权限判定之前加上用户是否被顶掉校验

src/main/java/com/diagbot/config/security/UrlAccessDecisionManager.java

@@ -31,16 +31,25 @@ public class UrlAccessDecisionManager implements AccessDecisionManager {
     private TokenFacade tokenFacade;
 
     @Override
-    public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException{
+    public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
         HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
         String url, method;
+        String tokenStr = HttpUtils.getHeaders(request).get("Authorization");
+        //用户是否被顶掉校验
+        if (StringUtil.isNotEmpty(tokenStr) && !matchNotCheckUrl(request)) {
+            tokenStr = tokenStr.replaceFirst("Bearer ", "");
+            int res = tokenFacade.newVerifyToken(tokenStr, 1);
+            if (-1 == res) {
+                throw new CommonException(CommonErrorCode.SERVER_IS_ERROR, "该账号在其他地方登录。");
+            }
+        }
         if (matchPermitAllUrl(request)) {
             return;
         }
         if ("anonymousUser".equals(authentication.getPrincipal())) {
             throw new AccessDeniedException("no right");
         } else {
-            String tokenStr = HttpUtils.getHeaders(request).get("Authorization");
+
             if (StringUtil.isNotEmpty(tokenStr)) {
                 tokenStr = tokenStr.replaceFirst("Bearer ", "");
 //                Boolean res = tokenFacade.verifyToken(tokenStr, 1);
@@ -65,6 +74,30 @@ public class UrlAccessDecisionManager implements AccessDecisionManager {
         throw new AccessDeniedException("无接口访问权限！");
     }
 
+    private boolean matchNotCheckUrl(HttpServletRequest request) {
+        if (matchers("/swagger/**", request)
+                || matchers("/v2/**", request)
+                || matchers("/swagger-ui.html/**", request)
+                || matchers("/swagger-resources/**", request)
+                || matchers("/webjars/**", request)
+                || matchers("/druid/**", request)
+                || matchers("/actuator/**", request)
+                || matchers("/hystrix/**", request)
+                || matchers("/sys/user/getJwt", request)
+                || matchers("/sys/user/logout", request)
+                || matchers("/sys/user/getCaptcha", request)
+                || matchers("/sys/user/getHospitalMark", request)
+                || matchers("/sys/user/getJwtNoPass", request)
+                || matchers("/sys/user/refreshJwt", request)
+                || matchers("/sys/dictionaryInfo/getDictionary", request)
+                || matchers("/sys/user/checkToken", request)
+                || matchers("/oauth/token", request)
+                || matchers("/oauth/check_token", request)
+                || matchers("/cache/clear", request)) {
+            return true;
+        }
+        return false;
+    }
 
     @Override
     public boolean supports(ConfigAttribute attribute) {

src/main/java/com/diagbot/facade/SysUserFacade.java

@@ -169,7 +169,7 @@ public class SysUserFacade extends SysUserServiceImpl {
 
         // 验证码校验
         String captchaId = request.getSession().getId();
-//        checkCaptcha(captchaId, captcha, redisUtils);
+        checkCaptcha(captchaId, captcha, redisUtils);
         //使用MD5对密码进行加密
         String MD5Password = DigestUtils.md5DigestAsHex(password.getBytes());
         QueryWrapper<SysUser> userQueryWrapper = new QueryWrapper<>();

src/main/resources/mapper/SysUserMapper.xml

@@ -128,5 +128,7 @@
         <if test="linkman != null and linkman != ''">
             and t3.linkman like CONCAT('%',#{linkman},'%')
         </if>
+        ORDER BY
+        t3.locked
     </select>
 </mapper>