我的项目正在使用 JSF2.0、Seam 2.3 和 Spring 3.0
登录过程由 Seam Security 开发。
我的问题是要控制重复的用户登录如下:
Time1:用户 A @PC1 >>>>>> 登录系统,用户 ID:11111 >>>>>>>>>>(状态:OK)
Time2 : User B @PC2 >>>>>> login system with userID: 11111 >>>>>>>>>> (Status: OK)
这时候,我喜欢使User A系统失效并自动注销
我该怎么做,欢迎提出任何建议
创建一个 javax.servlet.http.HttpSessionListener 并将其添加到您的 Web XML 中。
将所有会话保存在列表中。
public class SessionListener implements HttpSessionListener, java.io.Serializable{
private static final Logger log = Logger.getLogger(SessionListener.class);
public void sessionCreated(HttpSessionEvent event) {
listsession.add(event.getSession());
}
public void sessionDestroyed(HttpSessionEvent event) {
listsession.remove(event.getSession());
}
}
注册新会话时,如果列表中存在具有相同用户的现有会话,则进行比较。并在其上使用 invalidateSession。可以使用这样的东西从会话中获取接缝组件
for(HttpSession session:listsession){
if (session!=null)
{
Identity identity = null;
Credentials credentials = null;
Object attribute = session.getAttribute("org.jboss.seam.security.identity");
if (attribute instanceof Identity)
{
identity = (Identity) attribute;
}
Object cred = session.getAttribute("org.jboss.seam.security.credentials");
if (attribute instanceof Credentials)
{
credentials = (Credentials) cred;
}
}
}
我通过以下想法解决了这个问题:
用户登录时拳头输出LoginUserMap和LoginUserKeyMap会话范围。
LoginUserKeyMap是用系统知道密钥存储userId。
例如:[键:user1,值:user120131010154566]
LoginUserMap是存储登录的用户信息列表。
例如:[键:user120131010154566,值:对象]
/**
* Bijection Login User Map.
*/
@In(required = false, scope = ScopeType.APPLICATION, value = "loginUserMap")
@Out(required = false, scope = ScopeType.APPLICATION, value = "loginUserMap")
private Map<String, UserInfoBean> loginUserMap;
/**
* Bijection Login User Key Map.
*/
@In(required = false, scope = ScopeType.APPLICATION, value = "loginUserKeyMap")
@Out(required = false, scope = ScopeType.APPLICATION, value = "loginUserKeyMap")
private Map<String, String> loginUserKeyMap;
public void doLogin() {
// Generate User ID Key for duplicate user control.
String key = CommonUtil.convertDateToString(new Date(), KEY_PATTERN);
String userId = getCredentials().getUsername();
String userIdKey = userId + key;
if (getLoginUserMap() == null || getLoginUserKeyMap() == null) {
// Initialize the Login User Map.
setLoginUserMap(new HashMap());
// Initialize the Login User Key Map.
setLoginUserKeyMap(new HashMap());
}
// Check login User id is already login or not.
if (getLoginUserKeyMap().containsKey(userId)) {
log.info("Duplicate Login");
// Get Current logged in User's Key.
String CurrentUserKey = getLoginUserKeyMap().get(userId);
// Get Current logged in User Information.
UserInfoBean currentUserInfoBean = getLoginUserMap().get(CurrentUserKey);
if (currentUserInfoBean != null) {
// Set Duplicate flag true to Current logged User.
currentUserInfoBean.setDuplicate(true);
// Overwrite Current logged User Information.
getLoginUserMap().put(CurrentUserKey, currentUserInfoBean);
}
}
// Set New Login User Information.
getUserInfoBean().setUserId(userId);
getUserInfoBean().setUserIdKey(userIdKey);
getUserInfoBean().setDuplicate(false);
getUserInfoBean().setServiceStop(false);
// Set New Login User Information and Key to Application Scope.
getLoginUserKeyMap().put(userId, userIdKey);
getLoginUserMap().put(userIdKey, getUserInfoBean());
}
然后,创建checkStatus()方法
public void checkStatus() throws DuplicateLoginException, UserServiceStopException {
if (getUserInfoBean() != null && getLoginUserMap() != null) {
UserInfoBean currentUser = getLoginUserMap().get(getUserInfoBean().getUserIdKey());
if (currentUser != null) {
if (currentUser.isServiceStop()) {
log.error("throw new UserServiceStopException()");
throw new UserServiceStopException();
} else if (currentUser.isDuplicate()) {
log.error("throw new DuplicateLoginException()");
throw new DuplicateLoginException();
}
}
}
}
checkStatus()并从每一页调用该方法。
<page view-id="/view/*">
<action execute="#{UserStatusChecker.checkStatus()}" />
现在问题解决了!!!!