I do not have integrated SPRINGMVC here Shiro, use the INI configuration file directly.
Shiro.ini
[Main] # Objects and their properties are defined here, # Such as the SecurityManager, Realms and anything # else needed To build the SecurityManager Authc.loginurl =/login.jsp Authc.successurl =/web/index.jsp #cache Manager builtincachemana GER = Org.apache.shiro.cache.MemoryConstrainedCacheManager securitymanager=
Org.apache.shiro.web.mgt.DefaultWebSecurityManager Securitymanager.cachemanager = $builtInCacheManager securitymanager.sessionmanager= $sessionManager #session must configure session, when forced out, by removing session to implement sessionmanager= Org.apache.shiro.web.session.mgt.DefaultWebSessionManager sessionmanager.sessiondao= $sessionDAO sessiondao= Org.apache.shiro.session.mgt.eis.MemorySessionDAO # Create LDAP Realm Ldaprealm = Org.apache.shiro.realm.ldap.JndiLdapRealm # ... # Configure JDBC Realm DataSource DataSource =
Org.postgresql.ds.PGPoolingDataSource # ... # Create JDBC realm. Jdbcrealm.permissionslookupenabled = True Jdbcrealm = Org.apache.shiro.realm.jdbc.JdbcRealm jdbcrealm.userrolesquery = .... jdbcrealm.permissionsquery = Jdbcrealm.datasource = $dataSource #self Realm Localauthorizingrealm = Com.redb. Udtek.shiro.LocalAuthorizingRealm Securitymanager.realms = $ldapRealm, $localAuthorizingRealm
In Localauthorizingrealm, before the user logs in for authentication, the user's other session is removed:
@Override
protected AuthenticationInfo dogetauthenticationinfo (Authenticationtoken authenticationtoken) throws authenticationexception {
String userName = (string) authenticationtoken.getprincipal ();
Process session
Defaultwebsecuritymanager SecurityManager = (Defaultwebsecuritymanager) Securityutils.getsecuritymanager ();
Defaultwebsessionmanager SessionManager = (Defaultwebsessionmanager) securitymanager.getsessionmanager ();
collection<session> sessions = Sessionmanager.getsessiondao (). Getactivesessions ()//Get the currently logged-on user session list
for (session session:sessions) {
//clears the session if (Username.equals) that the user saved before logging on (
string.valueof Session.getattribute (Defaultsubjectcontext.principals_session_key))) {
Sessionmanager.getsessiondao (). Delete (session);
}
}
String pwd = null;
return new Simpleauthenticationinfo (Username,pwd,getname ());
}
After session deletion, must have the client and the server side interaction, the Shiro can carry on the authentication judgment. When interacting with the server, the screenshot of subject information is as follows:
At this time the user authentication of the login has expired, you can respond to the client.
The above mentioned is a small set of Shiro to introduce the realization of single sign-on (a user at the same time only in one place to log in), I hope to help you, if you have any questions please give me a message, small series will promptly reply to everyone. Here also thank you very much for the cloud Habitat Community website support!