spring boot 基於外部權限系統擴展Session Repository實現登錄權限驗證

在進行一些公司內部系統開發中,常常會須要對接公司內部統一的權限管理系統進行權限角色驗證等等。在實際開發過程當中能夠藉助Spring的Session Repository實現權限驗證功能。
實現步驟以下:java

1、添加自定義Session註解EnableUserHttpSessionweb

package com.web.common.session;

import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import java.lang.annotation.Documented;
import java.lang.annotation.Retention;
import java.lang.annotation.Target;

/**
 * 用戶Session
 *
 */
@Retention(java.lang.annotation.RetentionPolicy.RUNTIME)
@Target({java.lang.annotation.ElementType.TYPE})
@Documented
@Import(UserHttpSessionConfiguration.class)
@Configuration
public @interface EnableUserHttpSession {
    /**
     * session 生效最大時間
     *
     * @return
     */
    int maxInactiveIntervalInSeconds() default 1800;
}

2、添加自定義Session Configuration配置UserHttpSessionConfigurationspring

package com.web.common.session;

import java.util.Map;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ImportAware;
import org.springframework.core.annotation.AnnotationAttributes;
import org.springframework.core.type.AnnotationMetadata;
import org.springframework.session.config.annotation.web.http.SpringHttpSessionConfiguration;

import com.pingan.manpan.user.service.AuthService;

/**
 * Session配置
 */
@Configuration
public class UserHttpSessionConfiguration extends SpringHttpSessionConfiguration implements ImportAware {

    //session 最大生存時間
    private Integer maxInactiveIntervalInSeconds = 1800;

    // @Bean配置UserSessionRepository
    @Bean
    public UserSessionRepository sessionRepository(AuthService authService) {
        UserSessionRepository repository = new UserSessionRepository(authService);
        repository.setDefaultMaxInactiveInterval(this.maxInactiveIntervalInSeconds);
        return repository;
    }

/*
 * ImportAware 在註解解析完成後調用 setImportMetadata 註解獲取導入
 *(@Configuration)配置的註解的元數據
 */
    @Override
    public void setImportMetadata(AnnotationMetadata importMetadata) {
        Map<String, Object> enableAttrMap =
                importMetadata.getAnnotationAttributes(EnableHaofangUserHttpSession.class.getName());
        AnnotationAttributes enableAttrs = AnnotationAttributes.fromMap(enableAttrMap);
        this.maxInactiveIntervalInSeconds = enableAttrs.getNumber("maxInactiveIntervalInSeconds");
    }
}

3、自定義Session Repository:UserSessionRepositoryapache

package com.web.common.session;

import java.util.HashMap;
import java.util.Map;
import java.util.Set;

import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.session.ExpiringSession;
import org.springframework.session.SessionRepository;

import com.user.dto.VisitorDTO;
import com.user.service.AuthService;
import com.web.common.constant.WebConstants;
import com.web.common.handler.WebExceptionHandler;

/**
 * 用戶session獲取
 *
 */
public class UserSessionRepository
        implements SessionRepository<UserSessionRepository.UserSession> {
    static Logger LOG = LoggerFactory.getLogger(UserSessionRepository.class);

    /**
     * 生效時間
     */
    private Integer defaultMaxInactiveInterval;

    /**
     * 權限系統訪問服務類
     */
    private AuthService authService;

    /**
     * 構造方法
     *
     * @param authService
     */
    public UserSessionRepository(AuthService authService) {
        super();
        this.authService = authService;
    }

    /**
     * 設置最大生效時間
     *
     * @param defaultMaxInactiveInterval
     */
    public void setDefaultMaxInactiveInterval(int defaultMaxInactiveInterval) {
        this.defaultMaxInactiveInterval = defaultMaxInactiveInterval;
    }

    @Override
    public UserSession createSession() {
        UserSession UserSession = new UserSession();
        UserSession.setNew(true);
        return UserSession;
    }

    @Override
    public void save(UserSession session) {
        if (session.isNew()) {
            String preToken = (String) session.getAttribute(WebConstants.PRE_TOKEN_KEY);
            LOG.info("session save,pretoken:{}",preToken);
            VisitorDTO visitor = authService.getLoginInfoByPreToken(preToken);
            if (visitor != null) {
                session.setToken(visitor.getToken());
                session.setNew(false);
            }
        }
    }

