在進行一些公司內部系統開發中,常常會須要對接公司內部統一的權限管理系統進行權限角色驗證等等。在實際開發過程當中能夠藉助Spring的Session Repository實現權限驗證功能。
實現步驟以下:java
1、添加自定義Session註解EnableUserHttpSessionweb
package com.web.common.session; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Import; import java.lang.annotation.Documented; import java.lang.annotation.Retention; import java.lang.annotation.Target; /** * 用戶Session * */ @Retention(java.lang.annotation.RetentionPolicy.RUNTIME) @Target({java.lang.annotation.ElementType.TYPE}) @Documented @Import(UserHttpSessionConfiguration.class) @Configuration public @interface EnableUserHttpSession { /** * session 生效最大時間 * * @return */ int maxInactiveIntervalInSeconds() default 1800; }
2、添加自定義Session Configuration配置UserHttpSessionConfigurationspring
package com.web.common.session; import java.util.Map; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.ImportAware; import org.springframework.core.annotation.AnnotationAttributes; import org.springframework.core.type.AnnotationMetadata; import org.springframework.session.config.annotation.web.http.SpringHttpSessionConfiguration; import com.pingan.manpan.user.service.AuthService; /** * Session配置 */ @Configuration public class UserHttpSessionConfiguration extends SpringHttpSessionConfiguration implements ImportAware { //session 最大生存時間 private Integer maxInactiveIntervalInSeconds = 1800; // @Bean配置UserSessionRepository @Bean public UserSessionRepository sessionRepository(AuthService authService) { UserSessionRepository repository = new UserSessionRepository(authService); repository.setDefaultMaxInactiveInterval(this.maxInactiveIntervalInSeconds); return repository; } /* * ImportAware 在註解解析完成後調用 setImportMetadata 註解獲取導入 *(@Configuration)配置的註解的元數據 */ @Override public void setImportMetadata(AnnotationMetadata importMetadata) { Map<String, Object> enableAttrMap = importMetadata.getAnnotationAttributes(EnableHaofangUserHttpSession.class.getName()); AnnotationAttributes enableAttrs = AnnotationAttributes.fromMap(enableAttrMap); this.maxInactiveIntervalInSeconds = enableAttrs.getNumber("maxInactiveIntervalInSeconds"); } }
3、自定義Session Repository:UserSessionRepositoryapache
package com.web.common.session; import java.util.HashMap; import java.util.Map; import java.util.Set; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.session.ExpiringSession; import org.springframework.session.SessionRepository; import com.user.dto.VisitorDTO; import com.user.service.AuthService; import com.web.common.constant.WebConstants; import com.web.common.handler.WebExceptionHandler; /** * 用戶session獲取 * */ public class UserSessionRepository implements SessionRepository<UserSessionRepository.UserSession> { static Logger LOG = LoggerFactory.getLogger(UserSessionRepository.class); /** * 生效時間 */ private Integer defaultMaxInactiveInterval; /** * 權限系統訪問服務類 */ private AuthService authService; /** * 構造方法 * * @param authService */ public UserSessionRepository(AuthService authService) { super(); this.authService = authService; } /** * 設置最大生效時間 * * @param defaultMaxInactiveInterval */ public void setDefaultMaxInactiveInterval(int defaultMaxInactiveInterval) { this.defaultMaxInactiveInterval = defaultMaxInactiveInterval; } @Override public UserSession createSession() { UserSession UserSession = new UserSession(); UserSession.setNew(true); return UserSession; } @Override public void save(UserSession session) { if (session.isNew()) { String preToken = (String) session.getAttribute(WebConstants.PRE_TOKEN_KEY); LOG.info("session save,pretoken:{}",preToken); VisitorDTO visitor = authService.getLoginInfoByPreToken(preToken); if (visitor != null) { session.setToken(visitor.getToken()); session.setNew(false); } } } @Override public UserSession getSession(String id) { UserSession session = new UserSession(); // 判斷id是否有效 VisitorDTO visitor = authService.getLoginInfoByToken(id); if ((visitor == null)) { session.setToken(""); session.setNew(true); return session; } session.setToken(id); session.setAttribute("visitor", visitor); session.setNew(false); return session; } @Override public void delete(String id) { // 用戶登出 if (StringUtils.isNotBlank(id)) { authService.logout(id); } } /** * 封裝相關session */ final class UserSession implements ExpiringSession { private Map<String, Object> attributeMap = new HashMap<>(); private String token; private boolean isNew = false; public UserSession() { } public void setNew(boolean aNew) { isNew = aNew; } public boolean isNew() { return isNew; } public void setToken(String token) { this.token = token; } @Override public String getId() { return this.token; } @Override public Set<String> getAttributeNames() { return attributeMap.keySet(); } @Override public void setAttribute(String attributeName, Object attributeValue) { attributeMap.put(attributeName, attributeValue); } @Override public void removeAttribute(String attributeName) { attributeMap.remove(attributeName); } /* * (non-Javadoc) * * @see org.springframework.session.Session#getAttribute(java.lang.String) */ @Override public Object getAttribute(String attributeName) { return attributeMap.get(attributeName); } /* * (non-Javadoc) * * @see org.springframework.session.ExpiringSession#getCreationTime() */ @Override public long getCreationTime() { // TODO Auto-generated method stub return 0; } /* * (non-Javadoc) * * @see org.springframework.session.ExpiringSession#setLastAccessedTime(long) */ @Override public void setLastAccessedTime(long lastAccessedTime) { // TODO Auto-generated method stub } /* * (non-Javadoc) * * @see org.springframework.session.ExpiringSession#getLastAccessedTime() */ @Override public long getLastAccessedTime() { // TODO Auto-generated method stub return 0; } /* * (non-Javadoc) * * @see org.springframework.session.ExpiringSession#setMaxInactiveIntervalInSeconds(int) */ @Override public void setMaxInactiveIntervalInSeconds(int interval) { // TODO Auto-generated method stub } /* * (non-Javadoc) * * @see org.springframework.session.ExpiringSession#getMaxInactiveIntervalInSeconds() */ @Override public int getMaxInactiveIntervalInSeconds() { // TODO Auto-generated method stub return 0; } /* * (non-Javadoc) * * @see org.springframework.session.ExpiringSession#isExpired() */ @Override public boolean isExpired() { // TODO Auto-generated method stub return false; } } }
4、在Spring WEB配置中啓用Spring Sessionsession
package com.pingan.manpan.web.common.config; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.session.web.http.SessionRepositoryFilter; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport; import com.web.common.interceptor.AuthorizationInterceptor; /** * WEB相關配置 * */ @Configuration public class WebConfiguration extends WebMvcConfigurationSupport { @Autowired private AuthorizationInterceptor authorizationInterceptor; @Autowired private SessionRepositoryFilter sessionRepositoryFilter; /** * 登錄權限驗證攔截器 * * @return */ @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(authorizationInterceptor).addPathPatterns(WebConstants.BASE_API_PATH + "/**"); } /** * session wrapper對應Filter註冊啓用Spring Session * * @return */ @Bean public FilterRegistrationBean sessionRepositoryFilterRegistrationBean() { FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean(); filterRegistrationBean.setFilter(sessionRepositoryFilter); filterRegistrationBean.addUrlPatterns(WebConstants.BASE_API_PATH + "/*"); return filterRegistrationBean; } }