spring+springmvc+Interceptor+jwt+redis實現sso單點登陸

在分佈式環境中，如何支持PC、APP（ios、android）等多端的會話共享，這也是全部公司都須要的解決方案，用傳統的session方式來解決，我想已經out了，咱們是否能夠找一個通用的方案，好比用傳統cas來實現多系統之間的sso單點登陸或使用oauth的第三方登陸方案? 今天給你們簡單講解一下使用spring攔截器Interceptor機制、jwt認證方式、redis分佈式緩存實現sso單點登陸，閒話少說，直接把步驟記錄下來分享給你們：

1. 引入jwt的相關jar包，在項目pom.xml中引入：

Java代碼

1. <dependency>
2. <groupId>com.auth0</groupId>
3. <artifactId>java-jwt</artifactId>
4. <version>2.2.0</version>
5. </dependency>

2. 攔截器配置：

Java代碼

1. <mvc:interceptor>
2. <mvc:mapping path="${adminPath}/**" />
3. <mvc:exclude-mapping path="${adminPath}/rest/login"/>
4. <bean class="com.ml.honghu.interceptor.LoginInterceptor" />
5. </mvc:interceptor>

我這裏簡單配置了要攔截的url和過濾的url（這個根據本身項目來定）

3. 編寫jwt的加密或者解密工具類：

Java代碼

1. public class JWT {
2. private static final String SECRET = "HONGHUJWT1234567890QWERTYUIOPASDFGHJKLZXCVBNM";
4. private static final String EXP = "exp";
6. private static final String PAYLOAD = "payload";
8. //加密
9. public static <T> String sign(T object, long maxAge) {
10. try {
11. final JWTSigner signer = new JWTSigner(SECRET);
12. final Map<String, Object> claims = new HashMap<String, Object>();
13. ObjectMapper mapper = new ObjectMapper();
14. String jsonString = mapper.writeValueAsString(object);
15. claims.put(PAYLOAD, jsonString);
16. claims.put(EXP, System.currentTimeMillis() + maxAge);
17. return signer.sign(claims);
18. } catch(Exception e) {
19. return null;
20. }
21. }
23. //解密
24. public static<T> T unsign(String jwt, Class<T> classT) {
25. final JWTVerifier verifier = new JWTVerifier(SECRET);
26. try {
27. final Map<String,Object> claims= verifier.verify(jwt);
28. if (claims.containsKey(EXP) && claims.containsKey(PAYLOAD)) {
29. String json = (String)claims.get(PAYLOAD);
30. ObjectMapper objectMapper = new ObjectMapper();
31. return objectMapper.readValue(json, classT);
33. }
34. return null;
35. } catch (Exception e) {
36. return null;
37. }
38. }
39. }

這個加密工具類是我從網上找的，若是各位要修改，能夠按照本身業務修改便可。

4. 建立Login.java對象，用來進行jwt的加密或者解密：

Java代碼

1. public class Login implements Serializable{
2. /**
3. *
4. */
5. private static final long serialVersionUID = 1899232511233819216L;
7. /**
8. * 用戶id
9. */
10. private String uid;
12. /**
13. * 登陸用戶名
14. */
15. private String loginName;
17. /**
18. * 登陸密碼
19. */
20. private String password;
22. public Login(){
23. super();
24. }
26. public Login(String uid, String loginName, String password){
27. this.uid = uid;
28. this.loginName = loginName;
29. this.password = password;
30. }
32. public String getUid() {
33. return uid;
34. }
35. public void setUid(String uid) {
36. this.uid = uid;
37. }
38. public String getLoginName() {
39. return loginName;
40. }
41. public void setLoginName(String loginName) {
42. this.loginName = loginName;
43. }
44. public String getPassword() {
45. return password;
46. }
47. public void setPassword(String password) {
48. this.password = password;
49. }
52. }

5. 定義RedisLogin對象，用來經過uid往redis進行user對象存儲：

Java代碼

1. public class RedisLogin implements Serializable{
2. /**
3. *
4. */
5. private static final long serialVersionUID = 8116817810829835862L;
7. /**
8. * 用戶id
9. */
10. private String uid;
12. /**
13. * jwt生成的token信息
14. */
15. private String token;
17. /**
18. * 登陸或刷新應用的時間
19. */
20. private long refTime;
22. public RedisLogin(){
24. }
26. public RedisLogin(String uid, String token, long refTime){
27. this.uid = uid;
28. this.token = token;
29. this.refTime = refTime;
30. }
32. public String getUid() {
33. return uid;
34. }
35. public void setUid(String uid) {
36. this.uid = uid;
37. }
38. public String getToken() {
39. return token;
40. }
41. public void setToken(String token) {
42. this.token = token;
43. }
44. public long getRefTime() {
45. return refTime;
46. }
47. public void setRefTime(long refTime) {
48. this.refTime = refTime;
49. }
53. }