    @Override
    public UserSession getSession(String id) {
        UserSession session = new UserSession();
        // 判斷id是否有效
        VisitorDTO visitor = authService.getLoginInfoByToken(id);
        if ((visitor == null)) {
            session.setToken("");
            session.setNew(true);
            return session;
        }
        session.setToken(id);
        session.setAttribute("visitor", visitor);
        session.setNew(false);
        return session;
    }

    @Override
    public void delete(String id) {
        // 用戶登出
        if (StringUtils.isNotBlank(id)) {
            authService.logout(id);
        }
    }

    /**
     * 封裝相關session
     */
    final class UserSession implements ExpiringSession {

        private Map<String, Object> attributeMap = new HashMap<>();
        private String token;
        private boolean isNew = false;

        public UserSession() {
        }

        public void setNew(boolean aNew) {
            isNew = aNew;
        }

        public boolean isNew() {
            return isNew;
        }

        public void setToken(String token) {
            this.token = token;
        }

        @Override
        public String getId() {
            return this.token;
        }

        @Override
        public Set<String> getAttributeNames() {
            return attributeMap.keySet();
        }

        @Override
        public void setAttribute(String attributeName, Object attributeValue) {
            attributeMap.put(attributeName, attributeValue);
        }

        @Override
        public void removeAttribute(String attributeName) {
            attributeMap.remove(attributeName);
        }

        /*
         * (non-Javadoc)
         *
         * @see org.springframework.session.Session#getAttribute(java.lang.String)
         */
        @Override
        public Object getAttribute(String attributeName) {
            return attributeMap.get(attributeName);
        }

        /*
         * (non-Javadoc)
         *
         * @see org.springframework.session.ExpiringSession#getCreationTime()
         */
        @Override
        public long getCreationTime() {
            // TODO Auto-generated method stub
            return 0;
        }

        /*
         * (non-Javadoc)
         *
         * @see org.springframework.session.ExpiringSession#setLastAccessedTime(long)
         */
        @Override
        public void setLastAccessedTime(long lastAccessedTime) {
            // TODO Auto-generated method stub

        }

        /*
         * (non-Javadoc)
         *
         * @see org.springframework.session.ExpiringSession#getLastAccessedTime()
         */
        @Override
        public long getLastAccessedTime() {
            // TODO Auto-generated method stub
            return 0;
        }

        /*
         * (non-Javadoc)
         *
         * @see org.springframework.session.ExpiringSession#setMaxInactiveIntervalInSeconds(int)
         */
        @Override
        public void setMaxInactiveIntervalInSeconds(int interval) {
            // TODO Auto-generated method stub

        }

        /*
         * (non-Javadoc)
         *
         * @see org.springframework.session.ExpiringSession#getMaxInactiveIntervalInSeconds()
         */
        @Override
        public int getMaxInactiveIntervalInSeconds() {
            // TODO Auto-generated method stub
            return 0;
        }

        /*
         * (non-Javadoc)
         *
         * @see org.springframework.session.ExpiringSession#isExpired()
         */
        @Override
        public boolean isExpired() {
            // TODO Auto-generated method stub
            return false;
        }
    }
}

4、在Spring WEB配置中啓用Spring Sessionsession

package com.pingan.manpan.web.common.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.session.web.http.SessionRepositoryFilter;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;

import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;

import com.web.common.interceptor.AuthorizationInterceptor;

/**
 * WEB相關配置
 *
 */
@Configuration
public class WebConfiguration extends WebMvcConfigurationSupport {

    @Autowired
    private AuthorizationInterceptor authorizationInterceptor;

    @Autowired
    private SessionRepositoryFilter sessionRepositoryFilter;

    /**
     * 登錄權限驗證攔截器
     *
     * @return
     */   
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(authorizationInterceptor).addPathPatterns(WebConstants.BASE_API_PATH + "/**");
    }


    /**
     * session wrapper對應Filter註冊啓用Spring Session
     *
     * @return
     */
    @Bean
    public FilterRegistrationBean sessionRepositoryFilterRegistrationBean() {
        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
        filterRegistrationBean.setFilter(sessionRepositoryFilter);
        filterRegistrationBean.addUrlPatterns(WebConstants.BASE_API_PATH + "/*");
        return filterRegistrationBean;
    }

}
相關文章
相關標籤/搜索