有 Java 编程相关的问题?

你可以在下面搜索框中键入要查询的问题!

Spring SessionBean实例正在由java中的多个用户共享

我有一个名为SessionBean的JavaSpringbean,由多个用户共享。当新用户访问我的应用程序时,会创建SessionBean的实例。这个bean用来保存用户的id和特权信息,这些信息决定了他们可以在我的应用程序上看到什么。但是,如果第二个用户在第一个用户使用应用程序的同时访问该应用程序,则创建的bean将被第二个用户的凭据覆盖,并且两个用户都使用这些被覆盖的凭据。如何使每个用户SessionBean独立于其他用户

主控制器。爪哇

package com.trac.controller;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.ModelAndView;

import com.trac.verification.*;
import com.trac.bean.SessionBean;

@Controller
public class MainController {

private CompanyOrgVerification org = new CompanyOrgVerification();

@Autowired
private SessionBean session;
@Autowired
private RacfGroupData racfGroup;

//returns the agent search page
@RequestMapping(URIConstants.WELCOME_PAGE)
public ModelAndView welcome(HttpServletRequest request){ 

    this.session = new SessionBean();

    String userId = request.getHeader("x-user");
    System.out.println(userId.trim());
    session.setUserId(userId.trim());

    if( racfGroup.getRacfGroups(session.getUserId()) ){
        session.setPermission("INFOA", "U"); //Granting the default permissions to anyone with access to the application.
        return new ModelAndView("index");
    }else{
        ModelAndView error = new ModelAndView();
        error.setViewName("error");
        return error;   

    }
}


//returns the agent profile page
@RequestMapping(value = URIConstants.PROFILE_PAGE )
public ModelAndView profile(HttpServletRequest request){
     Cookie[] cookies = request.getCookies();
     String profileEntityNo = "";
     for(int i=0; i<cookies.length; i++){

         String cookieName = cookies[i].getName().toUpperCase();

         switch(cookieName){
            case "ENTITYNO": profileEntityNo = cookies[i].getValue().toString().trim();
                break;
            case "STATE": cookies[i].getValue().toString().trim();
                break;
            case "NAME": cookies[i].getValue().replace("%20", " ").replace("%2C", ",").trim();
                break;
            case "DISTRICT": cookies[i].getValue().toString().trim();
                break;
         }
     }
    if( session.hasAccessToApp() ){ //check if user is authorized to access page
        int structureNo = 3; //company org structure number
        String structureCd = "ORG";
        org.setSessionBean(session); 
        org.setProfilePrivileges(profileEntityNo, structureCd, structureNo);
        this.setSessionBean( org.getSessionBean() );

        ModelAndView profile = new ModelAndView();
        profile.setViewName("profile");
        profile.addObject("userId", session.getUserId());
        profile.addObject("privileges", session.getProfilePrivileges() ); 
        profile.addObject("accessType", session.getAccessType() );

        return profile; 
    }else{
        return new ModelAndView("error");
    }
}

public SessionBean getSessionBean(){
    return session;
}
public void setSessionBean(SessionBean session){
    this.session = session;
}
public RacfGroupData getRacfGroup(){
    return racfGroup;
}
public void setRacfGroup(RacfGroupData racfGroup){
    this.racfGroup = racfGroup;
}

}

SessionBean。爪哇

package com.trac.bean;

import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
import org.springframework.context.annotation.ScopedProxyMode;


@Component
@Scope(value = "session", proxyMode = ScopedProxyMode.TARGET_CLASS ) 
public class SessionBean {

private String userId;
private String permission = "";
private final int grant_InfoA = 0;
private final int grant_Trac = 1;
private final int grant_Term = 2;
private final int grant_Conf = 3;
private final int grant_Mark = 4;
private boolean[] profilePrivileges = new boolean [ 5 ]; //holds the user privileges for a profile
private String[] accessType = new String[5];

public void setPermission(String permissionValue, String type){
    try{
        permission = permissionValue;
        setPrivileges(type);
    }catch(Exception e){
        System.out.println("Exception caught in SessionBean - setPermission. "+e.toString());
    }
}

public void setPrivileges(String type){
 try{
      System.out.println("***Permission String: " + this.permission + "***");
    //Default Permission  
      if(permission.equals("INFOA")){
          profilePrivileges[grant_InfoA] = true;
          accessType[grant_InfoA] = type;
          System.out.println("***Granted access to the application***");
      }
    //Subsidy Tab Permission  
      else if(permission.equals("TRAC")){
          profilePrivileges[grant_Trac] = true;
          accessType[grant_Trac] = type;
          System.out.println("***Granted access to Trac subsidy***");
      }
    //Termination Tab Permission
      else if(permission.equals("TERM")){
          profilePrivileges[grant_Term] = true;
          accessType[grant_Term] = type;
          System.out.println("***Granted access to termination info***");
      }
    //Conference Tab Permission  
      else if(permission.equals("CONF")){
          profilePrivileges[grant_Conf] = true;
          accessType[grant_Conf] = type;
          System.out.println("***Granted access to conference info***");
      }
    //Service/Transfer & Term Tabs Permission
      else if(permission.equals("MARK")){
          profilePrivileges[grant_Mark] = true;
          accessType[grant_Mark] = type;
          System.out.println("***Granted access to Service/Transfer and Term tabs***");
      }
      else{
        System.out.println("No privileges set.  Permission string is: "
            + permission);
      }
    }catch (Exception e){
      System.out.println("^^^^ Exception caught in SessionBean."
          + "setPrivileges ^^^^\n" + e.toString());
    }
}

public String getUserId() {
    return userId;
}
public void setUserId(String userId) {
    this.userId = userId.toUpperCase();
}
public boolean hasAccessToApp(){
    if( profilePrivileges[grant_InfoA] == true){
        return true;
    }else{
        return false;
    } 
}

public boolean[] getProfilePrivileges(){
    return profilePrivileges;
}

public String[] getAccessType(){
    return accessType; 
}

}

共 (1) 个答案

  1. # 1 楼答案

    好吧,这真的不是我想要的解决方案,但它完成了任务。我所做的是在MainController类的profile()函数中,我从标题中重新提取用户ID,就像我在welcome()函数中所做的那样,并在会话中重置它。然后,我在SessionBean中创建了一个新函数,用于重置特权和accessType数组,并在MainController的profile()函数中调用它。这使我能够为用户获取正确的权限,而不会受到其他用户权限的任何交叉污染

    如果有人有更好的解决方案,我非常高兴听到他们的声音