配合OAuth2进行单设备登陆拦截
要进行单设备登陆,在其余地点登陆后,本地的其余操做会被拦截返回登陆界面。javascript
原理就在于要在登陆时在redis中存储Session,进行操做时要进行Session的比对。java
具体实现,假设咱们的OAuth 2的登陆调用接口以下:redis
共享Session,User模块跟OAuth模块都要设置spring
@Configuration
@EnableRedisHttpSession
public class SessionConfig {
}
Feignapi
@Component
@FeignClient("oauth-center")
public interface Oauth2Client {
/**
* 获取access_token<br>
* 这是spring-security-oauth2底层的接口,类TokenEndpoint<br>
*
* @param parameters
* @return
* @see org.springframework.security.oauth2.provider.endpoint.TokenEndpoint
*/
@PostMapping(path = "/api-o/oauth/token")
Map<String, Object> postAccessToken(@RequestParam Map<String, String> parameters);
/**
* 删除access_token和refresh_token<br>
* 认证中心的OAuth2Controller方法removeToken
*
* @param access_token
*/
@DeleteMapping(path = "/api-o/remove_token")
void removeToken(@RequestParam("access_token") String access_token);
}
Controller服务器
/**
* Created by Administrator on 2018/10/19.
*/
@Slf4j
@RestController
public class UserTokenController {
@Autowired
private Oauth2Client oauth2Client;
@Resource
private RedisService redisServiceImpl;
/**
* 系统登录<br>
* 根据用户名登陆<br>
* 采用oauth2密码模式获取access_token和refresh_token
*
* @param loginParam
* @return
*/
@PostMapping("/users-anon/sys/logins")
public Map<String, Object> login(@RequestBody LoginParam loginParam,HttpServletRequest request) {
Map<String, String> parameters = new HashMap<>();
parameters.put(OAuth2Utils.GRANT_TYPE, "password");
parameters.put(OAuth2Utils.CLIENT_ID, "system");
// parameters.put(OAuth2Utils.CLIENT_ID, "system");
parameters.put("client_secret", "system");
parameters.put(OAuth2Utils.SCOPE, "app");
// parameters.put("username", username);
// 为了支持多类型登陆,这里在username后拼装上登陆类型
parameters.put("username", loginParam.getUsername() + "|" + CredentialType.USERNAME.name());
parameters.put("password", loginParam.getPassword());
parameters.put("status","200");
Map<String, Object> tokenInfo = null;
try {
tokenInfo = oauth2Client.postAccessToken(parameters);
}catch (Exception e){
e.printStackTrace();
return ResponseUtils.getResult(500,"login failed");
}
// saveLoginLog(username, "用户名密码登录", BlackIPAccessFilter.getIpAddress(request));
return ResponseUtils.getDataResult(tokenInfo);
}
}
加入Session的存储session
/**
* Created by Administrator on 2018/10/19.
