinitionManager.put("/api/mobileLogin", "anon");
+//        filterChainDefinitionManager.put("/api/case/nodeList", "anon");
+//        filterChainDefinitionManager.put("/api/exam/**/info","anon");
+//        filterChainDefinitionManager.put("/api/payEmail", "anon");
+//        filterChainDefinitionManager.put("/api/product/send", "anon");
+//
+//        filterChainDefinitionManager.put("/logout", "anon");
+//        filterChainDefinitionManager.put("/api/dev/**", "anon");
+//        filterChainDefinitionManager.put("/api/kibug/plugin/**", "anon");
+//        filterChainDefinitionManager.put("/api/wechat/**", "anon");
+//
+//        filterChainDefinitionManager.put("/api/pythonCommunity/exercise/**", "anon");
+//        filterChainDefinitionManager.put("/api/pythonCommunity/statistic/**", "authc");
+//        filterChainDefinitionManager.put("/api/support/**", "anon");
+//        filterChainDefinitionManager.put("/api/evaluation/**", "authc");
+//
+//        filterChainDefinitionManager.put("/api/onlinejudge/**","anon");
+//
+//        filterChainDefinitionManager.put("/api/codeVisualize/**", "anon");
+//
+//        filterChainDefinitionManager.put("/api/onlinejudge/u/**","authc");
+//        filterChainDefinitionManager.put("/api/sendGetHelpEmail", "anon");
+//        filterChainDefinitionManager.put("/**", "authc");
+//        filterChainDefinitionManager.put("/api/caseExport", "anon");
+//        filterChainDefinitionManager.put("/api/caseImport", "anon");
+//
+//        filterChainDefinitionManager.put("/api/contest/enterWithoutLogin/**", "anon");
+//
+//
+//
+//
+//        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionManager);
+//
+//        shiroFilterFactoryBean.setSuccessUrl("/");
+//        shiroFilterFactoryBean.setLoginUrl("/");
+//        shiroFilterFactoryBean.setUnauthorizedUrl("");
+//        return shiroFilterFactoryBean;
+//    }
+
+    /**
+     * DefaultAdvisorAutoProxyCreator，Spring的一个bean，由Advisor决定对哪些类的方法进行AOP代理。
+     */
+    @Bean
+    @ConditionalOnMissingBean
+    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
+        DefaultAdvisorAutoProxyCreator defaultAAP = new DefaultAdvisorAutoProxyCreator();
+        defaultAAP.setProxyTargetClass(true);
+        return defaultAAP;
+    }
+
+    /**
+     * AuthorizationAttributeSourceAdvisor，shiro里实现的Advisor类，
+     * 内部使用AopAllianceAnnotationsAuthorizingMethodInterceptor来拦截用以下注解的方法。
+     */
+//    @Bean
+//    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
+//        AuthorizationAttributeSourceAdvisor aASA = new AuthorizationAttributeSourceAdvisor();
+//        aASA.setSecurityManager(securityManager);
+//        return aASA;
+//    }
+
+//    @Bean(name = "sessionDao")
+//    public MySessionDao sessionDao() {
+//        MySessionDao sessionDao = new MySessionDao();
+//        sessionDao.setSessionIdGenerator(new JavaUuidSessionIdGenerator());
+////        sessionDao.setSessionIdGenerator(JavaUuidSessionIdGenerator);
+//        return sessionDao;
+//    }
+
+    @Bean(name = "sessionManager")
+    public DefaultWebSessionManager defaultWebSessionManager() {
+        DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
+        sessionManager.setCacheManager(ehCacheManager());
+        sessionManager.setGlobalSessionTimeout(1800000);//超时时间
+        sessionManager.setSessionValidationSchedulerEnabled(true);//定时清除无效的session
+        sessionManager.setSessionValidationInterval(1800000);//半个小时清理一次失效的session
+        sessionManager.setDeleteInvalidSessions(true);//删除无效的session
+//        sessionManager.setSessionDAO(sessionDao());
+        return sessionManager;
+    }
+
+}
+
+

site/src/main/java/com/mooctest/crowd/site/controller/CaptchaController.java

@@ -2,8 +2,6 @@ package com.mooctest.crowd.site.controller;
 
 import com.google.code.kaptcha.impl.DefaultKaptcha;
 import com.mooctest.crowd.domain.util.EncryptionUtil;
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.session.Session;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
@@ -13,6 +11,7 @@ import javax.imageio.ImageIO;
 import javax.servlet.ServletOutputStream;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 import java.awt.image.BufferedImage;
 
