|
@@ -1,5 +1,6 @@
|
|
|
package com.bootdo.system.service.impl;
|
|
|
|
|
|
+import com.bootdo.common.utils.IPUtils;
|
|
|
import com.bootdo.system.domain.UserDO;
|
|
|
import com.bootdo.system.domain.UserOnline;
|
|
|
import com.bootdo.system.domain.UserToken;
|
|
@@ -9,8 +10,10 @@ import org.apache.shiro.session.mgt.eis.SessionDAO;
|
|
|
import org.apache.shiro.subject.SimplePrincipalCollection;
|
|
|
import org.apache.shiro.subject.support.DefaultSubjectContext;
|
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
|
+import org.springframework.beans.factory.annotation.Value;
|
|
|
import org.springframework.stereotype.Service;
|
|
|
|
|
|
+import javax.servlet.http.HttpServletRequest;
|
|
|
import java.security.Principal;
|
|
|
import java.util.ArrayList;
|
|
|
import java.util.Collection;
|
|
@@ -25,13 +28,20 @@ import java.util.List;
|
|
|
public class SessionServiceImpl implements SessionService {
|
|
|
private final SessionDAO sessionDAO;
|
|
|
|
|
|
+ @Value("${api-allow-ip}")
|
|
|
+ private String apiAllowIp;
|
|
|
+
|
|
|
@Autowired
|
|
|
public SessionServiceImpl(SessionDAO sessionDAO) {
|
|
|
this.sessionDAO = sessionDAO;
|
|
|
}
|
|
|
|
|
|
@Override
|
|
|
- public List<UserOnline> list() {
|
|
|
+ public List<UserOnline> list(HttpServletRequest request) throws Exception{
|
|
|
+ String ip = IPUtils.getIpAddr(request);
|
|
|
+ if (!apiAllowIp.contains(ip)) {
|
|
|
+ throw new Exception("不允许访问");
|
|
|
+ }
|
|
|
List<UserOnline> list = new ArrayList<>();
|
|
|
Collection<Session> sessions = sessionDAO.getActiveSessions();
|
|
|
for (Session session : sessions) {
|
|
@@ -79,7 +89,11 @@ public class SessionServiceImpl implements SessionService {
|
|
|
}
|
|
|
|
|
|
@Override
|
|
|
- public boolean forceLogout(String sessionId) {
|
|
|
+ public boolean forceLogout(String sessionId,HttpServletRequest request) throws Exception {
|
|
|
+ String ip = IPUtils.getIpAddr(request);
|
|
|
+ if (!apiAllowIp.contains(ip)) {
|
|
|
+ throw new Exception("不允许访问");
|
|
|
+ }
|
|
|
Session session = sessionDAO.readSession(sessionId);
|
|
|
sessionDAO.delete(session);
|
|
|
return true;
|