思路:
1.手机app的每一次请求都携带参数(每个手机的唯一设备号),放在请求头中.当app登录成功之后,获取参数存到数据库中.
2.添加拦截器,获取请求头里面的唯一设备号,如果和当前登陆者数据库里面的一致,则通过,否则返回false,提示设备已经登录.
拦截器配置:
<mvc:interceptors> <!-- 放sql注入攻击防御 --> <mvc:interceptor> <!-- 需拦截的地址 --> <mvc:mapping path="/**" /> <!-- 需排除拦截的地址 --> <mvc:exclude-mapping path="/resources/**" /> <mvc:exclude-mapping path="/api/auth/cas-app/login" /> <mvc:exclude-mapping path="/auth/cas-app/login" /> <bean class="com.boeryun.interceptor.AppMutexInterceptor" /> </mvc:interceptor> </mvc:interceptors>
拦截器:
public class AppMutexInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o) throws Exception { if(("android".equals(Global.getRequest().getHeader("DEVICE-USER-AGENT")) || "ios".equals(Global.getRequest().getHeader("DEVICE-USER-AGENT")))){ String deviceNumber = Global.getRequest().getHeader("deviceNumber"); String sql = MessageFormat.format(" select deviceModel from {0} where uuid =''{1}'' ", DbHelper.getTableName("base_staff"),Global.getUserId()); if(DbHelper.getScalar(sql)!=null && DbHelper.getScalar(sql).toString().equals(deviceNumber) ){ return true; }else{ // response.setHeader("Content-Type", "text/html;charset=UTF-8"); response.setCharacterEncoding("UTF-8"); response.setContentType("application/json; charset=utf-8"); JSONObject map = new JSONObject(); map.put("Status", "502"); map.put("Message","您的账号在另外一台设备登录!"); response.getWriter().append(map.toString()); return false; } } return true; } @Override public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception { } @Override public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception { } }