diff --git a/src/main/java/run/halo/app/config/HaloConfiguration.java b/src/main/java/run/halo/app/config/HaloConfiguration.java index 471a667084820f464a1a5cb21429f76e929744b5..da9d4d226e30a50760ea50037d969ae246bccf0d 100644 --- a/src/main/java/run/halo/app/config/HaloConfiguration.java +++ b/src/main/java/run/halo/app/config/HaloConfiguration.java @@ -16,6 +16,7 @@ import run.halo.app.cache.InMemoryCacheStore; import run.halo.app.cache.StringCacheStore; import run.halo.app.config.properties.HaloProperties; import run.halo.app.filter.CorsFilter; +import run.halo.app.filter.GuardFilter; import run.halo.app.filter.LogFilter; import run.halo.app.security.filter.AdminAuthenticationFilter; import run.halo.app.security.filter.ApiAuthenticationFilter; @@ -75,6 +76,15 @@ public class HaloConfiguration { return corsFilter; } + @Bean + public FilterRegistrationBean guardFilter() { + FilterRegistrationBean guardFilter = new FilterRegistrationBean<>(); + guardFilter.setOrder(Ordered.HIGHEST_PRECEDENCE); + guardFilter.setFilter(new GuardFilter()); + guardFilter.addUrlPatterns("/api/*"); + return guardFilter; + } + /** * Creates a LogFilter. * diff --git a/src/main/java/run/halo/app/filter/GuardFilter.java b/src/main/java/run/halo/app/filter/GuardFilter.java new file mode 100644 index 0000000000000000000000000000000000000000..02cc4b7909b501072166453b9cc31d1b82354085 --- /dev/null +++ b/src/main/java/run/halo/app/filter/GuardFilter.java @@ -0,0 +1,27 @@ +package run.halo.app.filter; + +import org.springframework.web.filter.GenericFilterBean; +import run.halo.app.security.context.SecurityContextHolder; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import java.io.IOException; + +/** + * @author johnniang + * @date 19-4-30 + */ +public class GuardFilter extends GenericFilterBean { + + @Override + public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { + + // Do filter + chain.doFilter(request, response); + + // Clear security context + SecurityContextHolder.clearContext(); + } +} diff --git a/src/main/java/run/halo/app/service/impl/AdminServiceImpl.java b/src/main/java/run/halo/app/service/impl/AdminServiceImpl.java index d005570a8f7140be33c41153e362030d069ca938..86e9a79cd1db05a521369e96d8fee6e47292226c 100644 --- a/src/main/java/run/halo/app/service/impl/AdminServiceImpl.java +++ b/src/main/java/run/halo/app/service/impl/AdminServiceImpl.java @@ -77,11 +77,6 @@ public class AdminServiceImpl implements AdminService { public AuthToken authenticate(LoginParam loginParam) { Assert.notNull(loginParam, "Login param must not be null"); - if (SecurityContextHolder.getContext().isAuthenticated()) { - // If the user has been logged in - throw new BadRequestException("You have been logged in, do not log in repeatedly please"); - } - String username = loginParam.getUsername(); User user = Validator.isEmail(username) ? userService.getByEmailOfNonNull(username) : userService.getByUsernameOfNonNull(username); @@ -93,6 +88,11 @@ public class AdminServiceImpl implements AdminService { throw new BadRequestException("Username or password is incorrect"); } + if (SecurityContextHolder.getContext().isAuthenticated()) { + // If the user has been logged in + throw new BadRequestException("You have been logged in, do not log in repeatedly please"); + } + // Generate new token return buildAuthToken(user); }