Pre Merge pull request !322 from 阿浪/master

ruoyi-admin/src/main/resources/static/i18n/messages.properties

@@ -1,6 +1,7 @@
 #错误消息
 not.null=* 必须填写
 user.jcaptcha.error=验证码错误
+user.existing=已有用户登录，请先退出当前登录的用户
 user.not.exists=用户不存在/密码错误
 user.password.not.match=用户不存在/密码错误
 user.password.retry.limit.count=密码输入错误{0}次

ruoyi-common/src/main/java/com/ruoyi/common/exception/user/UserExistingException.java

@@ -0,0 +1,14 @@
+package com.ruoyi.common.exception.user;
+
+/**
+ * 同浏览器 防止不同用户登录时
+ * 后者覆盖前者的sessionid
+ * 解决方案（同一浏览器中 第二个不同的用户登录时拒绝 需要先下线第一个用户）
+ */
+public class UserExistingException extends UserException {
+    private static final long serialVersionUID = 1L;
+
+    public UserExistingException() {
+        super("user.existing", null);
+    }
+}

ruoyi-framework/src/main/java/com/ruoyi/framework/shiro/realm/UserRealm.java

@@ -2,6 +2,8 @@ package com.ruoyi.framework.shiro.realm;
 
 import java.util.HashSet;
 import java.util.Set;
+
+import com.ruoyi.common.exception.user.*;
 import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.authc.AuthenticationInfo;
 import org.apache.shiro.authc.AuthenticationToken;
@@ -21,12 +23,6 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import com.ruoyi.common.core.domain.entity.SysUser;
-import com.ruoyi.common.exception.user.CaptchaException;
-import com.ruoyi.common.exception.user.RoleBlockedException;
-import com.ruoyi.common.exception.user.UserBlockedException;
-import com.ruoyi.common.exception.user.UserNotExistsException;
-import com.ruoyi.common.exception.user.UserPasswordNotMatchException;
-import com.ruoyi.common.exception.user.UserPasswordRetryLimitExceedException;
 import com.ruoyi.common.utils.ShiroUtils;
 import com.ruoyi.framework.shiro.service.SysLoginService;
 import com.ruoyi.system.service.ISysMenuService;
@@ -99,6 +95,9 @@ public class UserRealm extends AuthorizingRealm
         {
             user = loginService.login(username, password);
         }
+        catch (UserExistingException e){
+            throw new UnknownAccountException(e.getMessage(), e);
+        }
         catch (CaptchaException e)
         {
             throw new AuthenticationException(e.getMessage(), e);

ruoyi-framework/src/main/java/com/ruoyi/framework/shiro/service/SysLoginService.java

@@ -1,5 +1,6 @@
 package com.ruoyi.framework.shiro.service;
 
+import com.ruoyi.common.exception.user.*;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import com.ruoyi.common.constant.Constants;
@@ -7,11 +8,6 @@ import com.ruoyi.common.constant.ShiroConstants;
 import com.ruoyi.common.constant.UserConstants;
 import com.ruoyi.common.core.domain.entity.SysUser;
 import com.ruoyi.common.enums.UserStatus;
-import com.ruoyi.common.exception.user.CaptchaException;
-import com.ruoyi.common.exception.user.UserBlockedException;
-import com.ruoyi.common.exception.user.UserDeleteException;
-import com.ruoyi.common.exception.user.UserNotExistsException;
-import com.ruoyi.common.exception.user.UserPasswordNotMatchException;
 import com.ruoyi.common.utils.DateUtils;
 import com.ruoyi.common.utils.MessageUtils;
 import com.ruoyi.common.utils.ServletUtils;
@@ -40,6 +36,11 @@ public class SysLoginService
      */
     public SysUser login(String username, String password)
     {
+        //检查此次会话中的sessionid是否已经有用户绑定，防止session覆盖
+        SysUser existingUser = null;
+        if((existingUser = ShiroUtils.getSysUser()) != null && !existingUser.getLoginName().equals(username)){
+            throw new UserExistingException();
+        }
         // 验证码校验
         if (ShiroConstants.CAPTCHA_ERROR.equals(ServletUtils.getRequest().getAttribute(ShiroConstants.CURRENT_CAPTCHA)))
         {