## 请求接口如下
```
@RequestMapping("login")
@ResponseBody
public DTO login(String userName,String password){
//密码加密
try{
UsernamePasswordToken token = new UsernamePasswordToken(userName,password);
Subject subject = SecurityUtils.getSubject();
subject.login(token);
Collection sessions = redisSessionDAO.getActiveSessions();
if (subject.isAuthenticated()) {
for (Session session : sessions) {
//方法一、当第二次登录时,给出提示“用户已登录”,停留在登录页面
if (userName.equals(session.getAttribute("USERNAME"))) {
subject.logout();
msg="该账号已登录";
}
}
}
if(StringUtils.isNotBlank(msg)){
subject.getSession().setTimeout(3600000L);//超时时间
User user = (User)subject.getPrincipal();</