shiro实现账号同一时间只能在一处登录(非单点登录)

时间:2023-01-30 20:24:53
<bean id="myRealm" class="com.sys.shiro.MyRealm" />

    <bean id="sessionDAO" class="org.apache.shiro.session.mgt.eis.MemorySessionDAO">

    </bean>

<bean id="sessionManager"

        class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">

        <property name="globalSessionTimeout" value="" />

        <property name="deleteInvalidSessions" value="true" />

        <property name="sessionValidationSchedulerEnabled" value="true" />

        <property name="sessionValidationInterval" value="" />

        <property name="sessionIdCookie" ref="sessionIdCookie" />

        <property name="sessionDAO" ref="sessionDAO"/>

    </bean>

<!-- Shiro默认会使用Servlet容器的Session,可通过sessionMode属性来指定使用Shiro原生Session -->

    <!-- 即<property name="sessionMode" value="native"/>,详细说明见官方文档 -->

    <!-- 这里主要是设置自定义的单Realm应用,若有多个Realm,可使用'realms'属性代替 -->

    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">

        <property name="cacheManager" ref="shiroCacheManager" />

        <property name="realm" ref="myRealm" />

        <property name="sessionManager" ref="sessionManager" />

    </bean>
/***

     * 实现用户登录

     *

     * @param username

     * @param password

     * @return

     */

    @RequestMapping(value = "doLogin")

    public ModelAndView Login(String username, String password) {

        ModelAndView mav = new ModelAndView();

        User user = loginService.getUser(username);

        if (user == null) {

            mav.setViewName("login");

            mav.addObject("msg", "用户不存在");

            return mav;

        }

        if (!user.getPassword().equals(password)) {

            mav.setViewName("login");

            mav.addObject("msg", "账号密码错误");

            return mav;

        }

        Collection<Session> sessions = sessionDao.getActiveSessions();

        for (Session session : sessions) {

            System.out.println("登录用户" + session.getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY));

            if (session.getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY) != null) {

                mav.setViewName("login");

                mav.addObject("msg", "该用户已登录");

                return mav;

            }

        }

        /*

         * SecurityUtils.getSecurityManager().logout(SecurityUtils.getSubject())

         * ;

         */

        // 登录后存放进shiro token

        UsernamePasswordToken token = new UsernamePasswordToken(user.getName(), user.getPassword());

        Subject subject = SecurityUtils.getSubject();

        subject.login(token);

        // 登录成功后会跳转到successUrl配置的链接,不用管下面返回的链接。

        mav.setViewName("redirect:home");

        return mav;

    }

相关文章