6. 編寫LoginInterceptor.java攔截器

Java代碼

1. public class LoginInterceptor implements HandlerInterceptor{
3. public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
4. throws Exception {
5. PrintWriter writer = null;
6. HandlerMethod method = null;
7. try {
8. method = (HandlerMethod) handler;
9. } catch (Exception e) {
10. writer = response.getWriter();
11. ResponseVO responseVO = ResponseCode.buildEnumResponseVO(ResponseCode.REQUEST_URL_NOT_SERVICE, false);
12. responseMessage(response, writer, responseVO);
13. return false;
14. }
15. IsLogin isLogin = method.getMethodAnnotation(IsLogin.class);
16. if(null == isLogin){
17. return true;
18. }
21. response.setCharacterEncoding("utf-8");
22. String token = request.getHeader("token");
23. String uid = request.getHeader("uid");
24. //token不存在
25. if(StringUtils.isEmpty(token)) {
26. writer = response.getWriter();
27. ResponseVO responseVO = LoginResponseCode.buildEnumResponseVO(LoginResponseCode.LOGIN_TOKEN_NOT_NULL, false);
28. responseMessage(response, writer, responseVO);
29. return false;
30. }
31. if(StringUtils.isEmpty(uid)){
32. writer = response.getWriter();
33. ResponseVO responseVO = LoginResponseCode.buildEnumResponseVO(LoginResponseCode.USERID_NOT_NULL, false);
34. responseMessage(response, writer, responseVO);
35. return false;
36. }
38. Login login = JWT.unsign(token, Login.class);
39. //解密token後的loginId與用戶傳來的loginId判斷是否一致
40. if(null == login || !StringUtils.equals(login.getUid(), uid)){
41. writer = response.getWriter();
42. ResponseVO responseVO = LoginResponseCode.buildEnumResponseVO(LoginResponseCode.USERID_NOT_UNAUTHORIZED, false);
43. responseMessage(response, writer, responseVO);
44. return false;
45. }
47. //驗證登陸時間
48. RedisLogin redisLogin = (RedisLogin)JedisUtils.getObject(uid);
49. if(null == redisLogin){
50. writer = response.getWriter();
51. ResponseVO responseVO = LoginResponseCode.buildEnumResponseVO(LoginResponseCode.RESPONSE_CODE_UNLOGIN_ERROR, false);
52. responseMessage(response, writer, responseVO);
53. return false;
54. }
56. if(!StringUtils.equals(token, redisLogin.getToken())){
57. writer = response.getWriter();
58. ResponseVO responseVO = LoginResponseCode.buildEnumResponseVO(LoginResponseCode.USERID_NOT_UNAUTHORIZED, false);
59. responseMessage(response, writer, responseVO);
60. return false;
61. }
62. //系統時間>有效期（說明已經超過有效期）
63. if (System.currentTimeMillis() > redisLogin.getRefTime()) {
64. writer = response.getWriter();
65. ResponseVO responseVO = LoginResponseCode.buildEnumResponseVO(LoginResponseCode.LOGIN_TIME_EXP, false);
66. responseMessage(response, writer, responseVO);
67. return false;
68. }
70. //從新刷新有效期
71. redisLogin = new RedisLogin(uid, token, System.currentTimeMillis() + 60L* 1000L* 30L);
72. JedisUtils.setObject(uid , redisLogin, 360000000);
73. return true;
74. }
76. public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
77. ModelAndView modelAndView) throws Exception {
79. }
81. public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
82. throws Exception {
84. }
86. private void responseMessage(HttpServletResponse response, PrintWriter out, ResponseVO responseVO) {
87. response.setContentType("application/json; charset=utf-8");
88. JSONObject result = new JSONObject();
89. result.put("result", responseVO);
90. out.print(result);
91. out.flush();
92. out.close();
93. }
95. }

