思路:
1.手机app的每一次请求都携带参数(每个手机的唯一设备号),放在请求头中.当app登录成功之后,获取参数存到数据库中.
2.添加拦截器,获取请求头里面的唯一设备号,如果和当前登陆者数据库里面的一致,则通过,否则返回false,提示设备已经登录.
拦截器配置:
<mvc:interceptors>
<!-- 放sql注入攻击防御 -->
<mvc:interceptor>
<!-- 需拦截的地址 -->
<mvc:mapping path="/**" />
<!-- 需排除拦截的地址 -->
<mvc:exclude-mapping path="/resources/**" />
<mvc:exclude-mapping path="/api/auth/cas-app/login" />
<mvc:exclude-mapping path="/auth/cas-app/login" />
<bean class="com.boeryun.interceptor.AppMutexInterceptor" />
</mvc:interceptor>
</mvc:interceptors>
拦截器:
public class AppMutexInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o) throws Exception {
if(("android".equals(Global.getRequest().getHeader("DEVICE-USER-AGENT")) || "ios".equals(Global.getRequest().getHeader("DEVICE-USER-AGENT")))){
String deviceNumber = Global.getRequest().getHeader("deviceNumber");
String sql = MessageFormat.format(" select deviceModel from {0} where uuid =''{1}'' ",
DbHelper.getTableName("base_staff"),Global.getUserId());
if(DbHelper.getScalar(sql)!=null && DbHelper.getScalar(sql).toString().equals(deviceNumber) ){
return true;
}else{
// response.setHeader("Content-Type", "text/html;charset=UTF-8");
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json; charset=utf-8");
JSONObject map = new JSONObject();
map.put("Status", "502");
map.put("Message","您的账号在另外一台设备登录!");
response.getWriter().append(map.toString());
return false;
}
}
return true;
}
@Override
public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
}
}