Java Code Examples for org.apache.shiro.session.Session#removeAttribute()

The following examples show how to use org.apache.shiro.session.Session#removeAttribute() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: LoginController.java    From taoshop with Apache License 2.0 6 votes vote down vote up
/**
 * 注销登录
 * @return
 */
@RequestMapping(value="/logout")
public ModelAndView logout(){
    ModelAndView mv = this.getModelAndView();
    /* Shiro管理Session */
    Subject sub = SecurityUtils.getSubject();
    Session session = sub.getSession();
    session.removeAttribute(Constants.SESSION_USER);
    session.removeAttribute(Constants.SESSION_SECURITY_CODE);
    /* Shiro销毁登录 */
    Subject subject = SecurityUtils.getSubject();
    subject.logout();
    /* 返回后台系统登录界面 */
    mv.setViewName("login");
    return mv;
}
 
Example 2
Source File: AuthzLoginController.java    From spring-boot-starter-samples with Apache License 2.0 5 votes vote down vote up
@ApiOperation(value = "switchRole", notes = "切换角色")
@ApiImplicitParams({ @ApiImplicitParam(name = "roleid", value = "角色ID", dataType = "String") })
//@BusinessLog(module = Constants.Module.LOGIN, business = "切换角色", opt = BusinessType.LOGIN)
@RequestMapping(value = "switchRole", method = {RequestMethod.POST, RequestMethod.GET})
public String switchRole(String roleid) {
	try {

		AuthzLoginModel principal = SubjectUtils.getPrincipal(AuthzLoginModel.class);
		Session session = SubjectUtils.getSession();
		
		
		//SubjectUtils.getSubject().runAs(principals);
		
		if (StringUtils.isNotBlank(roleid) && (!StringUtils.equals(roleid, principal.getRoleid()))) {
			/*// 切换当前的角色信息
			getUser().setJsdm(jsdm);

			// 刷新shiro缓存
			AccountRealm shiroRealm = ServiceFactory.getService(DefaultAccountRealm.class);
			shiroRealm.clearAuthorizationCache();*/
			// 刷新shiro缓存
			// 删除用户数据范围标识
			session.removeAttribute("");
		}
	} catch (Exception e) {
		logException(this, e);
	}
	return "redirect:/index";
}
 
Example 3
Source File: AuthzLoginController.java    From spring-boot-starter-samples with Apache License 2.0 5 votes vote down vote up
@ApiOperation(value = "switchRole", notes = "切换角色")
@ApiImplicitParams({ @ApiImplicitParam(name = "roleid", value = "角色ID", dataType = "String") })
//@BusinessLog(module = Constants.Module.LOGIN, business = "切换角色", opt = BusinessType.LOGIN)
@RequestMapping(value = "switchRole", method = {RequestMethod.POST, RequestMethod.GET})
public String switchRole(String roleid) {
	try {

		AuthzLoginModel principal = SubjectUtils.getPrincipal(AuthzLoginModel.class);
		Session session = SubjectUtils.getSession();
		
		
		//SubjectUtils.getSubject().runAs(principals);
		
		if (StringUtils.isNotBlank(roleid) && (!StringUtils.equals(roleid, principal.getRoleid()))) {
			/*// 切换当前的角色信息
			getUser().setJsdm(jsdm);

			// 刷新shiro缓存
			AccountRealm shiroRealm = ServiceFactory.getService(DefaultAccountRealm.class);
			shiroRealm.clearAuthorizationCache();*/
			// 刷新shiro缓存
			// 删除用户数据范围标识
			session.removeAttribute("");
		}
	} catch (Exception e) {
		logException(this, e);
	}
	return "redirect:/index";
}
 
Example 4
Source File: UserManagerController.java    From cjs_ssms with GNU General Public License v2.0 5 votes vote down vote up
@RequestMapping("/mlogoutUser")
public String logout(UUser user, Model model) throws IOException {
  Subject subject = SecurityUtils.getSubject();
  Session session = subject.getSession();
  session.removeAttribute("UserName");
  return "redirect:../login.jsp";
}
 
Example 5
Source File: UserFrontController.java    From cjs_ssms with GNU General Public License v2.0 5 votes vote down vote up
@RequestMapping("/logoutUser")
public String logout(UUser user, Model model) throws IOException {
  Subject subject = SecurityUtils.getSubject();
  Session session = subject.getSession();
  //session.removeAttribute("userName");
  session.removeAttribute("sysbUserName");
  return "redirect:/index.jsp";
}
 
Example 6
Source File: FormAuthenticationCaptchaFilter.java    From cms with Apache License 2.0 5 votes vote down vote up
@Override
protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request,
                                 ServletResponse response) throws Exception {
    Session session = subject.getSession();

    session.removeAttribute(getLoginIncorrectNumberKeyAttribute());
    //session.setAttribute(SessionVariable.DEFAULT_SESSION_KEY, subject.getPrincipal());
    return super.onLoginSuccess(token, subject, request, response);
}
 
