shiro框架實現單點登入
阿新 • • 發佈:2019-01-08
import org.apache.shiro.session.Session;
import org.apache.shiro.session.mgt.eis.SessionDAO;
public class MyShiroRealm extends AuthorizingRealm {
private static final Logger logger = LoggerFactory.getLogger(MyShiroRealm.class);
@Autowired
private SessionDAO sessionDAO;
@Override
protected AuthenticationInfo doGetAuthenticationInfo(
AuthenticationToken authcToken) throws AuthenticationException {
UsernamePasswordCaptchaToken token = (UsernamePasswordCaptchaToken) authcToken;
String loginName = token.getUsername();
// 踢出已登入的使用者
Collection<Session> sessions = sessionDAO.getActiveSessions();
for (Session session : sessions) {
if (loginName.equals(String.valueOf(session.getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY)))) {
session.setTimeout(0);// 設定session立即失效,即將其踢出系統
break;
}
}
...
}