org.apache.shiro.session.mgt.DefaultSessionKey Java Examples
The following examples show how to use
org.apache.shiro.session.mgt.DefaultSessionKey.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ShiroUtils.java From jsets-shiro-spring-boot-starter with Apache License 2.0 | 5 votes |
/** * 强制退出 * * @param sessionId * 退出的sessionId */ public static boolean forceLogout(String sessionId) { try { Session session = shiroConfig().getSessionManager().getSession(new DefaultSessionKey(sessionId)); if (session != null) { session.setAttribute(ShiroProperties.ATTRIBUTE_SESSION_FORCE_LOGOUT, Boolean.TRUE); } return Boolean.TRUE; } catch (UnknownSessionException e) { LOGGER.warn(e.getMessage(), e); } return Boolean.FALSE; }
Example #2
Source File: KeepOneUserFilter.java From jsets-shiro-spring-boot-starter with Apache License 2.0 | 4 votes |
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception { Subject subject = getSubject(request, response); if (!subject.isAuthenticated() && !subject.isRemembered()) { return this.respondLogin(request, response); } String account = (String) subject.getPrincipal(); String loginedSessionId = this.cacheDelegator.getKeepUser(account); Session loginedSession = null; Session currentSession = subject.getSession(); String currentSessionId = (String) currentSession.getId(); if(currentSessionId.equals(loginedSessionId)) { return true; } else if (Strings.isNullOrEmpty(loginedSessionId)){ this.cacheDelegator.putKeepUser(account, currentSessionId); return true; } else if (null==currentSession.getAttribute(ShiroProperties.ATTRIBUTE_SESSION_KICKOUT)) { this.cacheDelegator.putKeepUser(account, currentSessionId); try{ loginedSession = this.sessionManager.getSession(new DefaultSessionKey(loginedSessionId)); if(null != loginedSession){ loginedSession.setAttribute(ShiroProperties.ATTRIBUTE_SESSION_KICKOUT,Boolean.TRUE); } } catch(SessionException e){ LOGGER.warn(e.getMessage()); } } if (null!=currentSession.getAttribute(ShiroProperties.ATTRIBUTE_SESSION_KICKOUT)) { subject.logout(); String loginedHost = ""; Date loginedTime = null; if(null != loginedSession){ loginedHost = loginedSession.getHost(); loginedTime = loginedSession.getStartTimestamp(); } this.authListenerManager.onKeepOneKickout(request, account, loginedHost, loginedTime); return this.respondRedirect(request, response,this.properties.getKickoutUrl()); } return true; }
Example #3
Source File: LogoutService.java From centraldogma with Apache License 2.0 | 4 votes |
@Override protected HttpResponse doPost(ServiceRequestContext ctx, HttpRequest req) throws Exception { return HttpResponse.from( req.aggregate().thenApply(msg -> AuthTokenExtractors.oAuth2().apply( RequestHeaders.of(msg.headers()))) .thenApplyAsync(token -> { if (token == null) { return HttpResponse.of(HttpStatus.OK); } final String sessionId = token.accessToken(); // Need to set the thread-local security manager to silence // the UnavailableSecurityManagerException logged at DEBUG level. ThreadContext.bind(securityManager); try { final Session session = securityManager.getSession(new DefaultSessionKey(sessionId)); if (session != null) { final Subject currentUser = new Subject.Builder(securityManager) .sessionCreationEnabled(false) .sessionId(sessionId) .buildSubject(); // Get the principal before logging out because otherwise it will be cleared out. final String username = (String) currentUser.getPrincipal(); currentUser.logout(); } } catch (Throwable t) { logger.warn("{} Failed to log out: {}", ctx, sessionId, t); } finally { ThreadContext.unbindSecurityManager(); } // Do not care the exception raised before, then try to remove session from the // Central Dogma session manager. If it succeeded, the session ID has been also // invalidated so that the logout request with the session ID would not come here again. return HttpResponse.from( logoutSessionPropagator.apply(sessionId).handle((unused, cause) -> { if (cause != null) { return HttpResponse.of(HttpApiUtil.newResponse( ctx, HttpStatus.INTERNAL_SERVER_ERROR, cause)); } else { return HttpResponse.of(HttpStatus.OK); } })); }, ctx.blockingTaskExecutor())); }
Example #4
Source File: UserOnlineServiceImpl.java From belling-admin with Apache License 2.0 | 4 votes |
@Override public Session getSessionBysessionId(Serializable sessionId) { Session session = sessionManager.getSession(new DefaultSessionKey(sessionId)); return session; }