在MyRealm类里 代码如下
import com.sddz.healthcard.dto.JsonResult;
import com.sddz.healthcard.entity.SysRole;
import com.sddz.healthcard.entity.SysUser;
import com.sddz.healthcard.service.SysRolePermissionService;
import com.sddz.healthcard.service.SysRoleService;
import com.sddz.healthcard.service.SysUserRoleService;
import com.sddz.healthcard.service.SysUserService;
import com.sddz.healthcard.util.ShiroUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.UnknownSessionException;
import org.apache.shiro.session.mgt.eis.SessionDAO;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.support.DefaultSubjectContext;
import org.apache.shiro.util.ByteSource;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
/**
* 类的功能描述.
* shiro 认证
*
* @Auther hxy
* @Date 2017/4/27
*/
@Component
public class MyRealm extends AuthorizingRealm {
private static final Logger logger = LoggerFactory.getLogger(MyRealm.class);
@Autowired
private SysUserService userService;
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
//1.授权信息,可以添加权限或者角色
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
SysUser sysUser = (SysUser) principals.getPrimaryPrincipal();
info.addStringPermissions(sysUser.getPermissions());
return info;
}
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
/*//1.获取用户名
String userLoginName= (String) token.getPrincipal();
// 2.数据库中查询该用户
SysUser user = userService.queryUserByLoginName(userLoginName);
if(user.getStatus() == "1"){
throw new LockedAccountException();
}
// 3.shiro认证登录
SimpleAuthenticationInfo sainfo = new SimpleAuthenticationInfo(user, user.getPassword(), ByteSource.Util.bytes(user.getSalt()), getName());
return sainfo;*/
//apache shiro获取所有在线用户
String userLoginName= (String) token.getPrincipal();
// 2.数据库中查询该用户
SysUser user = userService.queryUserByLoginName(userLoginName);
if(user.getStatus() == "1"){
throw new LockedAccountException();
}
//处理session
DefaultWebSecurityManager securityManager = (DefaultWebSecurityManager) SecurityUtils.getSecurityManager();
DefaultWebSessionManager sessionManager = (DefaultWebSessionManager)securityManager.getSessionManager();
Collection<Session> sessions = sessionManager.getSessionDAO().getActiveSessions();//获取当前已登录的用户session列表
for(Session session:sessions){
String loginUsername = String.valueOf(session.getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY));//获得session中已经登录用户的名字
if(loginUsername.contains(userLoginName)){ //这里的username也就是当前登录的username
session.setTimeout(0); //这里就把session清除,
throw new UnknownSessionException();//必须抛异常
}
}
//3.shiro认证登录
SimpleAuthenticationInfo sainfo = new SimpleAuthenticationInfo(user, user.getPassword(), ByteSource.Util.bytes(user.getSalt()), getName());
return sainfo;
}
@Override
public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) {
HashedCredentialsMatcher shaCredentialsMatcher = new HashedCredentialsMatcher();
shaCredentialsMatcher.setHashAlgorithmName(ShiroUtils.algorithmName);
shaCredentialsMatcher.setHashIterations(ShiroUtils.hashIterations);
super.setCredentialsMatcher(shaCredentialsMatcher);
}
}