spring boot 基於外部權限系統擴展Session Repository實現登錄權限驗證
在進行一些公司內部系統開發中,常常會須要對接公司內部統一的權限管理系統進行權限角色驗證等等。在實際開發過程當中能夠藉助Spring的Session Repository實現權限驗證功能。
實現步驟以下:java
1、添加自定義Session註解EnableUserHttpSessionweb
package com.web.common.session;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import java.lang.annotation.Documented;
import java.lang.annotation.Retention;
import java.lang.annotation.Target;
/**
* 用戶Session
*
*/
@Retention(java.lang.annotation.RetentionPolicy.RUNTIME)
@Target({java.lang.annotation.ElementType.TYPE})
@Documented
@Import(UserHttpSessionConfiguration.class)
@Configuration
public @interface EnableUserHttpSession {
/**
* session 生效最大時間
*
* @return
*/
int maxInactiveIntervalInSeconds() default 1800;
}
2、添加自定義Session Configuration配置UserHttpSessionConfigurationspring
package com.web.common.session;
import java.util.Map;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ImportAware;
import org.springframework.core.annotation.AnnotationAttributes;
import org.springframework.core.type.AnnotationMetadata;
import org.springframework.session.config.annotation.web.http.SpringHttpSessionConfiguration;
import com.pingan.manpan.user.service.AuthService;
/**
* Session配置
*/
@Configuration
public class UserHttpSessionConfiguration extends SpringHttpSessionConfiguration implements ImportAware {
//session 最大生存時間
private Integer maxInactiveIntervalInSeconds = 1800;
// @Bean配置UserSessionRepository
@Bean
public UserSessionRepository sessionRepository(AuthService authService) {
UserSessionRepository repository = new UserSessionRepository(authService);
repository.setDefaultMaxInactiveInterval(this.maxInactiveIntervalInSeconds);
return repository;
}
/*
* ImportAware 在註解解析完成後調用 setImportMetadata 註解獲取導入
*(@Configuration)配置的註解的元數據
*/
@Override
public void setImportMetadata(AnnotationMetadata importMetadata) {
Map<String, Object> enableAttrMap =
importMetadata.getAnnotationAttributes(EnableHaofangUserHttpSession.class.getName());
AnnotationAttributes enableAttrs = AnnotationAttributes.fromMap(enableAttrMap);
this.maxInactiveIntervalInSeconds = enableAttrs.getNumber("maxInactiveIntervalInSeconds");
}
}
3、自定義Session Repository:UserSessionRepositoryapache
package com.web.common.session;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.session.ExpiringSession;
import org.springframework.session.SessionRepository;
import com.user.dto.VisitorDTO;
import com.user.service.AuthService;
import com.web.common.constant.WebConstants;
import com.web.common.handler.WebExceptionHandler;
/**
* 用戶session獲取
*
*/
public class UserSessionRepository
implements SessionRepository<UserSessionRepository.UserSession> {
static Logger LOG = LoggerFactory.getLogger(UserSessionRepository.class);
/**
* 生效時間
*/
private Integer defaultMaxInactiveInterval;
/**
* 權限系統訪問服務類
*/
private AuthService authService;
/**
* 構造方法
*
* @param authService
*/
public UserSessionRepository(AuthService authService) {
super();
this.authService = authService;
}
/**
* 設置最大生效時間
*
* @param defaultMaxInactiveInterval
*/
public void setDefaultMaxInactiveInterval(int defaultMaxInactiveInterval) {
this.defaultMaxInactiveInterval = defaultMaxInactiveInterval;
}
@Override
public UserSession createSession() {
UserSession UserSession = new UserSession();
UserSession.setNew(true);
return UserSession;
}
@Override
public void save(UserSession session) {
if (session.isNew()) {
String preToken = (String) session.getAttribute(WebConstants.PRE_TOKEN_KEY);
LOG.info("session save,pretoken:{}",preToken);
VisitorDTO visitor = authService.getLoginInfoByPreToken(preToken);
if (visitor != null) {
session.setToken(visitor.getToken());
session.setNew(false);
}
}
}
@Override
public UserSession getSession(String id) {
UserSession session = new UserSession();
// 判斷id是否有效
VisitorDTO visitor = authService.getLoginInfoByToken(id);
if ((visitor == null)) {
session.setToken("");
session.setNew(true);
