温馨提示×

温馨提示×

您好,登录后才能下订单哦!

密码登录×
登录注册×
其他方式登录
点击 登录注册 即表示同意《亿速云用户服务条款》

如何使用springSecurity+jwt实现互踢功能

发布时间:2021-11-24 16:28:22 来源:亿速云 阅读:195 作者:小新 栏目:开发技术

小编给大家分享一下如何使用springSecurity+jwt实现互踢功能,相信大部分人都还不怎么了解,因此分享这篇文章给大家参考一下,希望大家阅读完这篇文章后大有收获,下面让我们一起去了解一下吧!

jwt介绍:

        JWT是一种用于双方之间传递安全信息的简洁的、URL安全的表述性声明规范。JWT作为一个开放的标准( RFC 7519 ),定义了一种简洁的,自包含的方法用于通信双方之间以Json对象的形式安全的传递信息。

jwt认证流程介绍:

1. 用户使用账号和面发出post请求; 

2. 服务器使用私钥创建一个jwt; 

3. 服务器返回这个jwt给浏览器; 

4. 浏览器将该jwt串在请求头中像服务器发送请求; 

5. 服务器验证该jwt; 

6. 返回响应的资源给浏览器。

如何使用springSecurity+jwt实现互踢功能

一.思路:

原来的实现用户登录态是:
1.后台登陆成功后生成一个令牌(uuid)----JwtAuthenticationSuccessHandler
2.后台把它包装成jwt数据,然后返回给前端—JwtAuthenticationSuccessHandler
3.后台把它加入redis缓存中,并设置失效时间----JwtAuthenticationSuccessHandler
4.前端调用接口时,带入jwt
5.后台写个拦截器或者过滤器,在前端调用接口的时候,从request的header中获取jwt,在缓存中搜索,如果存在则处于登录态,并重置失效时间(这样用户在有效时间内就处于登录态)—JwtSecurityContextRepository
6.解释下:springSecurity是个过滤器琏,是由一个一个的过滤器组成的

现在的互踢:
1.后台在登陆成功后,用用户id组成一个key,查询redis缓存中的value
2.和新的jwt比较,如果不一样则把查到的jwt当做key从redis中删掉,就是上面第三步存储的
3.把用户id组成一个key,把上面jwt当做value传入缓存中
4.在上面的第5步,也重置下我们这里存储的值

*上面 指的是原来的实现用户登录态

package com.lc.gansu.security.component.jwt;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.lc.gansu.framework.core.ConstantOfReturnCode;
import com.lc.gansu.framework.core.RedisKey;
import com.lc.gansu.framework.core.ReturnObject;
import com.lc.gansu.security.component.SecurityConstants;
import com.lc.gansu.security.domain.User;
import com.lc.gansu.security.utility.JWTHS256;
import lombok.extern.slf4j.Slf4j;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.WebAttributes;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Objects;
import java.util.UUID;
import java.util.concurrent.TimeUnit;

@Slf4j
public class JwtAuthenticationSuccessHandler implements AuthenticationSuccessHandler {

    //private final RequestCache requestCache = new HttpSessionRequestCache();
    private final ObjectMapper jacksonObjectMapper;
    private final RedisTemplate<String, Object> redisTemplate;

    public JwtAuthenticationSuccessHandler(ObjectMapper jacksonObjectMapper, RedisTemplate<String, Object> redisTemplate) {
        this.jacksonObjectMapper = jacksonObjectMapper;
        this.redisTemplate = redisTemplate;
    }

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
        log.info("JwtAuthenticationSuccessHandler=success");
        clearAuthenticationAttributes(request);
        handle(response, authentication);
    }

    protected final void clearAuthenticationAttributes(HttpServletRequest request) {
        HttpSession session = request.getSession(false);
        if (session == null) return;
        session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
    }

