From a9a9516b4afdc19e5ea1e0883b5b0e59b2a1fcb8 Mon Sep 17 00:00:00 2001 From: menghaining Date: Wed, 15 Mar 2023 10:59:42 +0800 Subject: [PATCH] fix issue781:cwe-613 Signed-off-by: menghaining --- .../cskefu/cc/controller/admin/UsersController.java | 4 ++++ .../cskefu/cc/interceptor/UserInterceptorHandler.java | 10 ++++++++++ .../java/com/cskefu/cc/proxy/AgentSessionProxy.java | 7 +++++++ 3 files changed, 21 insertions(+) diff --git a/contact-center/app/src/main/java/com/cskefu/cc/controller/admin/UsersController.java b/contact-center/app/src/main/java/com/cskefu/cc/controller/admin/UsersController.java index c01ceb1b..f9088b34 100644 --- a/contact-center/app/src/main/java/com/cskefu/cc/controller/admin/UsersController.java +++ b/contact-center/app/src/main/java/com/cskefu/cc/controller/admin/UsersController.java @@ -38,6 +38,7 @@ import com.cskefu.cc.persistence.repository.PbxHostRepository; import com.cskefu.cc.persistence.repository.RoleRepository; import com.cskefu.cc.persistence.repository.UserRepository; import com.cskefu.cc.persistence.repository.UserRoleRepository; +import com.cskefu.cc.proxy.AgentSessionProxy; import com.cskefu.cc.proxy.OrganProxy; import com.cskefu.cc.proxy.UserProxy; import com.cskefu.cc.util.Menu; @@ -163,6 +164,9 @@ public class UsersController extends Handler { organUserRes.delete(organUsers); userRepository.delete(dbUser); + + AgentSessionProxy agentSessionProxy = MainContext.getContext().getBean(AgentSessionProxy.class); + agentSessionProxy.deleteUserSession(dbUser.getId(), dbUser.getOrgi()); } } else { msg = "admin_user_not_exist"; diff --git a/contact-center/app/src/main/java/com/cskefu/cc/interceptor/UserInterceptorHandler.java b/contact-center/app/src/main/java/com/cskefu/cc/interceptor/UserInterceptorHandler.java index c4e7b442..5714a4d9 100644 --- a/contact-center/app/src/main/java/com/cskefu/cc/interceptor/UserInterceptorHandler.java +++ b/contact-center/app/src/main/java/com/cskefu/cc/interceptor/UserInterceptorHandler.java @@ -24,6 +24,7 @@ import com.cskefu.cc.model.Dict; import com.cskefu.cc.model.Organ; import com.cskefu.cc.model.SystemConfig; import com.cskefu.cc.model.User; +import com.cskefu.cc.proxy.AgentSessionProxy; import com.cskefu.cc.proxy.OrganProxy; import com.cskefu.cc.proxy.UserProxy; import com.cskefu.cc.util.Menu; @@ -52,6 +53,15 @@ public class UserInterceptorHandler extends HandlerInterceptorAdapter { User user = (User) request.getSession(true).getAttribute(Constants.USER_SESSION_NAME); Organ organ = (Organ) request.getSession(true).getAttribute(Constants.ORGAN_SESSION_NAME); + if(user != null){ + AgentSessionProxy agentSessionProxy = MainContext.getContext().getBean(AgentSessionProxy.class); + if(agentSessionProxy.isInvalidSessionId(user.getId(),MainUtils.getContextID(request.getSession().getId()),user.getOrgi())){ + request.getSession().invalidate(); + response.sendRedirect("/login.html"); + return false; + } + } + if (handler instanceof HandlerMethod) { HandlerMethod handlerMethod = (HandlerMethod) handler; Menu menu = handlerMethod.getMethod().getAnnotation(Menu.class); diff --git a/contact-center/app/src/main/java/com/cskefu/cc/proxy/AgentSessionProxy.java b/contact-center/app/src/main/java/com/cskefu/cc/proxy/AgentSessionProxy.java index 3b776d18..0e4ad407 100644 --- a/contact-center/app/src/main/java/com/cskefu/cc/proxy/AgentSessionProxy.java +++ b/contact-center/app/src/main/java/com/cskefu/cc/proxy/AgentSessionProxy.java @@ -105,4 +105,11 @@ public class AgentSessionProxy { // logger.info("[isInvalidSessionId] result {}", result); return result; } + + public void deleteUserSession(final String agentno, final String orgi) { + if (cache.existUserSessionByAgentnoAndOrgi(agentno, orgi)) { + logger.info("[deleteUserSession] agentno {}, orgi {}", agentno, orgi); + cache.deleteUserSessionByAgentnoAndOrgi(agentno, orgi); + } + } }