单机登录实现思路(强制下线其他用户)
主流的网站都是限制用户单点登录的,为什么要实现单点登录?
1、避免单账号多用户操作占用大量数据库连接,减轻webserver的压力;
2、安全防范,强制下线非法用户;
传统的web服务器(如tomcat)对session有专门的管理,我们通过session来控制用户的登录生存周期。单点登录原理如下:
1、将当前的session以Collections的形式缓存在application当中,用户产生新的session,即清除用户之前的session,保证collection里面的usersession都是唯一的;
2、实现效果每次用户登录都会挤掉之前用户的登录,每个用户只能唯一在线;
1 ServletContext application = request.getSession().getServletContext(); 2 Collection<HttpSession> sessions = null; 3 if (application.getAttribute("usercount") == null) { 4 sessions = new ArrayList<HttpSession>(); 5 application.setAttribute("usercount", sessions); 6 } else { 7 sessions = (Collection<HttpSession>) application 8 .getAttribute("usercount"); 9 } 10 new LoginManager().login(sessions, session); 11 SessionHandler.handleSession(session);
1 public static boolean isLogin(HttpServletRequest request) { 2 TuserEntity tuser = getUser(request); 3 4 if(tuser!=null){ 5 Map<String, HttpSession> map = (Map<String, HttpSession>) request.getSession() 6 .getServletContext().getAttribute("sessionMap"); 7 if(map.get(tuser.getLogname())==null){ 8 request.getSession().invalidate(); 9 return false; 10 } 11 } 12 return getUser(request) != null; 13 }
LoginManager.java
1 public class LoginManager { 2 3 public HttpSession login(Collection<HttpSession> sessions, 4 HttpSession session) { 5 ArrayList<HttpSession> sessionde = new ArrayList<HttpSession>(); 6 7 for (HttpSession s : sessions) { 8 try { 9 int historyuser = ((TuserEntity) s.getAttribute("user_session")).getId(); 10 int nowuser = ((TuserEntity) session.getAttribute("user_session")) 11 .getId(); 12 if (historyuser == nowuser) { 13 14 sessions.remove(s); // 移除集合中的重复session元素 15 16 if(!s.equals(session)){ 17 s.invalidate();// 废弃之前登陆的session 18 } 19 break; 20 } 21 22 } catch (Exception e) { 23 //e.printStackTrace(); 24 sessionde.add(s); 25 } 26 27 } 28 for (int i = 0; i < sessionde.size(); i++) { 29 sessions.remove((HttpSession) sessionde.get(i)); 30 } 31 sessions.add(session); 32 return null; 33 } 34 }
新增和废弃ServletContext里面的sessionMap的用户session
1 public static void handleSession(HttpSession session) { 2 try { 3 Map<String, HttpSession> sessionMap = (Map<String, HttpSession>) session.getServletContext().getAttribute("sessionMap"); 4 TuserEntity tuser = (TuserEntity) session.getAttribute(Keys.USER_SESSION_KEY); 5 if(sessionMap.get(tuser.getLogname())!=null){ 6 sessionMap.remove(tuser.getLogname()); 7 } 8 sessionMap.put(tuser.getLogname(), session); 9 } catch (Exception e) { 10 System.out.println("session error!"); 11 } 12 }
1 public void sessionDestroyed(HttpSessionEvent se) { 2 Map<String, HttpSession> sessionMap = (Map<String, HttpSession>) se.getSession().getServletContext().getAttribute("sessionMap"); 3 TuserEntity tuser = (TuserEntity) se.getSession().getAttribute(Keys.USER_SESSION_KEY); 4 if(tuser!=null){ 5 sessionMap.remove(tuser.getLogname()); 6 } 7 }
posted on 2014-07-07 20:06 Brown Qin 阅读(6651) 评论(1) 编辑 收藏 举报