    protected void handle(HttpServletResponse response, Authentication authentication) throws IOException {
        if (response.isCommitted()) {
            log.debug("Response has already been committed.");
            return;
        }
        User sysUser = (User) authentication.getPrincipal();
        sysUser.setClazz(authentication.getClass());
        //AuthenticationAdapter authenticationAdapter=AuthenticationAdapter.authentication2AuthenticationAdapter(authentication);
        String authOfjson = jacksonObjectMapper.writeValueAsString(sysUser);
        String subject = UUID.randomUUID().toString();
        String authOfjwt = JWTHS256.buildJWT(subject, authOfjson);
        response.addHeader("jwt", authOfjwt);
        //跨域时允许header携带jwt
        response.addHeader("Access-Control-Expose-Headers" ,"jwt");
        redisTemplate.boundValueOps(SecurityConstants.getJwtKey(subject)).set("w", 60, TimeUnit.MINUTES);
        //---------互踢start-------------
        // 在缓存中传入key="R_V_USERIDLOGINKEY_" + userId + "_LOGIN",value=SecurityConstants.getJwtKey(subject),有新登录时如果用户一样则把缓存里之前的jwt删除,这个:(redisTemplate.boundValueOps(SecurityConstants.getJwtKey(subject)).set("w", 60, TimeUnit.MINUTES);)
        log.info("设置jwt,并在缓存中传入:{}",SecurityConstants.getJwtKey(subject));
        String uuid = (String) redisTemplate.opsForValue().get(RedisKey.getUserIdKey(sysUser.getId()));
        log.info("查询原有jwt:{}",uuid);
        if(!SecurityConstants.getJwtKey(subject).equals(uuid)&& Objects.nonNull(uuid)){
            assert uuid != null;
            redisTemplate.delete(uuid);
            log.info("删除原有jwt:{}",uuid);
        }
        redisTemplate.opsForValue().set(RedisKey.getUserIdKey(sysUser.getId()), SecurityConstants.getJwtKey(subject),60, TimeUnit.MINUTES);
        log.info("在缓存里塞入新jwt:{}",SecurityConstants.getJwtKey(subject));
        //---------互踢end----------------------
        response.setContentType("application/json;charset=utf-8");
        PrintWriter out = response.getWriter();

        User returnSysUser = new User();
        returnSysUser
                .setName(sysUser.getName())
                .setCurrentOrg(sysUser.getCurrentOrg())
                .setOrgIdMapRoleList(sysUser.getOrgIdMapRoleList())
                .setCurrentMenuList(sysUser.getCurrentMenuList())
                .setOrgList(sysUser.getOrgList());

        out.write(jacksonObjectMapper.writeValueAsString(new ReturnObject<>(this.getClass().getName(), ConstantOfReturnCode.GLOBAL_RESULT_SUCESS, "登录成功", returnSysUser)));
        out.flush();
        out.close();
    }
}
package com.lc.gansu.security.component.jwt;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.lc.gansu.framework.core.RedisKey;
import com.lc.gansu.security.component.SecurityConstants;
import com.lc.gansu.security.domain.User;
import com.lc.gansu.security.utility.JWTHS256;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.context.HttpRequestResponseHolder;
import org.springframework.security.web.context.SecurityContextRepository;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.TimeUnit;

@Slf4j
public class JwtSecurityContextRepository implements SecurityContextRepository {
    protected final Log logger = LogFactory.getLog(this.getClass());

    private final RedisTemplate<String, Object> redisTemplate;
    private final ObjectMapper jacksonObjectMapper;

    public JwtSecurityContextRepository(RedisTemplate<String, Object> redisTemplate, ObjectMapper jacksonObjectMapper) {
        this.redisTemplate = redisTemplate;
        this.jacksonObjectMapper = jacksonObjectMapper;
    }

    @Override
    public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
        HttpServletRequest request = requestResponseHolder.getRequest();
        return readSecurityContextFromJWT(request);
    }

    @Override
    public void saveContext(SecurityContext context, HttpServletRequest request, HttpServletResponse response) {
    }

    @Override
    public boolean containsContext(HttpServletRequest request) {
        return false;
    }