 /**
@@ -42,7 +41,8 @@ public class CaptchaController extends BaseController {
         String capText = captchaProducer.createText();
 
         try {
-            Session session = SecurityUtils.getSubject().getSession();
+//            Session session = SecurityUtils.getSubject().getSession();
+            HttpSession session = request.getSession();
             String md5Captcha = EncryptionUtil.encryptMD5Hex(capText);
             session.setAttribute("captchaCode" , md5Captcha);
 

site/src/main/java/com/mooctest/crowd/site/controller/UserController.java

@@ -3,7 +3,6 @@ package com.mooctest.crowd.site.controller;
 import com.mooctest.crowd.domain.exception.*;
 import com.mooctest.crowd.site.annotation.LoginRequired;
 import com.mooctest.crowd.site.annotation.SysAdminRequired;
-import com.mooctest.crowd.site.anticorruption.impl.data.UserCommon;
 import com.mooctest.crowd.site.command.*;
 import com.mooctest.crowd.site.data.dto.UserDTO;
 import com.mooctest.crowd.site.data.response.ResponseVO;
@@ -72,10 +71,8 @@ public class UserController extends BaseController {
      * 修改密码
      */
     @RequestMapping(value = "/password/reset", method = RequestMethod.PUT)
-    public ResponseVO<UserCommon> resetPassword(@RequestBody RestPasswordCommand restPasswordCommand, BindingResult result) {
-        if (result.hasErrors())
-            throw new BadRequestException(result.getFieldError().getDefaultMessage());
-        return new ResponseVO<>(ServerCode.SUCCESS, userService.restPassword(restPasswordCommand));
+    public ResponseVO<Object> resetPassword(@RequestBody RestPasswordCommand restPasswordCommand, HttpServletRequest request) throws InvocationTargetException, IllegalAccessException {
+        return userService.restPassword(restPasswordCommand, request);
     }
 
     /**

site/src/main/java/com/mooctest/crowd/site/service/CommonService.java

@@ -4,11 +4,13 @@ import com.mooctest.crowd.site.data.dto.IndexDTO;
 import com.mooctest.crowd.site.data.dto.IndexInfoDTO;
 import com.mooctest.crowd.site.data.dto.IndexPageDTO;
 import com.mooctest.crowd.site.data.dto.MyCrowdDTO;
-import com.mooctest.crowd.site.data.vo.*;
+import com.mooctest.crowd.site.data.vo.CrowdProjectVO;
+import com.mooctest.crowd.site.data.vo.CrowdTaskVO;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.Pageable;
 import org.springframework.stereotype.Service;
 
+import javax.servlet.http.HttpServletRequest;
 import java.util.Map;
 
 @Service
@@ -17,7 +19,7 @@ public interface CommonService {
 
     MyCrowdDTO getPersonCrowd(Long userId);
 
-    IndexInfoDTO getIndexInfos();
+    IndexInfoDTO getIndexInfos(HttpServletRequest request);
 
     IndexPageDTO getIndexPageInfo(Pageable pageable, Map<String, String> extraCondition, String keyword, int deletedStatus);
 

site/src/main/java/com/mooctest/crowd/site/service/impl/CommonServiceImpl.java

@@ -17,6 +17,7 @@ import org.springframework.data.domain.Page;
 import org.springframework.data.domain.Pageable;
 import org.springframework.stereotype.Service;
 
+import javax.servlet.http.HttpServletRequest;
 import java.util.Map;
 
 @Service
@@ -48,8 +49,10 @@ public class CommonServiceImpl implements CommonService {
     }
 
     @Override
-    public IndexInfoDTO getIndexInfos() {
-        return viewMediator.renderIndexInfos();
+    public IndexInfoDTO getIndexInfos(HttpServletRequest request) {
+        IndexInfoDTO indexInfoDTO = viewMediator.renderIndexInfos();
+        request.getSession().setAttribute("indexInfo", indexInfoDTO);
+        return indexInfoDTO;
     }
 
     @Override