/**
* Copyright (c) 2005-2012 https://github.com/zhangkaitao
*
* Licensed under the Apache License, Version 2.0 (the "License");
*/
package org.apache.shiro.session.filter;
import org.apache.shiro.ShiroConstants;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.mgt.OnlineSession;
import org.apache.shiro.session.mgt.eis.SessionDAO;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.apache.shiro.web.util.WebUtils;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import java.io.IOException;
/**
* <p>User: Zhang Kaitao
* <p>Date: 13-3-20 下午3:17
* <p>Version: 1.0
*/
public class OnlineSessionFilter extends AccessControlFilter {
/**
* 强制退出后重定向的地址
*/
private String forceLogoutUrl;
private SessionDAO sessionDAO;
public String getForceLogoutUrl() {
return forceLogoutUrl;
}
public void setForceLogoutUrl(String forceLogoutUrl) {
this.forceLogoutUrl = forceLogoutUrl;
}
public void setSessionDAO(SessionDAO sessionDAO) {
this.sessionDAO = sessionDAO;
}
@Override
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
Subject subject = getSubject(request, response);
if (subject == null || subject.getSession(false) == null) {
return true;
}
Session session = sessionDAO.readSession(subject.getSession().getId());
if (session != null && session instanceof OnlineSession) {
OnlineSession onlineSession = (OnlineSession) session;
request.setAttribute(ShiroConstants.ONLINE_SESSION, onlineSession);
if (onlineSession.getStatus() == OnlineSession.OnlineStatus.force_logout) {
return false;
}
}
return true;
}
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
Subject subject = getSubject(request, response);
if (subject != null) {
subject.logout();
}
saveRequestAndRedirectToLogin(request, response);
return true;
}
protected void redirectToLogin(ServletRequest request, ServletResponse response) throws IOException {
WebUtils.issueRedirect(request, response, getForceLogoutUrl());
}
}