    private SecurityContext readSecurityContextFromJWT(HttpServletRequest request) {
        SecurityContext context = generateNewContext();
        String authenticationOfjwt = request.getHeader("jwt");
        if (StringUtils.isNotBlank(authenticationOfjwt)) {
            try {
                Map<String, Object> map = JWTHS256.vaildToken(authenticationOfjwt);
                if (Objects.nonNull(map) && map.size() == 2) {
                    String subject = (String) map.get("subject");
                    Boolean isExp = redisTemplate.hasKey(SecurityConstants.getJwtKey(subject));
                    if (Objects.nonNull(isExp) && isExp) {//redis key 未过期
                        redisTemplate.expire(SecurityConstants.getJwtKey(subject), 60, TimeUnit.MINUTES);//延期
                        String obj = (String) map.get("claim");
                        //AuthenticationAdapter authenticationAdapter=jacksonObjectMapper.readValue(obj, new TypeReference<>(){});
                        //Authentication authentication=AuthenticationAdapter.authenticationAdapter2Authentication(authenticationAdapter);
                        //Authentication authentication=jacksonObjectMapper.readValue(obj, new TypeReference<>(){});
                        //Authentication authentication=jacksonObjectMapper.readValue(obj,Authentication.class);
                        User sysUser = jacksonObjectMapper.readValue(obj, new TypeReference<User>() {
                        });
                        Authentication authentication = new UsernamePasswordAuthenticationToken(sysUser, null, sysUser.getAuthorities());
                        context.setAuthentication(authentication);
                        //-----互踢start-------
                        if(Objects.nonNull(RedisKey.getUserIdKey(sysUser.getId()))) redisTemplate.expire(RedisKey.getUserIdKey(sysUser.getId()), 60, TimeUnit.MINUTES);
                        //-----互踢end---------
                        //if(obj instanceof Authentication){
                        //context.setAuthentication((Authentication)obj);
                        //}else log.error("jwt包含authentication的数据非法");
                    } else log.error("jwt数据过期");
                } else log.error("jwt数据非法");
            } catch (Exception e) {
                e.printStackTrace();
                logger.error(e.getLocalizedMessage());
            }
        } else {
            if (logger.isDebugEnabled()) {
                logger.debug("No JWT was available from the HttpServletRequestHeader!");
            }
        }
        return context;
    }

    protected SecurityContext generateNewContext() {
        return SecurityContextHolder.createEmptyContext();
    }
}
package com.lc.gansu.framework.core;

/**
 * TODO
 *
 * @author songtianxiong
 * @version 1.0
 * @date 2021/11/16 19:15
 */
public class RedisKey {
    //线上投放计划反馈结果催办
    public static String getOlpmIdAndUserIdRedisKey(Long OlpmId, Long userId) {
        return "R_V_OLPMURGE_" + OlpmId + "_" + userId;
    }

    //催办
    public static String getOdpIdAndUserIdRedisKey(Long OdpId, Long userId) {
        return "R_V_ODPMURGE_" + OdpId + "_" + userId;
    }

    //催办
    public static String getJwtAndUrl(String jwt, String url) {
        return "R_V_REPEAT_" + jwt + "_" + url;
    }

    //用户登录互踢
    public static String getUserIdKey(Long userId) {
        return "R_V_USERIDLOGINKEY_" + userId + "_LOGIN";
    }
}

---------------------------关键词:互踢

关键代码:

//---------互踢start-------------
        // 在缓存中传入key="R_V_USERIDLOGINKEY_" + userId + "_LOGIN",value=SecurityConstants.getJwtKey(subject),有新登录时如果用户一样则把缓存里之前的jwt删除,这个:(redisTemplate.boundValueOps(SecurityConstants.getJwtKey(subject)).set("w", 60, TimeUnit.MINUTES);)
        log.info("设置jwt,并在缓存中传入:{}",SecurityConstants.getJwtKey(subject));
        String uuid = (String) redisTemplate.opsForValue().get(RedisKey.getUserIdKey(sysUser.getId()));
        log.info("查询原有jwt:{}",uuid);
        if(!SecurityConstants.getJwtKey(subject).equals(uuid)&& Objects.nonNull(uuid)){
            assert uuid != null;
            redisTemplate.delete(uuid);
            log.info("删除原有jwt:{}",uuid);
        }
        redisTemplate.opsForValue().set(RedisKey.getUserIdKey(sysUser.getId()), SecurityConstants.getJwtKey(subject),60, TimeUnit.MINUTES);
        log.info("在缓存里塞入新jwt:{}",SecurityConstants.getJwtKey(subject));
        //---------互踢end----------------------
//-----互踢start-------
                        if(Objects.nonNull(RedisKey.getUserIdKey(sysUser.getId()))) redisTemplate.expire(RedisKey.getUserIdKey(sysUser.getId()), 60, TimeUnit.MINUTES);
                        //-----互踢end---------
//用户登录互踢
    public static String getUserIdKey(Long userId) {
        return "R_V_USERIDLOGINKEY_" + userId + "_LOGIN";
    }

以上是“如何使用springSecurity+jwt实现互踢功能”这篇文章的所有内容,感谢各位的阅读!相信大家都有了一定的了解,希望分享的内容对大家有所帮助,如果还想学习更多知识,欢迎关注亿速云行业资讯频道!

向AI问一下细节

免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。

AI