package com.whyc.service;
|
|
import com.whyc.dto.Response;
|
import com.whyc.util.ShiroUtil;
|
import org.apache.shiro.SecurityUtils;
|
import org.apache.shiro.authc.UsernamePasswordToken;
|
import org.apache.shiro.subject.Subject;
|
import org.springframework.stereotype.Service;
|
|
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpSession;
|
|
@Service
|
public class LoginService {
|
|
public Response login(String userName, String password, HttpServletRequest request) {
|
UsernamePasswordToken userToken = new UsernamePasswordToken(userName, password);
|
Subject subject = SecurityUtils.getSubject();
|
try {
|
subject.login(userToken);
|
}catch (Exception e){
|
return new Response<>().set(1,false);
|
}
|
if (subject.isAuthenticated()){
|
//每个登录的用户都有一个全局变量,里面存着对应的SessionId;
|
//同一个账号,后面登录的,会挤掉之前登录的SessionId
|
System.out.println("全局存储中当前SessionId为:"+request.getSession().getId());
|
request.getServletContext().setAttribute(userName,request.getSession().getId());
|
//Session存储当前用户
|
request.getSession().setAttribute("user", subject.getPrincipal());
|
return new Response<>().set(1,true);
|
}
|
return new Response<>().set(1,false);
|
}
|
|
public void logout(HttpServletRequest request) {
|
Subject subject = SecurityUtils.getSubject();
|
//移除Session中当前用户
|
request.getSession().removeAttribute("user");
|
subject.logout();
|
}
|
}
|
