Merge branch 'DEV' of http://git.mooctest.net/summer/main-site into shiro-test

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/configure/ShiroConfiguration.java

@@ -82,7 +82,7 @@ public class ShiroConfiguration {
 
         Map<String, String> filterChainDefinitionManager = new LinkedHashMap<String, String>();
 
-        filterChainDefinitionManager.put("/login2", "anon");
+        filterChainDefinitionManager.put("/api/test/login", "anon");
         filterChainDefinitionManager.put("/logout", "logout");
         filterChainDefinitionManager.put("/api/common/**", "anon");
         filterChainDefinitionManager.put("/**", "authc");

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/web/ctrl/ExamController.java

@@ -1,6 +1,7 @@
 package cn.iselab.mooctest.site.web.ctrl;
 
 import cn.iselab.mooctest.site.common.constant.UrlConstants;
+import cn.iselab.mooctest.site.models.User;
 import cn.iselab.mooctest.site.web.data.AssignedTaskVO;
 import cn.iselab.mooctest.site.web.data.ExamVO;
 import cn.iselab.mooctest.site.web.data.PaperVO;
@@ -77,9 +78,8 @@ public class ExamController extends BaseController {
     @RequestMapping(value = "api/exam/{examId}", method = RequestMethod.GET)
     public ExamVO getExamById(@PathVariable Long examId) {
 
-        String username = (String) SecurityUtils.getSubject().getPrincipals().getPrimaryPrincipal();
-        Long userId = userLogic.findUserByEmail(username).getId();
-        String permissionStr = userId.toString() + "task:view" + examId.toString();
+        User user = (User) SecurityUtils.getSubject().getSession().getAttribute("User");
+        String permissionStr = user.getId().toString() + "task:view" + examId.toString();
         if (!SecurityUtils.getSubject().isPermitted(permissionStr)) {
             throw new UnauthorizedException("unauthorized");
         }

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/web/ctrl/TestController.java

@@ -1,8 +1,10 @@
 package cn.iselab.mooctest.site.web.ctrl;
 
 import cn.iselab.mooctest.site.common.enums.SessionKey;
+import cn.iselab.mooctest.site.models.User;
 import cn.iselab.mooctest.site.util.data.EncryptionUtil;
 import cn.iselab.mooctest.site.web.data.UserVO;
+import cn.iselab.mooctest.site.web.data.wrapper.UserVOWrapper;
 import cn.iselab.mooctest.site.web.exception.HttpBadRequestException;
 import cn.iselab.mooctest.site.web.exception.HttpUnauthorizedException;
 import cn.iselab.mooctest.site.web.logic.MenuLogic;
@@ -34,6 +36,9 @@ public class TestController {
     @Autowired
     private MenuLogic menuLogic;
 
+    @Autowired
+    private UserVOWrapper userVOWrapper;
+
     private Logger LOG = LoggerFactory.getLogger(getClass());
 
     @RequestMapping(value = "/api/test/getSession", method = RequestMethod.GET)
@@ -87,8 +92,10 @@ public class TestController {
         if (currentUser.isAuthenticated()) {
             System.out.println("用户[" + username + "]登录认证通过(这里可以进行一些认证通过后的一些系统参数初始化操作)");
             userVO = userLogic.findUserByEmail(userVO.getEmail());
+            User user = userVOWrapper.unwrap(userVO);
             userVO.setPassword("");
             userVO.setMenuVOs(menuLogic.getMenuListByUsername(username));
+            currentUser.getSession().setAttribute("User", user);
             return userVO;
         } else {
             token.clear();