优化session。不自动创建session

hsweb-web-controller/src/main/java/org/hsweb/web/controller/login/AuthorizeController.java

@@ -16,12 +16,10 @@
 
 package org.hsweb.web.controller.login;
 
-import org.apache.commons.beanutils.BeanUtils;
 import org.apache.commons.beanutils.BeanUtilsBean;
-import org.hsweb.web.bean.common.QueryParam;
+import org.hsweb.commons.MD5;
 import org.hsweb.web.bean.po.user.User;
 import org.hsweb.web.core.authorize.annotation.Authorize;
-import org.hsweb.web.core.exception.AuthorizeException;
 import org.hsweb.web.core.exception.AuthorizeForbiddenException;
 import org.hsweb.web.core.exception.NotFoundException;
 import org.hsweb.web.core.logger.annotation.AccessLogger;
@@ -38,13 +36,10 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
-import org.hsweb.commons.MD5;
 
 import javax.annotation.PostConstruct;
 import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
-import java.lang.reflect.InvocationTargetException;
-import java.math.BigInteger;
 
 /**
  * 授权控制器,用于登录系统

hsweb-web-core/src/main/java/org/hsweb/web/core/utils/WebUtil.java

@@ -60,7 +60,9 @@ public class WebUtil {
      */
     public static User getLoginUser(HttpServletRequest request) {
         if (request == null) return null;
-        return getLoginUser(request.getSession());
+        HttpSession session = request.getSession(false);
+        if (session == null) return null;
+        return getLoginUser(session);
     }
 
     public static Map<String, String> getHeaders(HttpServletRequest request) {