Java Code Examples for org.apache.shiro.session.SessionException

The following examples show how to use org.apache.shiro.session.SessionException. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source Project: Movie_Recommend   Author: LuckyZXL2016   File: SystemLogoutFilter.java    License: MIT License 6 votes vote down vote up
@Override
    protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {

        //在这里执行退出系统前需要清空的数据
        Subject subject=getSubject(request,response);
        String redirectUrl=getRedirectUrl(request,response,subject);
//        ServletContext context= request.getServletContext();
        try {
            subject.logout();
//            context.removeAttribute("error");
        }catch (SessionException e){
            e.printStackTrace();
        }
        issueRedirect(request,response,redirectUrl);
        return false;
    }
 
Example #2
Source Project: super-cloudops   Author: wl4g   File: ClientAuthenticatorEndpoint.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * IAM client logout
 * 
 * @param request
 * @return
 */
@PostMapping(URI_C_LOGOUT)
@ResponseBody
public RespBase<LogoutModel> logout(HttpServletRequest request) {
	if (log.isInfoEnabled()) {
		log.info("Logout processing... sessionId[{}]", getSessionId());
	}

	RespBase<LogoutModel> resp = new RespBase<>();
	/*
	 * Local client session logout
	 */
	try {
		// try/catch added for SHIRO-298:
		SecurityUtils.getSubject().logout();
	} catch (SessionException e) {
		log.warn("Logout exception. This can generally safely be ignored.", e);
		resp.setCode(RetCode.SYS_ERR);
		resp.setMessage(Exceptions.getRootCauseMessage(e));
	}

	if (log.isInfoEnabled()) {
		log.info("Local logout finished. [{}]", resp);
	}
	return resp;
}
 
Example #3
Source Project: jsets-shiro-spring-boot-starter   Author: wj596   File: JsetsLogoutFilter.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
       Subject subject = getSubject(request, response);

       // Check if POST only logout is enabled
       if (isPostOnlyLogout()) {
           // check if the current request's method is a POST, if not redirect
           if (!WebUtils.toHttp(request).getMethod().toUpperCase(Locale.ENGLISH).equals("POST")) {
              return onLogoutRequestNotAPost(request, response);
           }
       }

       String redirectUrl = getRedirectUrl(request, response, subject);
       //try/catch added for SHIRO-298:
       try {
       	String account = (String) subject.getPrincipal();
           subject.logout();
           this.authListenerManager.onLogout(request, account);
       } catch (SessionException ise) {
       	LOGGER.debug("Encountered session exception during logout.  This can generally safely be ignored.", ise);
       }
       issueRedirect(request, response, redirectUrl);
       return false;
}
 
Example #4
Source Project: supplierShop   Author: guchengwuyue   File: LogoutFilter.java    License: MIT License 5 votes vote down vote up
@Override
protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception
{
    try
    {
        Subject subject = getSubject(request, response);
        String redirectUrl = getRedirectUrl(request, response, subject);
        try
        {
            SysUser user = ShiroUtils.getSysUser();
            if (StringUtils.isNotNull(user))
            {
                String loginName = user.getLoginName();
                // 记录用户退出日志
                AsyncManager.me().execute(AsyncFactory.recordLogininfor(loginName, Constants.LOGOUT, MessageUtils.message("user.logout.success")));
                // 清理缓存
                cache.remove(loginName);
            }
            // 退出登录
            subject.logout();
        }
        catch (SessionException ise)
        {
            log.error("logout fail.", ise);
        }
        issueRedirect(request, response, redirectUrl);
    }
    catch (Exception e)
    {
        log.error("Encountered session exception during logout.  This can generally safely be ignored.", e);
    }
    return false;
}
 
