package com.whyc.service;
|
|
import com.google.gson.Gson;
|
import com.whyc.constant.SuperConstant;
|
import com.whyc.dto.Response;
|
import com.whyc.manager.JWTManager;
|
import com.whyc.pojo.User;
|
import com.whyc.util.ShiroUtil;
|
import net.minidev.json.JSONObject;
|
import org.apache.shiro.SecurityUtils;
|
import org.apache.shiro.authc.UsernamePasswordToken;
|
import org.apache.shiro.subject.Subject;
|
import org.apache.shiro.web.servlet.ShiroHttpServletRequest;
|
import org.apache.shiro.web.util.WebUtils;
|
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.stereotype.Service;
|
|
import javax.servlet.ServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpSession;
|
import java.util.ArrayList;
|
import java.util.HashMap;
|
import java.util.List;
|
import java.util.Map;
|
|
@Service
|
public class LoginService {
|
|
@Autowired
|
JWTManager jwtManager;
|
|
public Response login(String userName, String password, HttpServletRequest request) {
|
UsernamePasswordToken userToken = new UsernamePasswordToken(userName, password);
|
Subject subject = SecurityUtils.getSubject();
|
try {
|
subject.login(userToken);
|
}catch (Exception e){
|
return new Response<>().set(1,false);
|
}
|
if (subject.isAuthenticated()){
|
//每个登录的用户都有一个全局变量,里面存着对应的SessionId;
|
//同一个账号,后面登录的,会挤掉之前登录的SessionId
|
System.out.println("全局存储中当前SessionId为:"+request.getSession().getId());
|
request.getServletContext().setAttribute(userName,request.getSession().getId());
|
return new Response<>().set(1,true);
|
}
|
return new Response<>().set(1,false);
|
}
|
|
public Response login4Jwt(String userName, String password, HttpServletRequest request) {
|
UsernamePasswordToken token = new UsernamePasswordToken(userName, password);
|
Subject subject = SecurityUtils.getSubject();
|
String jwt =null;
|
try {
|
subject.login(token);
|
//登录后颁发令牌
|
String shiroSessionId = ShiroUtil.getShiroSessionId();
|
User user = ShiroUtil.getUser();
|
Map<String, Object> claims = new HashMap<>();
|
claims.put("user", new Gson().toJson(user));
|
//jwt = jwtManager.issueToken("system", subject.getSession().getTimeout(), shiroSessionId, claims);
|
jwt = jwtManager.issueToken("system", 10000, shiroSessionId, claims);
|
}catch (Exception e){
|
return new Response<>().set(1,false);
|
}
|
if (subject.isAuthenticated()){
|
//每个登录的用户都有一个全局变量,里面存着对应的SessionId;
|
//同一个账号,后面登录的,会挤掉之前登录的SessionId
|
System.out.println("全局存储中当前SessionId为:"+request.getSession().getId());
|
request.getServletContext().setAttribute(userName,request.getSession().getId());
|
//根据Context存储的对应的值,获取当前的用户名
|
request.getServletContext().setAttribute(request.getSession().getId(),userName);
|
//登录的时候初始化 活跃标识
|
request.getServletContext().setAttribute("exp_" + userName, System.currentTimeMillis());
|
//这里存储下jwt的集合,在登出的时候,去除
|
List<String> jwts =null;
|
if(request.getServletContext().getAttribute("jwts")==null){
|
jwts = new ArrayList<>();
|
}else {
|
jwts = (List) request.getServletContext().getAttribute("jwts");
|
}
|
jwts.add(jwt);
|
request.getServletContext().setAttribute("jwts",jwts);
|
|
return new Response<>().set(1,true,jwt);
|
}
|
return new Response<>().set(1,false);
|
}
|
|
public void logout(ServletRequest request) {
|
//清除Subject中绑定的信息
|
Subject subject = SecurityUtils.getSubject();
|
subject.logout();
|
//清除jwts中的jwt信息
|
String jwt = WebUtils.toHttp(request).getHeader(SuperConstant.AUTHORIZATION);
|
List jwts = (List) request.getServletContext().getAttribute("jwts");
|
jwts.remove(jwt);
|
request.getServletContext().setAttribute("jwts",jwts);
|
//清除Context中保存的SessionId值
|
request.getServletContext().removeAttribute(((HttpServletRequest)request).getSession().getId());
|
}
|
}
|
