Merge branch 'DEV' of git.mooctest.net:summer/main-site into DEV

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/web/ctrl/BaseController.java

@@ -1,13 +1,30 @@
 package cn.iselab.mooctest.site.web.ctrl;
 
+import org.apache.shiro.authz.UnauthenticatedException;
+import org.apache.shiro.authz.UnauthorizedException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
 /**
  * @author liuzicong
  */
-public class BaseController {
+public abstract class BaseController {
 
     protected final Logger LOG = LoggerFactory.getLogger(getClass());
 
+    @ExceptionHandler({UnauthenticatedException.class})
+    public String authenticationException(HttpServletRequest request, HttpServletResponse response) {
+        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+        return "";
+    }
+
+    @ExceptionHandler({UnauthorizedException.class})
+    public String authorizationException(HttpServletRequest request,HttpServletResponse response){
+        response.setStatus(HttpServletResponse.SC_FORBIDDEN);
+        return  "";
+    }
 }

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/web/ctrl/CaseController.java

@@ -18,6 +18,7 @@ import cn.iselab.mooctest.site.web.logic.CaseLogic;
 import cn.iselab.mooctest.site.web.util.Converter;
 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.authz.annotation.RequiresAuthentication;
+import org.apache.shiro.authz.annotation.RequiresUser;
 import org.json.JSONObject;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.domain.Page;
@@ -113,6 +114,7 @@ public class CaseController extends BaseController {
     }
 
 //    @RequiresAuthentication
+//    @RequiresUser
     @RequestMapping(value = UrlConstants.API+"cases/{paperId}/{examId}", method = RequestMethod.GET)
     public List<CaseExtendsVO> getCasesForExam(@PathVariable @NotNull Long paperId,@PathVariable @NotNull Long examId) throws Exception {
         String username = (String) SecurityUtils.getSubject().getPrincipals().getPrimaryPrincipal();

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/web/ctrl/ExamController.java

@@ -12,6 +12,10 @@ import cn.iselab.mooctest.site.web.logic.UserLogic;
 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.authz.UnauthorizedException;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
+import org.apache.shiro.authz.annotation.RequiresUser;
+import org.apache.shiro.session.Session;
+import org.apache.shiro.subject.PrincipalCollection;
+import org.apache.shiro.subject.Subject;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.PageRequest;
@@ -27,7 +31,7 @@ import java.util.List;
  */
 
 @RestController
-public class ExamController {
+public class ExamController extends BaseController{
 
     @Autowired
     ExamLogic examLogic;
@@ -72,9 +76,13 @@ public class ExamController {
         return examLogic.getExamList(username);
     }
 
+    @RequiresUser
     @RequestMapping(value = "api/exam/{examId}", method = RequestMethod.GET)
     public ExamVO getExamById(@PathVariable Long examId) {
-        String username = (String) SecurityUtils.getSubject().getPrincipals().getPrimaryPrincipal();
+        Session session=SecurityUtils.getSubject().getSession();
+        Subject subject=SecurityUtils.getSubject();
+        PrincipalCollection principalCollection=subject.getPrincipals();
+        String username = (String) principalCollection.getPrimaryPrincipal();
         Long userId = userLogic.findUserByEmail(username).getId();
         String permissionStr = String.valueOf(userId) + ":task:view:" + String.valueOf(examId);
         if (!SecurityUtils.getSubject().isPermitted(permissionStr)) {