| | |
|---|
| | | |
|---|
| | | import com.whyc.pojo.User; |
|---|
| | | import com.whyc.util.ShiroUtil; |
|---|
| | | import org.apache.shiro.SecurityUtils; |
|---|
| | | import org.apache.shiro.subject.Subject; |
|---|
| | | import org.springframework.boot.web.servlet.FilterRegistrationBean; |
|---|
| | | import org.springframework.context.annotation.Configuration; |
|---|
| | | import org.springframework.core.annotation.Order; |
|---|
| | | import org.springframework.util.StringUtils; |
|---|
| | | |
|---|
| | | import javax.servlet.*; |
|---|
| | | import javax.servlet.annotation.WebFilter; |
|---|
| | |
|---|
| | | HttpSession session = ((HttpServletRequest) request).getSession(); |
|---|
| | | //如果是登录,则不进行Session对比,放行 |
|---|
| | | if(!((HttpServletRequest) request).getRequestURI().contains("login")) { |
|---|
| | | User user = ShiroUtil.getUser(); |
|---|
| | | if (user.getId() != 0) { |
|---|
| | | String userName = (String) request.getServletContext().getAttribute(session.getId()); |
|---|
| | | if (!StringUtils.isEmpty(userName)) { |
|---|
| | | //保存用户的session最新活跃时间 |
|---|
| | | request.getServletContext().setAttribute("exp_" + userName, System.currentTimeMillis()); |
|---|
| | | |
|---|
| | | System.out.println("Filter过滤器中获取到的当前Session的SessionId为:" + session.getId()); |
|---|
| | | if (!request.getServletContext().getAttribute(user.getName()).equals(session.getId())) { |
|---|
| | | if (!request.getServletContext().getAttribute(userName).equals(session.getId())) { |
|---|
| | | //如果当前Session所对应的SessionId与全局中用户对应的SessionId不一致,则清除当前Session |
|---|
| | | session.invalidate(); |
|---|
| | | response.setContentType("text/html;charset=utf-8"); |
|---|
| | |
|---|
| | | return; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | } |
|---|
| | | chain.doFilter(request,response); |
|---|
| | | } |
|---|
| | | } |
|---|