Example #5
Source Project: frpMgr   Author: Zo3i   File: LogoutFilter.java    License: MIT License 5 votes vote down vote up
@Override
protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
	try{
		Subject subject = getSubject(request, response);
        String redirectUrl = getRedirectUrl(request, response, subject);
        //try/catch added for SHIRO-298:
        try {
        	Object principal = subject.getPrincipal();
        	if (principal != null){
        		// 记录用户退出日志(@Deprecated v4.0.5支持setAuthorizingRealm,之后版本可删除此if子句)
	        	if (authorizingRealm == null){
		    		LogUtils.saveLog(UserUtils.getUser(), ServletUtils.getRequest(),
		    				"系统退出", Log.TYPE_LOGIN_LOGOUT);
	        	}
	        	// 退出成功之前初始化授权信息并处理登录后的操作
	        	else{
	        		authorizingRealm.onLogoutSuccess((LoginInfo)subject.getPrincipal(),
	        				(HttpServletRequest)request);
	        	}
        	}
    		// 退出登录	
    		subject.logout();
        } catch (SessionException ise) {
            log.debug("Encountered session exception during logout.  This can generally safely be ignored.", ise);
        }
        
        // 如果是Ajax请求,返回Json字符串。
 		if (ServletUtils.isAjaxRequest((HttpServletRequest)request)){
 			ServletUtils.renderResult((HttpServletResponse)response,
 					Global.TRUE, Global.getText("sys.logout.success"));
 			return false;
 		}
     	
        issueRedirect(request, response, redirectUrl);
	}catch(Exception e){
		log.debug("Encountered session exception during logout.  This can generally safely be ignored.", e);
	}
	return false;
}
 
Example #6
Source Project: ruoyiplus   Author: kongshanxuelin   File: LogoutFilter.java    License: MIT License 5 votes vote down vote up
@Override
protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception
{
    try
    {
        Subject subject = getSubject(request, response);
        String redirectUrl = getRedirectUrl(request, response, subject);
        try
        {
            SysUser user = ShiroUtils.getSysUser();
            if (StringUtils.isNotNull(user))
            {
                String loginName = user.getLoginName();
                // 记录用户退出日志
                AsyncManager.me().execute(AsyncFactory.recordLogininfor(loginName, Constants.LOGOUT, MessageUtils.message("user.logout.success")));
            }
            // 退出登录
            subject.logout();
        }
        catch (SessionException ise)
        {
            log.error("logout fail.", ise);
        }
        issueRedirect(request, response, redirectUrl);
    }
    catch (Exception e)
    {
        log.error("Encountered session exception during logout.  This can generally safely be ignored.", e);
    }
    return false;
}
 
Example #7
Source Project: Goku.Framework.CoreUI   Author: nbfujx   File: HomeControllerImpl.java    License: MIT License 5 votes vote down vote up
@Override
@RequestMapping("/logout")
public String logout() {
    Subject currentUser = SecurityUtils.getSubject();
    try {
        currentUser.logout();
        return "login";
    } catch (SessionException ise) {
        return "500";
    } catch (Exception e) {
        return "500";
    }
}
 
Example #8
Source Project: LuckyFrameWeb   Author: seagull1985   File: LogoutFilter.java    License: GNU Affero General Public License v3.0 5 votes vote down vote up
@Override
protected boolean preHandle(ServletRequest request, ServletResponse response) {
    try
    {
        Subject subject = getSubject(request, response);
        String redirectUrl = getRedirectUrl(request, response, subject);
        try
        {
            User user = ShiroUtils.getSysUser();
            if (StringUtils.isNotNull(user))
            {
                String loginName = user.getLoginName();
                // 记录用户退出日志
                AsyncManager.me().execute(AsyncFactory.recordLogininfor(loginName, Constants.LOGOUT, MessageUtils.message("user.logout.success")));
            }
            // 退出登录
            subject.logout();
        }
        catch (SessionException ise)
        {
            log.error("logout fail.", ise);
        }
        issueRedirect(request, response, redirectUrl);
    }
    catch (Exception e)
    {
        log.error("Encountered session exception during logout.  This can generally safely be ignored.", e);
    }
    return false;
}
 
Example #9
Source Project: usergrid   Author: apache   File: HttpRequestSessionManager.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public Session getSession( SessionKey key ) throws SessionException {
    if ( !WebUtils.isHttp( key ) ) {
        String msg = "SessionKey must be an HTTP compatible implementation.";
        throw new IllegalArgumentException( msg );
    }

