CommonProject.git

			@@ -1,17 +1,33 @@
			package com.whyc.service;

			import com.google.gson.Gson;
			import com.whyc.constant.SuperConstant;
			import com.whyc.dto.Response;
			import com.whyc.manager.JWTManager;
			import com.whyc.pojo.User;
			import com.whyc.util.ShiroUtil;
			import net.minidev.json.JSONObject;
			import org.apache.shiro.SecurityUtils;
			import org.apache.shiro.authc.UsernamePasswordToken;
			import org.apache.shiro.subject.Subject;
			import org.apache.shiro.web.servlet.ShiroHttpServletRequest;
			import org.apache.shiro.web.util.WebUtils;
			import org.springframework.beans.factory.annotation.Autowired;
			import org.springframework.stereotype.Service;

			import javax.servlet.ServletRequest;
			import javax.servlet.http.HttpServletRequest;
			import javax.servlet.http.HttpSession;
			import java.util.ArrayList;
			import java.util.HashMap;
			import java.util.List;
			import java.util.Map;

			@Service
			public class LoginService {

			@Autowired
			JWTManager jwtManager;

			public Response login(String userName, String password, HttpServletRequest request) {
			UsernamePasswordToken userToken = new UsernamePasswordToken(userName, password);
			@@ -31,8 +47,56 @@
			return new Response<>().set(1,false);
			}

			public void logout() {
			public Response login4Jwt(String userName, String password, HttpServletRequest request) {
			UsernamePasswordToken token = new UsernamePasswordToken(userName, password);
			Subject subject = SecurityUtils.getSubject();
			String jwt =null;
			try {
			subject.login(token);
			//登录后颁发令牌
			String shiroSessionId = ShiroUtil.getShiroSessionId();
			User user = ShiroUtil.getUser();
			Map<String, Object> claims = new HashMap<>();
			claims.put("user", new Gson().toJson(user));
			//jwt = jwtManager.issueToken("system", subject.getSession().getTimeout(), shiroSessionId, claims);
			jwt = jwtManager.issueToken("system", 10000, shiroSessionId, claims);
			}catch (Exception e){
			return new Response<>().set(1,false);
			}
			if (subject.isAuthenticated()){
			//每个登录的用户都有一个全局变量,里面存着对应的SessionId;
			//同一个账号,后面登录的,会挤掉之前登录的SessionId
			System.out.println("全局存储中当前SessionId为:"+request.getSession().getId());
			request.getServletContext().setAttribute(userName,request.getSession().getId());
			//根据Context存储的对应的值,获取当前的用户名
			request.getServletContext().setAttribute(request.getSession().getId(),userName);
			//登录的时候初始化活跃标识
			request.getServletContext().setAttribute("exp_" + userName, System.currentTimeMillis());
			//这里存储下jwt的集合,在登出的时候,去除
			List<String> jwts =null;
			if(request.getServletContext().getAttribute("jwts")==null){
			jwts = new ArrayList<>();
			}else {
			jwts = (List) request.getServletContext().getAttribute("jwts");
			}
			jwts.add(jwt);
			request.getServletContext().setAttribute("jwts",jwts);

			return new Response<>().set(1,true,jwt);
			}
			return new Response<>().set(1,false);
			}

			public void logout(ServletRequest request) {
			//清除Subject中绑定的信息
			Subject subject = SecurityUtils.getSubject();
			subject.logout();
			//清除jwts中的jwt信息
			String jwt = WebUtils.toHttp(request).getHeader(SuperConstant.AUTHORIZATION);
			List jwts = (List) request.getServletContext().getAttribute("jwts");
			jwts.remove(jwt);
			request.getServletContext().setAttribute("jwts",jwts);
			//清除Context中保存的SessionId值
			request.getServletContext().removeAttribute(((HttpServletRequest)request).getSession().getId());
			}
			}