protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
System.out.println("------------------------------------doGetAuthenticationInfo(AuthenticationToken token)");
UsernamePasswordToken utoken = (UsernamePasswordToken) token;//获取用户输入的token
String username = utoken.getUsername();
System.out.println("username=" + username);
System.out.println("password=" + utoken.getPassword());
//处理session
SessionsSecurityManager securityManager = (SessionsSecurityManager) SecurityUtils.getSecurityManager();
DefaultSessionManager sessionManager = (DefaultSessionManager) securityManager.getSessionManager();
Collection<Session> sessions = sessionManager.getSessionDAO().getActiveSessions();//获取当前已登录的用户session列表
for (Session session : sessions) {
//清除该用户以前登录时保存的session
// IotdUserEntity en=(IotdUserEntity)(session.getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY));
// String phone=en.getPhone();
//如果和当前session是同一个session,则不剔除
if (SecurityUtils.getSubject().getSession().getId().equals(session.getId()))
break;
IotdUserEntity user = (IotdUserEntity) (session.getAttribute("user"));
if (user != null) {
String phone = user.getPhone();
if (username.equals(phone)) {
System.out.println(username + "已登录,剔除中...");
sessionManager.getSessionDAO().delete(session);
}
}
}
// User user = userService.findUserByUserName(username);
IotdUserEntity user = iotdUserDao.findDistinctByPhone(username);
SimpleAuthenticationInfo rst = new SimpleAuthenticationInfo(user, user.getPwd(), this.getClass().getName());//放入shiro.调用CredentialsMatcher检验密码
return rst;
}
——————————————————————————
要用DefaultSessionManager
而不能 用
DefaultWebSessionManager
SessionsSecurityManager和
DefaultWebSecurityManager是同级子类,不能相互转换