diff --git a/net.html b/net.html index b79c078ab..d7cc2a25c 100644 --- a/net.html +++ b/net.html @@ -40,13 +40,14 @@

        编写Redkale的HttpServlet与 JSR 340中的javax.servlet.http.HttpServlet 基本相同,只需继承 org.redkale.net.http.HttpServlet, 比较好的习惯是一个项目先定义一个项目级的BaseServlet类,这样方便以后加入类似javax.servlet.Filter的功能。

        一个典型的BaseSerlvet实现:

- 
public class BaseSerlvet extends org.redkale.net.http.HttpServlet {
+            
@HttpUserType(UserInfo.class)
+public class BaseSerlvet extends HttpServlet {
 
     protected final Logger logger = Logger.getLogger(this.getClass().getSimpleName());
 
     protected final boolean fine = logger.isLoggable(Level.FINE);
 
-    @Resource(name = "APP_TIME") //[Redkale内置资源]  进程的启动时间
+    @Resource(name = "APP_TIME") //[Redkale内置资源]  进程的启动时间
     protected long serverCreateTime;
 
     @Resource //[Redkale内置资源]
@@ -56,48 +57,45 @@
     protected JsonFactory jsonFactory;
 
     //[Redkale内置资源], 当前进程的根目录,字段类型可以是 String、java.io.File、java.nio.file.Path
-    @Resource(name = "APP_HOME")
+    @Resource(name = "APP_HOME")
     protected File home;
 
     //[Redkale内置资源], 当前Http Server的web页面的根目录,字段类型可以是 String、java.io.File、java.nio.file.Path
-    @Resource(name = "SERVER_ROOT")
+    @Resource(name = "SERVER_ROOT")
     protected File webroot;
 
     @Resource
     private UserService service;
 
-    //在调用authenticate之前调用
+    //在调用authenticate之前调用, 必须在此处设置currentUser用户信息
     //该方法可以用于判断请求源是否合法或加入一些全局的拦截操作
     @Override
     public void preExecute(final HttpRequest request, final HttpResponse response) throws IOException {
-        if (!request.getHeader("User-Agent", "").contains("Redkale-Agent")) {  //只用移动APP的接口可以判断User-Agent是否正确
-            response.addHeader("retcode", "10001");
-            response.addHeader("retmessage", "User-Agent error");
-            response.finish(201, "{'success':false, 'message':'User-Agent error, must be Redkale-Agent'}");
+        if (!request.getHeader("User-Agent", "").contains("Redkale-Agent")) {  //只用移动APP的接口可以判断User-Agent是否正确
+            response.addHeader("retcode", "10001");
+            response.addHeader("retmessage", "User-Agent error");
+            response.finish(201, "{'success':false, 'message':'User-Agent error, must be Redkale-Agent'}");
             return;
         }
         //可以加上一些统计操作
         if (fine) response.recycleListener((req, resp) -> {  //记录处理时间太长的请求操作
                 long e = System.currentTimeMillis() - request.getCreatetime();
-                if (e > 500) logger.fine("耗时居然用了 " + e + " 毫秒. 请求为: " + req);
+                if (e > 500) logger.fine("耗时居然用了 " + e + " 毫秒. 请求为: " + req);
             });
+        final String sessionid = request.getSessionid(false);
+        if (sessionid != null) request.setCurrentUser(userService.current(sessionid));
         response.nextEvent();
     }
 
     //一般用于判断用户的登录态, 返回false表示鉴权失败
     //moduleid值来自 @WebServlet.moduleid()用于定义模块ID; actionid值自来@HttpMapping.actionid()用于定义操作ID; 需要系统化的鉴权需要定义这两个值
     @Override
-    public void authenticate(HttpRequest request, HttpResponse response) throws IOException {
+    public void authenticate(HttpRequest request, HttpResponse response) throws IOException {
         UserInfo info = request.currentUser();
-        if (info == null) {
-            String sessionid = request.getSessionid(false);
-            if (sessionid != null) info = userService.current(sessionid);
-            if (info != null) request.setCurrentUser(info); //必须赋值给request.currentUser
-        }
         if (info == null) {
             response.finishJson(RetCodes.retResult(RetCodes.RET_USER_UNLOGIN));
             return;
-        } else if (!info.checkAuth(request.getModuleid(), request.getActionid())) {
+        } else if (!info.checkAuth(request.getModuleid(), request.getActionid())) {
             response.finishJson(RetCodes.retResult(RetCodes.RET_USER_AUTH_ILLEGAL));
             return;
         }
diff --git a/service.html b/service.html
index b7f2c5427..fc284c66b 100644
--- a/service.html
+++ b/service.html
@@ -421,16 +421,17 @@
     @Resource
     private UserService userService;
 
+    @Override
+    public void preExecute(HttpRequest request, HttpResponse response) throws IOException {
+        final String sessionid = request.getSessionid(false);
+        if (sessionid != null) request.setCurrentUser(userService.current(sessionid));
+        response.nextEvent();
+    }
+
     //普通鉴权
     @Override
     public void authenticate(HttpRequest request, HttpResponse response) throws IOException {
-
         UserInfo info = request.currentUser();
-        if (info == null) {
-            String sessionid = request.getSessionid(false);
-            if (sessionid != null) info = userService.current(sessionid);
-            if (info != null) request.setCurrentUser(info); //必须赋值给request.currentUser
-        }
         if (info == null) {
             response.finishJson(RET_UNLOGIN);
             return;