package com.whyc.service; import com.google.gson.Gson; import com.whyc.constant.SuperConstant; import com.whyc.dto.Response; import com.whyc.manager.JWTManager; import com.whyc.pojo.User; import com.whyc.util.ShiroUtil; import net.minidev.json.JSONObject; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.subject.Subject; import org.apache.shiro.web.servlet.ShiroHttpServletRequest; import org.apache.shiro.web.util.WebUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import javax.servlet.ServletRequest; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; @Service public class LoginService { @Autowired JWTManager jwtManager; public Response login(String userName, String password, HttpServletRequest request) { UsernamePasswordToken userToken = new UsernamePasswordToken(userName, password); Subject subject = SecurityUtils.getSubject(); try { subject.login(userToken); }catch (Exception e){ return new Response<>().set(1,false); } if (subject.isAuthenticated()){ //每个登录的用户都有一个全局变量,里面存着对应的SessionId; //同一个账号,后面登录的,会挤掉之前登录的SessionId System.out.println("全局存储中当前SessionId为:"+request.getSession().getId()); request.getServletContext().setAttribute(userName,request.getSession().getId()); return new Response<>().set(1,true); } return new Response<>().set(1,false); } public Response login4Jwt(String userName, String password, HttpServletRequest request) { UsernamePasswordToken token = new UsernamePasswordToken(userName, password); Subject subject = SecurityUtils.getSubject(); String jwt =null; try { subject.login(token); //登录后颁发令牌 String shiroSessionId = ShiroUtil.getShiroSessionId(); User user = ShiroUtil.getUser(); Map claims = new HashMap<>(); claims.put("user", new Gson().toJson(user)); //jwt = jwtManager.issueToken("system", subject.getSession().getTimeout(), shiroSessionId, claims); jwt = jwtManager.issueToken("system", 10000, shiroSessionId, claims); }catch (Exception e){ return new Response<>().set(1,false); } if (subject.isAuthenticated()){ //每个登录的用户都有一个全局变量,里面存着对应的SessionId; //同一个账号,后面登录的,会挤掉之前登录的SessionId System.out.println("全局存储中当前SessionId为:"+request.getSession().getId()); request.getServletContext().setAttribute(userName,request.getSession().getId()); //根据Context存储的对应的值,获取当前的用户名 request.getServletContext().setAttribute(request.getSession().getId(),userName); //登录的时候初始化 活跃标识 request.getServletContext().setAttribute("exp_" + userName, System.currentTimeMillis()); //这里存储下jwt的集合,在登出的时候,去除 List jwts =null; if(request.getServletContext().getAttribute("jwts")==null){ jwts = new ArrayList<>(); }else { jwts = (List) request.getServletContext().getAttribute("jwts"); } jwts.add(jwt); request.getServletContext().setAttribute("jwts",jwts); return new Response<>().set(1,true,jwt); } return new Response<>().set(1,false); } public void logout(ServletRequest request) { //清除Subject中绑定的信息 Subject subject = SecurityUtils.getSubject(); subject.logout(); //清除jwts中的jwt信息 String jwt = WebUtils.toHttp(request).getHeader(SuperConstant.AUTHORIZATION); List jwts = (List) request.getServletContext().getAttribute("jwts"); jwts.remove(jwt); request.getServletContext().setAttribute("jwts",jwts); //清除Context中保存的SessionId值 request.getServletContext().removeAttribute(((HttpServletRequest)request).getSession().getId()); } }