session共享
登录缓存清理 缓存更换为redis缓存代码提交
This commit is contained in:
段冬梅
@@ -1,12 +1,26 @@
|
||||
package com.nis.web.controller.sys;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.apache.commons.beanutils.BeanUtils;
|
||||
import org.apache.derby.tools.sysinfo;
|
||||
import org.apache.shiro.SecurityUtils;
|
||||
import org.apache.shiro.authc.AuthenticationInfo;
|
||||
import org.apache.shiro.authc.AuthenticationToken;
|
||||
import org.apache.shiro.authz.annotation.RequiresPermissions;
|
||||
import org.apache.shiro.cache.Cache;
|
||||
import org.apache.shiro.mgt.RealmSecurityManager;
|
||||
import org.apache.shiro.realm.Realm;
|
||||
import org.apache.shiro.session.Session;
|
||||
import org.apache.shiro.subject.PrincipalCollection;
|
||||
import org.apache.shiro.subject.SimplePrincipalCollection;
|
||||
import org.apache.shiro.subject.support.DefaultSubjectContext;
|
||||
import org.crazycake.shiro.RedisCache;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.ui.Model;
|
||||
import org.springframework.web.bind.annotation.ModelAttribute;
|
||||
@@ -22,11 +36,15 @@ import com.nis.domain.Page;
|
||||
import com.nis.domain.SysRole;
|
||||
import com.nis.domain.SysUser;
|
||||
import com.nis.util.DateUtils;
|
||||
import com.nis.util.IpUtil;
|
||||
import com.nis.util.StringUtil;
|
||||
import com.nis.util.StringUtils;
|
||||
import com.nis.util.excel.ExportExcel;
|
||||
import com.nis.web.controller.BaseController;
|
||||
import com.nis.web.security.SystemAuthorizingRealm;
|
||||
import com.nis.web.security.SystemAuthorizingRealm.Principal;
|
||||
import com.nis.web.security.UserUtils;
|
||||
import com.nis.web.security.UsernamePasswordToken;
|
||||
|
||||
@Controller
|
||||
@RequestMapping("${adminPath}/sys/user")
|
||||
@@ -97,7 +115,7 @@ public class UserController extends BaseController{
|
||||
return form(user, model);
|
||||
}*/
|
||||
if (!"true".equals(checkLoginName(user.getOldLoginId(), user.getLoginId()))){
|
||||
addMessage(redirectAttributes,"error", "save_failed");
|
||||
addMessage(model,"error", "save_failed");
|
||||
return form(user, model);
|
||||
}
|
||||
// 角色数据有效性验证,过滤不在授权内的角色
|
||||
@@ -264,6 +282,7 @@ public class UserController extends BaseController{
|
||||
|
||||
/**
|
||||
* 修改个人用户密码
|
||||
*
|
||||
* @param oldPassword
|
||||
* @param newPassword
|
||||
* @param model
|
||||
@@ -273,20 +292,44 @@ public class UserController extends BaseController{
|
||||
@RequestMapping(value = "modifyPwd")
|
||||
public String modifyPwd(String oldPassword, String newPassword, Model model) {
|
||||
SysUser user = UserUtils.getUser();
|
||||
if (StringUtils.isNotBlank(oldPassword) && StringUtils.isNotBlank(newPassword)){
|
||||
|
||||
if (StringUtils.validatePassword(oldPassword, user.getPassword())){
|
||||
if (StringUtils.isNotBlank(oldPassword) && StringUtils.isNotBlank(newPassword)) {
|
||||
if (StringUtils.validatePassword(oldPassword, user.getPassword())) {
|
||||
userService.updatePasswordById(user.getId(), user.getLoginId(), newPassword);
|
||||
Session curSession = UserUtils.getSession();// 当前登录用户的session
|
||||
Principal principal = UserUtils.getPrincipal();// 当前登录用户的鉴权信息
|
||||
// 过滤 当前用户的 非此客户的其它登录信息
|
||||
Collection<Session> allOtherSession = systemService.getActiveSessions(true, principal, curSession);
|
||||
if (allOtherSession.size() > 0) {
|
||||
// 如果是登录进来的,则踢出已在线用户
|
||||
if (UserUtils.getSubject().isAuthenticated()) {
|
||||
for (Session session : allOtherSession) {
|
||||
systemService.deleteSession(session);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
RealmSecurityManager securityManager = (RealmSecurityManager) SecurityUtils.getSecurityManager();
|
||||
Collection<Realm> realm = securityManager.getRealms();
|
||||
for (Realm realm2 : realm) {
|
||||
SystemAuthorizingRealm userRealm = (SystemAuthorizingRealm) realm2;
|
||||
RedisCache<Object, AuthenticationInfo> cache = (RedisCache<Object, AuthenticationInfo>) userRealm.getAuthenticationCache();
|
||||
String keyPrefix = cache.getKeyPrefix();
|
||||
for (AuthenticationInfo auth : cache.values()) {
|
||||
userRealm.getAuthenticationCache().remove(auth.getPrincipals().getPrimaryPrincipal());
|
||||
}
|
||||
systemService.deleteAuthenticationCache(keyPrefix + user.getName());
|
||||
systemService.deleteAuthenticationCache(keyPrefix + user.getId());
|
||||
}
|
||||
|
||||
model.addAttribute("message", "update_success");
|
||||
}else{
|
||||
} else {
|
||||
model.addAttribute("message", "update_failed");
|
||||
}
|
||||
}
|
||||
model.addAttribute("user", user);
|
||||
return "/sys/userModifyPwd";
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user