org.apache.shiro.session.mgt.DefaultSessionKey Java Examples

The following examples show how to use org.apache.shiro.session.mgt.DefaultSessionKey. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ShiroUtils.java    From jsets-shiro-spring-boot-starter with Apache License 2.0 5 votes vote down vote up 
/**
 * 强制退出
 * 
 * @param sessionId
 *            退出的sessionId
 */
public static boolean forceLogout(String sessionId) {
	try {
		Session session = shiroConfig().getSessionManager().getSession(new DefaultSessionKey(sessionId));
		if (session != null) {
			session.setAttribute(ShiroProperties.ATTRIBUTE_SESSION_FORCE_LOGOUT, Boolean.TRUE);
		}
		return Boolean.TRUE;
	} catch (UnknownSessionException e) {
		LOGGER.warn(e.getMessage(), e);
	}
	return Boolean.FALSE;
}
Example #2
Source File: KeepOneUserFilter.java    From jsets-shiro-spring-boot-starter with Apache License 2.0 4 votes vote down vote up 
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
	Subject subject = getSubject(request, response);
	if (!subject.isAuthenticated() && !subject.isRemembered()) {
		return this.respondLogin(request, response);
	}
	String account = (String) subject.getPrincipal();
	String loginedSessionId = this.cacheDelegator.getKeepUser(account);
	Session loginedSession = null;
	Session currentSession = subject.getSession();
	String currentSessionId = (String) currentSession.getId();
	
	if(currentSessionId.equals(loginedSessionId)) {
		return true;
	} else if (Strings.isNullOrEmpty(loginedSessionId)){
		this.cacheDelegator.putKeepUser(account, currentSessionId);
       	return true;
	} else if (null==currentSession.getAttribute(ShiroProperties.ATTRIBUTE_SESSION_KICKOUT)) {
		this.cacheDelegator.putKeepUser(account, currentSessionId);
		try{
			loginedSession = this.sessionManager.getSession(new DefaultSessionKey(loginedSessionId));
			if(null != loginedSession){
				loginedSession.setAttribute(ShiroProperties.ATTRIBUTE_SESSION_KICKOUT,Boolean.TRUE);
			}
		} catch(SessionException e){
			LOGGER.warn(e.getMessage());
		}
	}
       if (null!=currentSession.getAttribute(ShiroProperties.ATTRIBUTE_SESSION_KICKOUT)) {
       	subject.logout();
       	String loginedHost = "";
       	Date loginedTime = null;
		if(null != loginedSession){
			loginedHost = loginedSession.getHost();
			loginedTime = loginedSession.getStartTimestamp();
		}
		this.authListenerManager.onKeepOneKickout(request, account, loginedHost, loginedTime);
		return this.respondRedirect(request, response,this.properties.getKickoutUrl());
       }

	return true;
}
Example #3
Source File: LogoutService.java    From centraldogma with Apache License 2.0 4 votes vote down vote up 
@Override
protected HttpResponse doPost(ServiceRequestContext ctx, HttpRequest req) throws Exception {
    return HttpResponse.from(
            req.aggregate().thenApply(msg -> AuthTokenExtractors.oAuth2().apply(
                    RequestHeaders.of(msg.headers())))
               .thenApplyAsync(token -> {
                   if (token == null) {
                       return HttpResponse.of(HttpStatus.OK);
                   }

                   final String sessionId = token.accessToken();
                   // Need to set the thread-local security manager to silence
                   // the UnavailableSecurityManagerException logged at DEBUG level.
                   ThreadContext.bind(securityManager);
                   try {
                       final Session session = securityManager.getSession(new DefaultSessionKey(sessionId));
                       if (session != null) {
                           final Subject currentUser = new Subject.Builder(securityManager)
                                   .sessionCreationEnabled(false)
                                   .sessionId(sessionId)
                                   .buildSubject();

                           // Get the principal before logging out because otherwise it will be cleared out.
                           final String username = (String) currentUser.getPrincipal();
                           currentUser.logout();
                       }
                   } catch (Throwable t) {
                       logger.warn("{} Failed to log out: {}", ctx, sessionId, t);
                   } finally {
                       ThreadContext.unbindSecurityManager();
                   }

                   // Do not care the exception raised before, then try to remove session from the
                   // Central Dogma session manager. If it succeeded, the session ID has been also
                   // invalidated so that the logout request with the session ID would not come here again.
                   return HttpResponse.from(
                           logoutSessionPropagator.apply(sessionId).handle((unused, cause) -> {
                               if (cause != null) {
                                   return HttpResponse.of(HttpApiUtil.newResponse(
                                           ctx, HttpStatus.INTERNAL_SERVER_ERROR, cause));
                               } else {
                                   return HttpResponse.of(HttpStatus.OK);
                               }
                           }));
               }, ctx.blockingTaskExecutor()));
}
Example #4
Source File: UserOnlineServiceImpl.java    From belling-admin with Apache License 2.0 4 votes vote down vote up 
@Override
public Session getSessionBysessionId(Serializable sessionId) {
	Session session = sessionManager.getSession(new DefaultSessionKey(sessionId));
	return session;
}