    HttpServletRequest request = WebUtils.getHttpRequest( key );

    return ( Session ) request.getAttribute( REQUEST_ATTRIBUTE_KEY );
}
 
Example #10
Source Project: super-cloudops   Author: wl4g   File: CentralAuthenticationHandler.java    License: Apache License 2.0 4 votes vote down vote up
@Override
public LogoutModel logout(boolean forced, String appName, HttpServletRequest request, HttpServletResponse response) {
	log.debug("Logout from: {}, forced: {}, sessionId: {}", appName, forced, getSessionId());
	Subject subject = getSubject();

	// From client signout
	coprocessor.preLogout(new LogoutAuthenticationToken(getPrincipal(false), getHttpRemoteAddr(request)), toHttp(request),
			toHttp(response));

	// Represents all logout mark.
	boolean logoutAllMark = true;

	// Gets session bind grantInfo
	GrantCredentialsInfo info = getGrantCredentials(subject.getSession());
	log.debug("Got grantInfo: {} with sessionId: {}", info, getSessionId(subject));

	if (!isNull(info) && info.hasEmpty()) {
		// Query applications by bind session names
		Set<String> appNames = info.getGrantApps().keySet();
		// Cleanup this(Solve the dead cycle).
		appNames.remove(config.getServiceName());

		List<ApplicationInfo> apps = configurer.findApplicationInfo(appNames.toArray(new String[] {}));
		if (!isEmpty(apps)) {
			// logout all
			logoutAllMark = handleLogoutSessionsAll(subject, info, apps);
		} else
			log.debug("Not found logout appInfo. appNames: {}", appNames);
	}

	if (forced || logoutAllMark) {
		// Logout all sessions.
		try {
			/**
			 * That's the subject Refer to
			 * {@link com.wl4g.devops.iam.session.mgt.IamServerSessionManager#getSessionId())
			 * try/catch added for #SHIRO-298:
			 */
			log.debug("Logouting... sessionId: {}", getSessionId(subject));
			subject.logout(); // After that, session is null
		} catch (SessionException e) {
			log.warn("Encountered session exception during logout. This can generally safely be ignored.", e);
		}
	}

	return isNotBlank(appName) ? new LogoutModel(appName) : new LogoutModel();
}
 
Example #11
Source Project: jsets-shiro-spring-boot-starter   Author: wj596   File: KeepOneUserFilter.java    License: Apache License 2.0 4 votes vote down vote up
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
	Subject subject = getSubject(request, response);
	if (!subject.isAuthenticated() && !subject.isRemembered()) {
		return this.respondLogin(request, response);
	}
	String account = (String) subject.getPrincipal();
	String loginedSessionId = this.cacheDelegator.getKeepUser(account);
	Session loginedSession = null;
	Session currentSession = subject.getSession();
	String currentSessionId = (String) currentSession.getId();
	
	if(currentSessionId.equals(loginedSessionId)) {
		return true;
	} else if (Strings.isNullOrEmpty(loginedSessionId)){
		this.cacheDelegator.putKeepUser(account, currentSessionId);
       	return true;
	} else if (null==currentSession.getAttribute(ShiroProperties.ATTRIBUTE_SESSION_KICKOUT)) {
		this.cacheDelegator.putKeepUser(account, currentSessionId);
		try{
			loginedSession = this.sessionManager.getSession(new DefaultSessionKey(loginedSessionId));
			if(null != loginedSession){
				loginedSession.setAttribute(ShiroProperties.ATTRIBUTE_SESSION_KICKOUT,Boolean.TRUE);
			}
		} catch(SessionException e){
			LOGGER.warn(e.getMessage());
		}
	}
       if (null!=currentSession.getAttribute(ShiroProperties.ATTRIBUTE_SESSION_KICKOUT)) {
       	subject.logout();
       	String loginedHost = "";
       	Date loginedTime = null;
		if(null != loginedSession){
			loginedHost = loginedSession.getHost();
			loginedTime = loginedSession.getStartTimestamp();
		}
		this.authListenerManager.onKeepOneKickout(request, account, loginedHost, loginedTime);
		return this.respondRedirect(request, response,this.properties.getKickoutUrl());
       }

	return true;
}