Example 7
Source File: AllOpenController.java    From JavaWeb with Apache License 2.0 5 votes vote down vote up
@GetMapping(value="/loginOut")
public void loginOut(HttpServletRequest request, 
 			             HttpServletResponse response){
	Session session = ShiroUtil.getSession();
	try{
		//专为websocket做的处理
		ChartController.user.remove(((User)session.getAttribute(Constant.SESSION_USER)).getUsername());
	}catch(Exception e){
		//出现异常暂时不管
	}
	Collection<Object> collections = session.getAttributeKeys();
	for(Object key:collections){
		session.removeAttribute(key);
	}
}
 
Example 8
Source File: CaptchaAuthenticationFilter.java    From base-framework with Apache License 2.0 5 votes vote down vote up
/**
 * 重写父类方法,当登录成功后,将allowLoginNum(允许登录次)设置为0,重置下一次登录的状态
 */
@Override
protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception {
	Session session = subject.getSession(false);
	
	session.removeAttribute(getLoginNumKeyAttribute());
	session.removeAttribute(getSessionShowCaptchaKeyAttribute());

	session.setAttribute("sv", subject.getPrincipal());
	return super.onLoginSuccess(token, subject, request, response);
}
 
Example 9
Source File: ShiroKit.java    From MeetingFilm with Apache License 2.0 4 votes vote down vote up
/**
 * 移除shiro指定的sessionKey
 */
public static void removeSessionAttr(String key) {
    Session session = getSession();
    if (session != null)
        session.removeAttribute(key);
}
 
Example 10
Source File: ShiroKit.java    From WebStack-Guns with MIT License 4 votes vote down vote up
/**
 * 移除shiro指定的sessionKey
 */
public static void removeSessionAttr(String key) {
    Session session = getSession();
    if (session != null)
        session.removeAttribute(key);
}
 
Example 11
Source File: LoginController.java    From taoshop with Apache License 2.0 4 votes vote down vote up
/**
 * 基于Shiro框架的登录验证,页面发送JSON请求数据,
 * 服务端进行登录验证之后,返回Json响应数据,"success"表示验证成功
 * @param request
 * @return
 * @throws Exception
 */
@RequestMapping(value="/loginCheck", produces="application/json;charset=UTF-8")
@ResponseBody
public String loginCheck(HttpServletRequest request)throws AuthenticationException {
    JSONObject obj = new JSONObject();
    String errInfo = "";//错误信息
    String logindata[] = request.getParameter("LOGINDATA").split(",");
    if(logindata != null && logindata.length == 3){
        //获取Shiro管理的Session
        Subject subject = SecurityUtils.getSubject();
        Session session = subject.getSession();
        String codeSession = (String)session.getAttribute(Constants.SESSION_SECURITY_CODE);
        String code = logindata[2];
        /**检测页面验证码是否为空,调用工具类检测**/
        if(StringUtils.isEmpty(code)){
            errInfo = "nullcode";
        }else{
            String username = logindata[0];
            String password = logindata[1];
            if(StringUtils.isNotEmpty(codeSession)/*&&code.equalsIgnoreCase(codeSession)*/){
                //Shiro框架SHA加密
                String passwordsha = new SimpleHash("SHA-1",username,password).toString();
                System.out.println(passwordsha);
                //检测用户名和密码是否正确
                SysUser user = iSysUserService.getSysUser(username,passwordsha);
                if(user != null){
                    if(Boolean.TRUE.equals(user.getLocked())){
                        errInfo = "locked";
                    }else{
                        //Shiro添加会话
                        session.setAttribute("username", username);
                        session.setAttribute(Constants.SESSION_USER, user);
                        //删除验证码Session
                        session.removeAttribute(Constants.SESSION_SECURITY_CODE);
                        //保存登录IP
                        //getRemortIP(username);
                        /**Shiro加入身份验证**/
                        Subject sub = SecurityUtils.getSubject();
                        UsernamePasswordToken token = new UsernamePasswordToken(username,password);
                        sub.login(token);
                        log.info("登录成功!");
                    }
                }else{
                    //账号或者密码错误
                    errInfo = "uerror";
                }
                if(StringUtils.isEmpty(errInfo)){
                    errInfo = "success";
                }
            }else{
                //缺少参数
                errInfo="codeerror";
            }
        }
    }
    obj.put("result", errInfo);
    return obj.toString();
}
 
Example 12
Source File: ShiroUtil.java    From hdw-dubbo with Apache License 2.0 4 votes vote down vote up
/**
 * 移除shiro指定的sessionKey
 *
 * @param key
 */
public static void removeSessionAttr(String key) {
    Session session = getSession();
    if (session != null)
        session.removeAttribute(key);
}
 
Example 13
Source File: ShiroKit.java    From SpringBootBucket with MIT License 4 votes vote down vote up
/**
 * 移除shiro指定的sessionKey
 */
public static void removeSessionAttr(String key) {
    Session session = getSession();
    if (session != null)
        session.removeAttribute(key);
}