return session;
}
session.setToken(id);
session.setAttribute("visitor", visitor);
session.setNew(false);
return session;
}
@Override
public void delete(String id) {
// 用戶登出
if (StringUtils.isNotBlank(id)) {
authService.logout(id);
}
}
/**
* 封裝相關session
*/
final class UserSession implements ExpiringSession {
private Map<String, Object> attributeMap = new HashMap<>();
private String token;
private boolean isNew = false;
public UserSession() {
}
public void setNew(boolean aNew) {
isNew = aNew;
}
public boolean isNew() {
return isNew;
}
public void setToken(String token) {
this.token = token;
}
@Override
public String getId() {
return this.token;
}
@Override
public Set<String> getAttributeNames() {
return attributeMap.keySet();
}
@Override
public void setAttribute(String attributeName, Object attributeValue) {
attributeMap.put(attributeName, attributeValue);
}
@Override
public void removeAttribute(String attributeName) {
attributeMap.remove(attributeName);
}
/*
* (non-Javadoc)
*
* @see org.springframework.session.Session#getAttribute(java.lang.String)
*/
@Override
public Object getAttribute(String attributeName) {
return attributeMap.get(attributeName);
}
/*
* (non-Javadoc)
*
* @see org.springframework.session.ExpiringSession#getCreationTime()
*/
@Override
public long getCreationTime() {
// TODO Auto-generated method stub
return 0;
}
/*
* (non-Javadoc)
*
* @see org.springframework.session.ExpiringSession#setLastAccessedTime(long)
*/
@Override
public void setLastAccessedTime(long lastAccessedTime) {
// TODO Auto-generated method stub
}
/*
* (non-Javadoc)
*
* @see org.springframework.session.ExpiringSession#getLastAccessedTime()
*/
@Override
public long getLastAccessedTime() {
// TODO Auto-generated method stub
return 0;
}
/*
* (non-Javadoc)
*
* @see org.springframework.session.ExpiringSession#setMaxInactiveIntervalInSeconds(int)
*/
@Override
public void setMaxInactiveIntervalInSeconds(int interval) {
// TODO Auto-generated method stub
}
/*
* (non-Javadoc)
*
* @see org.springframework.session.ExpiringSession#getMaxInactiveIntervalInSeconds()
*/
@Override
public int getMaxInactiveIntervalInSeconds() {
// TODO Auto-generated method stub
return 0;
}
/*
* (non-Javadoc)
*
* @see org.springframework.session.ExpiringSession#isExpired()
*/
@Override
public boolean isExpired() {
// TODO Auto-generated method stub
return false;
}
}
}
4、在Spring WEB配置中啓用Spring Sessionsession
package com.pingan.manpan.web.common.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.session.web.http.SessionRepositoryFilter;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;
import com.web.common.interceptor.AuthorizationInterceptor;
/**
* WEB相關配置
*
*/
@Configuration
public class WebConfiguration extends WebMvcConfigurationSupport {
@Autowired
private AuthorizationInterceptor authorizationInterceptor;
@Autowired
private SessionRepositoryFilter sessionRepositoryFilter;
/**
* 登錄權限驗證攔截器
*
* @return
*/
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(authorizationInterceptor).addPathPatterns(WebConstants.BASE_API_PATH + "/**");
}
/**
* session wrapper對應Filter註冊啓用Spring Session
*
* @return
*/
@Bean
public FilterRegistrationBean sessionRepositoryFilterRegistrationBean() {
FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
filterRegistrationBean.setFilter(sessionRepositoryFilter);
filterRegistrationBean.addUrlPatterns(WebConstants.BASE_API_PATH + "/*");
return filterRegistrationBean;
}
}
相關文章
- 1. 登陸權限驗證session
- 2. 實現用戶登錄權限驗證
- 3. spring boot 基礎 spring security 權限驗證
- 4. Springboot整合Security實現登錄權限驗證
- 5. SpringAOP01 利用AOP實現權限驗證、利用權限驗證服務實現權限驗證
- 6. Spring實現擁有者權限驗證
- 7. 權限驗證
- 8. spring boot 註解權限驗證
- 9. 登陸權限驗證token
- 10. codeigniter登錄 auth權限驗證
- 更多相關文章...
- • MySQL刪除用戶權限(REVOKE) - MySQL教程
- • XSD 限定 / Facets - XML Schema 教程
- • ☆基於Java Instrument的Agent實現
- • Spring Cloud 微服務實戰(三) - 服務註冊與發現
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