*/
@Slf4j
@RestController
public class UserTokenController {
@Autowired
private Oauth2Client oauth2Client;
@Resource
private RedisService redisServiceImpl;
/**
* 系统登录<br>
* 根据用户名登陆<br>
* 采用oauth2密码模式获取access_token和refresh_token
*
* @param loginParam
* @return
*/
@PostMapping("/users-anon/sys/logins")
public Map<String, Object> login(@RequestBody LoginParam loginParam, HttpServletRequest request) {
Map<String, String> parameters = new HashMap<>();
parameters.put(OAuth2Utils.GRANT_TYPE, "password");
parameters.put(OAuth2Utils.CLIENT_ID, "system");
// parameters.put(OAuth2Utils.CLIENT_ID, "system");
parameters.put("client_secret", "system");
parameters.put(OAuth2Utils.SCOPE, "app");
// parameters.put("username", username);
// 为了支持多类型登陆,这里在username后拼装上登陆类型
parameters.put("username", loginParam.getUsername() + "|" + CredentialType.USERNAME.name());
parameters.put("password", loginParam.getPassword());
parameters.put("status","200");
Map<String, Object> tokenInfo = null;
try {
tokenInfo = oauth2Client.postAccessToken(parameters);
HttpSession session = request.getSession();
String sessionId = UUID.randomUUID().toString();
//此处修改成共享Session
session.setAttribute("sessionId", sessionId);
session.setAttribute("username",loginParam.getUsername());
String key = loginParam.getUsername() + "-onlyLogin";
redisServiceImpl.set(key,sessionId);
redisServiceImpl.expire(key,30 * 60);
redisServiceImpl.hset("sessionHash",sessionId,loginParam.getUsername());
}catch (Exception e){
e.printStackTrace();
return ResponseUtils.getResult(500,"login failed");
}
// saveLoginLog(username, "用户名密码登录", BlackIPAccessFilter.getIpAddress(request));
return ResponseUtils.getDataResult(tokenInfo);
}
}
配置拦截器app
@Slf4j
@Component
public class RedisInterceptor extends HandlerInterceptorAdapter {
@Resource
private RedisService redisServiceImpl;
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable Exception ex) throws Exception {
}
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
HttpSession session = request.getSession();
//读取共享Session
String requestedSessionId = (String) session.getAttribute("sessionId");
String userName = null;
response.setCharacterEncoding("utf-8");
response.setContentType("text/javascript;charset=utf-8");
try {
if (!StringUtils.isEmpty(requestedSessionId)) {
userName = redisServiceImpl.hget("sessionHash", requestedSessionId);
}
if (StringUtils.isEmpty(userName)) {
response.getWriter().write("{\"message\":\"请先登录\"}");
return false;
} else {
String cacheSessionId = null;
String sessionKey = userName + "-onlyLogin";
try {
cacheSessionId = redisServiceImpl.get(sessionKey);
} catch (Exception e) {
e.printStackTrace();
}
if (StringUtils.isEmpty(cacheSessionId)) {
response.getWriter().write("{\"message\":\"请先登录\"}");
return false;
} else {
if (!cacheSessionId.equals(requestedSessionId)) {
response.getWriter().write("{\"message\":\"您的帐号已在别处登录,请从新登录\"}");
return false;
} else {
redisServiceImpl.expire(sessionKey, 30 * 60);
return super.preHandle(request, response, handler);
}
}
}
}catch (Exception e) {
e.printStackTrace();
}
response.getWriter().write("{\"message\":\"服务器忙\"}");
return false;
}
}
拦截器就是为了获取每次的Session,而且跟redis中的session进行比对,若是session不一样,则进行拦截。dom
@Configuration
public class RedisSessionConfig extends WebMvcConfigurerAdapter {
@Autowired
private RedisInterceptor redisInterceptor;
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(redisInterceptor).excludePathPatterns("/**/users-anon/**").excludePathPatterns("/api-o/oauth/token");
super.addInterceptors(registry);
}
}
这里要配置对登陆的url以及feign的url进行放行,则能够对多地点登陆时,使以前的登陆没法操做。ide
相关文章
- 1. Springboot 拦截器配置(登陆拦截)
- 2. Springboot 拦截器配置(登陆拦截)
- 3. 登陆拦截设置白名单-坑
- 4. SpringBoot拦截器实现登陆拦截
- 5. nodejs+express中设置登陆拦截器
- 6. SpringBoot 2.X配置登陆拦截器
- 7. 使用spring拦截器与自定义注解进行登陆拦截
- 8. 实现 OAuth2 单点登陆SSO—单点登陆和OAuth2概述
- 9. SSH登陆拦截器1
- 10. springmvc 的登陆拦截
- 更多相关文章...
- • 移动设备 统计 - 浏览器信息
- • Eclipse 运行配置(Run Configuration) - Eclipse 教程
- • IntelliJ IDEA代码格式化设置
- • IntelliJ IDEA 代码格式化配置和快捷键
相关标签/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
欢迎关注本站公众号,获取更多信息
