Shiro限制帐号只能在一处登录
/**
* 登录
*/
@SysLog("登录")
@ResponseBody
@RequestMapping(value = "/login", method = RequestMethod.POST)
public R login(String usercode, String password, String captcha)throws IOException {
/*String kaptcha = ShiroUtils.getKaptcha(Constants.KAPTCHA_SESSION_KEY);
if(!captcha.equalsIgnoreCase(kaptcha)){
return R.error("验证码不正确");
}*/
try{
Subject subject = ShiroUtils.getSubject();
//sha256加密
password = MD5Utils.encrypt(usercode, password);
UsernamePasswordToken token = new UsernamePasswordToken(usercode, password);
subject.login(token);
// 剔除其他此账号在其它地方登录
List<Session> loginedList = getLoginedSession(subject);
for (Session session : loginedList) {
session.stop();
}
}catch (UnknownAccountException e) {
return R.error(e.getMessage());
}catch (IncorrectCredentialsException e) {
return R.error(e.getMessage());
}catch (LockedAccountException e) {
return R.error(e.getMessage());
}catch (AuthenticationException e) {
return R.error("账户验证失败");
}
return R.ok().put("userType",1);//将当前用户类型返回给前台
}
//遍历同一个账户的session
private List<Session> getLoginedSession(Subject currentUser) {
Collection<Session> list = ((DefaultSessionManager) ((DefaultSecurityManager) SecurityUtils
.getSecurityManager()).getSessionManager()).getSessionDAO()
.getActiveSessions();
List<Session> loginedList = new ArrayList<Session>();
SysUserEntity loginUser = (SysUserEntity) currentUser.getPrincipal();
for (Session session : list) {
Subject s = new Subject.Builder().session(session).buildSubject();
if (s.isAuthenticated()) {
SysUserEntity user = (SysUserEntity) s.getPrincipal();
if (user.getUsercode().equalsIgnoreCase(loginUser.getUsercode())) {
if (!session.getId().equals(
currentUser.getSession().getId())) {
loginedList.add(session);
}
}
}
}
return loginedList;
}声明:该文观点仅代表作者本人,牛骨文系教育信息发布平台,牛骨文仅提供信息存储空间服务。
