shiro框架 实现一个用户登录其他用户无法登录

在MyRealm类里 代码如下

import com.sddz.healthcard.dto.JsonResult;
import com.sddz.healthcard.entity.SysRole;
import com.sddz.healthcard.entity.SysUser;
import com.sddz.healthcard.service.SysRolePermissionService;
import com.sddz.healthcard.service.SysRoleService;
import com.sddz.healthcard.service.SysUserRoleService;
import com.sddz.healthcard.service.SysUserService;
import com.sddz.healthcard.util.ShiroUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.UnknownSessionException;
import org.apache.shiro.session.mgt.eis.SessionDAO;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.support.DefaultSubjectContext;
import org.apache.shiro.util.ByteSource;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

/**
 * 类的功能描述.
 * shiro 认证
 *
 * @Auther hxy
 * @Date 2017/4/27
 */
@Component
public class MyRealm extends AuthorizingRealm {

    private static final Logger logger = LoggerFactory.getLogger(MyRealm.class);
    @Autowired
    private SysUserService userService;

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        //1.授权信息,可以添加权限或者角色
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        SysUser sysUser = (SysUser) principals.getPrimaryPrincipal();
        info.addStringPermissions(sysUser.getPermissions());
        return info;
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

       /*//1.获取用户名
        String userLoginName= (String) token.getPrincipal();
        // 2.数据库中查询该用户
        SysUser user = userService.queryUserByLoginName(userLoginName);
        if(user.getStatus() == "1"){
            throw new LockedAccountException();
        }
        // 3.shiro认证登录
        SimpleAuthenticationInfo sainfo = new SimpleAuthenticationInfo(user, user.getPassword(), ByteSource.Util.bytes(user.getSalt()), getName());
        return sainfo;*/

       //apache shiro获取所有在线用户

        String userLoginName= (String) token.getPrincipal();
        // 2.数据库中查询该用户
        SysUser user = userService.queryUserByLoginName(userLoginName);
        if(user.getStatus() == "1"){
            throw new LockedAccountException();
        }

        //处理session
        DefaultWebSecurityManager securityManager = (DefaultWebSecurityManager) SecurityUtils.getSecurityManager();
        DefaultWebSessionManager sessionManager = (DefaultWebSessionManager)securityManager.getSessionManager();
        Collection sessions = sessionManager.getSessionDAO().getActiveSessions();//获取当前已登录的用户session列表
        for(Session session:sessions){
            String loginUsername = String.valueOf(session.getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY));//获得session中已经登录用户的名字

            if(loginUsername.contains(userLoginName)){ //这里的username也就是当前登录的username
              session.setTimeout(0); //这里就把session清除,
                throw new UnknownSessionException();//必须抛异常
            }
        }
        //3.shiro认证登录
        SimpleAuthenticationInfo sainfo = new SimpleAuthenticationInfo(user, user.getPassword(), ByteSource.Util.bytes(user.getSalt()), getName());
        return sainfo;
    }
    @Override
    public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) {
        HashedCredentialsMatcher shaCredentialsMatcher = new HashedCredentialsMatcher();
        shaCredentialsMatcher.setHashAlgorithmName(ShiroUtils.algorithmName);
        shaCredentialsMatcher.setHashIterations(ShiroUtils.hashIterations);
        super.setCredentialsMatcher(shaCredentialsMatcher);
    }
}

你可能感兴趣的:(shiro框架 实现一个用户登录其他用户无法登录)