@PostMapping("/login")
@ResponseBody
public AjaxResult ajaxLogin(String username, String password, Boolean rememberMe)
{
System.out.println("username = " + username);
UsernamePasswordToken token = new UsernamePasswordToken(username, password, rememberMe);
Subject subject = SecurityUtils.getSubject();
try
{
Session session = subject.getSession();
Map attributes = new LinkedHashMap();
Collection<Object> keys = session.getAttributeKeys();
for( Object key : keys) {
Object value = session.getAttribute(key);
if (value != null) {
attributes.put(key, value);
}
}
session.stop();
subject.login(token);
session = subject.getSession();
for( Object key : attributes.keySet() ) {
session.setAttribute(key, attributes.get(key));
}
return success();
}
catch (AuthenticationException e)
{
String msg = "用户或密码错误";
if (StringUtils.isNotEmpty(e.getMessage()))
{
msg = e.getMessage();
}
return error(msg);
}
}
修复shiro固定会话攻击漏洞 sessionId
猜你喜欢
转载自blog.csdn.net/qq_40197728/article/details/121163039
今日推荐
周排行