无法通过Jersey RESFUL API从Apache Shiro获取用户会话信息

时间:2017-09-16 17:08:24

标签: java apache jersey jax-rs shiro

我使用Jersey Jax-RS web服务api构建了一个Web服务应用程序,我在其中添加了apache shiro安全框架,我可以使用apache shiro框架登录到系统但我想从另一个页面获取当前用户信息我为此目的写了一个GET方法,但在GET方法中,我无法从Apache Shiro获取会话信息,它返回null,我在下面提供代码信息,请帮我在GET方法中获取会话信息。

这是登录方法,它可以正常工作:

@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public SonucModel loginDeneme(LoginModel loginmodel) throws ClassNotFoundException {

    shiroUser.setUsername(loginmodel.getUsername());
    shiroUser.setPassword(loginmodel.getPassword());

    //sonuc=logindao.sonucDonder(username, password);

    UsernamePasswordToken token = new UsernamePasswordToken(shiroUser.getUsername(), shiroUser.getPassword());
    subject.login(token);

    // UsernamePasswordToken token = new UsernamePasswordToken(username, password);
    String userName = token.getUsername();
    System.out.println("userName:" + userName);

    if(subject.hasRole("admin")) {
        Session session = subject.getSession(true);
        session.setAttribute(CURRENT_USER_KEY, "admin");

        sonucmodel.setSonuc("admin");
        return sonucmodel;
    }
    else if(subject.hasRole("kasiyer")) {

        Session session = subject.getSession(true);
        session.setAttribute(CURRENT_USER_KEY, "kasiyer");
        /* String username = (String) session.getAttribute(CURRENT_USER_KEY);
        System.out.println("Session: " + username);*/
        sonucmodel.setSonuc("kasiyer");
            Session session1 = subject.getSession(false);
            if(session1!=null) {
                String username = (String) session.getAttribute(CURRENT_USER_KEY);
                System.out.println("Session: " + username);
            }
            else if(session1 == null) {
                System.out.println("session boş");
            }

        return sonucmodel;
    }
    //System.out.println("Session: " + username);
    return sonucmodel;

}

但是,这个GET方法无法获取会话信息

@GET
@Produces(MediaType.APPLICATION_JSON)
public String getUser() {

    //Subject subject= SecurityUtils.getSubject();
    Session session = subject.getSession(false);
    String message;
    if(session != null) {
        message = "Current user: " + session.getAttribute(CURRENT_USER_KEY);
    } else {
        message = "No current user, no session created";
    }

    System.out.println(message);

    return message;
 }

这是shiro.ini文件:

[main]
jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.authenticationQuery = SELECT password FROM users where username = ?
jdbcRealm.userRolesQuery = select role from users where username=?

ds = com.mysql.jdbc.jdbc2.optional.MysqlDataSource
ds.serverName = localhost
ds.user = root
ds.password = asd123123
ds.databaseName = marketdb
jdbcRealm.dataSource= $ds

authc.loginUrl = /giris.html
#authc.successUrl = /kasiyer/index.html
user.loginUrl = /giris.html


[urls]
/giris.html = authc
/logout = logout
/admin/** = user, roles[admin]
/kasiyer/** = user, roles[kasiyer]

0 个答案:

没有答案
相关问题
最新问题