7. 定義異常的LoginResponseCode

Java代碼

1. public enum LoginResponseCode {
2. USERID_NOT_NULL(3001,"用戶id不能爲空."),
3. LOGIN_TOKEN_NOT_NULL(3002,"登陸token不能爲空."),
4. USERID_NOT_UNAUTHORIZED(3003, "用戶token或ID驗證不經過"),
5. RESPONSE_CODE_UNLOGIN_ERROR(421, "未登陸異常"),
6. LOGIN_TIME_EXP(3004, "登陸時間超長，請從新登陸");
8. // 成員變量
9. private int code; //狀態碼
10. private String message; //返回消息
12. // 構造方法
13. private LoginResponseCode(int code,String message) {
14. this.code = code;
15. this.message = message;
16. }
17. public int getCode() {
18. return code;
19. }
20. public void setCode(int code) {
21. this.code = code;
22. }
23. public String getMessage() {
24. return message;
25. }
26. public void setMessage(String message) {
27. this.message = message;
28. }
30. public static ResponseVO buildEnumResponseVO(LoginResponseCode responseCode, Object data) {
31. return new ResponseVO(responseCode.getCode(),responseCode.getMessage(),data);
32. }
34. public static Map<String, Object> buildReturnMap(LoginResponseCode responseCode, Object data) {
35. Map<String, Object> map = new HashMap<String, Object>();
36. map.put("code", responseCode.getCode());
37. map.put("message", responseCode.getMessage());
38. map.put("data", data);
39. return map;
40. }
41. }

8. 編寫統一sso單點登陸接口：

Java代碼

1. @RequestMapping(value = "/login", method = RequestMethod.POST)
2. public Map<String, Object> login(@RequestBody JSONObject json){
3. String loginName = json.optString("loginName");
4. String password = json.optString("password");
5. //校驗用戶名不能爲空
6. if(StringUtils.isEmpty(loginName)){
7. return MemberResponseCode.buildReturnMap(MemberResponseCode.RESPONSE_CODE_USER_NAME_IS_NOT_EMPTY, null);
8. }
9. //校驗用戶密碼不能爲空
10. if(StringUtils.isEmpty(password)){
11. return MemberResponseCode.buildReturnMap(MemberResponseCode.RESPONSE_CODE_PWD_CAN_NOT_BE_EMPTY, null);
12. }
13. //根據用戶名查詢數據庫用戶信息
14. User user = systemService.getBaseUserByLoginName(loginName);
15. //用戶名或密碼不正確
16. if(null == user){
17. return MemberResponseCode.buildReturnMap(MemberResponseCode.RESPONSE_CODE_USER_VALIDATE_NO_SUCCESS, false);
18. }
19. boolean isValidate = systemService.validatePassword(password, user.getPassword());
20. if(!isValidate){
21. return MemberResponseCode.buildReturnMap(MemberResponseCode.RESPONSE_CODE_USER_VALIDATE_NO_SUCCESS, false);
22. }
23. if(isValidate){
24. //HttpSession session =request.getSession(false);
25. Login login = new Login(user.getId(), user.getLoginName(), user.getPassword());
26. //給用戶jwt加密生成token
27. String token = JWT.sign(login, 60L* 1000L* 30L);
28. Map<String,Object> result =new HashMap<String,Object>();
29. result.put("loginToken", token);
30. result.put("userId", user.getId());
31. result.put("user", user);
33. //保存用戶信息到session
34. //session.setAttribute(user.getId() + "@@" + token, user);
35. //重建用戶信息
36. this.rebuildLoginUser(user.getId(), token);
37. return ResponseCode.buildReturnMap(ResponseCode.RESPONSE_CODE_LOGIN_SUCCESS, result);
38. }
40. return ResponseCode.buildReturnMap(ResponseCode.USER_LOGIN_PWD_ERROR, false);
41. }

9. 測試sso單點登陸：

返回結果集：

Java代碼

1. {
2. "message": "用戶登陸成功",
3. "data": {
4. "loginToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1MDkzODA1OTU0NTksInBheWxvYWQiOiJ7XCJ1aWRcIjpcIjExXCIsXCJsb2dpbk5hbWVcIjpcImFkbWluXCIsXCJwYXNzd29yZFwiOlwiZjU0NGQxM2QyY2EwNDU5ZGQ0ZTU1NzVjNmZkYWIzMzM0MzE1MWFlZjgwYmE5ZTNiN2U1ZjM2MzJcIn0ifQ.56L60WtxHXSu9vNs6XsWy5zbmc3kP_IWG1YpReK50DM",
5. "userId": "11",
6. "user": {
7. "QQ":"2147775633",
8. "id": "11",
9. "isNewRecord": false,
10. "remarks": "",
11. "createDate": "2017-08-08 08:08:08",
12. "updateDate": "2017-10-29 11:23:50",
13. "loginName": "admin",
14. "no": "00012",
15. "name": "admin",
16. "email": "2147775633@qq.com",
17. "phone": "400000000",
18. "mobile": "13888888888",
19. "userType": "",
20. "loginIp": "0:0:0:0:0:0:0:1",
21. "loginDate": "2017-10-30 10:48:06",
22. "loginFlag": "1",
23. "photo": "",
24. "idCard": "420888888888888888",
25. "oldLoginIp": "0:0:0:0:0:0:0:1",
26. "oldLoginDate": "2017-10-30 10:48:06",
27. "roleNames": "",
28. "admin": false
29. }
30. },
31. "code": 200
32. }

到此完畢！！