欧美香蕉网,欧美日韩国产在线,日韩女同

我這里 shiro 并沒有集成 springMVC，直接使用 ini 配置文件。

shiro.ini

				?

									[main]

									# Objects and their properties are defined here,

									# Such as the securityManager, Realms and anything

									# else needed to build the SecurityManager

									authc.loginUrl = /login.jsp

									authc.successUrl = /web/index.jsp

									#cache manager

									builtInCacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager

									securityManager=org.apache.shiro.web.mgt.DefaultWebSecurityManager

									securityManager.cacheManager = $builtInCacheManager

									securityManager.sessionManager=$sessionManager

									#session 必須配置session，強制退出時，通過將session移除實現

									sessionManager=org.apache.shiro.web.session.mgt.DefaultWebSessionManager

									sessionManager.sessionDAO=$sessionDAO

									sessionDAO=org.apache.shiro.session.mgt.eis.MemorySessionDAO

									# Create ldap realm

									ldapRealm = org.apache.shiro.realm.ldap.JndiLdapRealm

									#......

									# Configure JDBC realm datasource

									dataSource = org.postgresql.ds.PGPoolingDataSource

									#.......

									# Create JDBC realm.

									jdbcRealm.permissionsLookupEnabled = true

									jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm

									jdbcRealm.userRolesQuery = ......

									jdbcRealm.permissionsQuery = ......

									jdbcRealm.dataSource = $dataSource

									#self realm

									localAuthorizingRealm = com.redbudtek.shiro.LocalAuthorizingRealm

									securityManager.realms = $ldapRealm, $localAuthorizingRealm

在 LocalAuthorizingRealm 中，用戶登錄進行認證之前，先將該用戶的其他session移除：

				?

									@Override

									protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {

									String userName = (String)authenticationToken.getPrincipal();

									//處理session

									DefaultWebSecurityManager securityManager = (DefaultWebSecurityManager) SecurityUtils.getSecurityManager();

									DefaultWebSessionManager sessionManager = (DefaultWebSessionManager)securityManager.getSessionManager();

									Collection<Session> sessions = sessionManager.getSessionDAO().getActiveSessions();//獲取當前已登錄的用戶session列表

									for(Session session:sessions){

									//清除該用戶以前登錄時保存的session

									if(userName.equals(String.valueOf(session.getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY)))) {

									sessionManager.getSessionDAO().delete(session);

									}

									}

									String pwd = null;

									return new SimpleAuthenticationInfo(userName,pwd,getName());

									}