SSM与Shiro、Redis集成实现分布式session管理(三)—— session设置

版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/money9sun/article/details/86605010

       经过前两章,我们已经将ssm与shiro配置完毕,现在添加redis的工具类

    

@Component
public class RedisUtil {
    private RedisTemplate<Serializable, Object> redisTemplate;

    /**
     * 批量删除对应的value
     *
     * @param keys
     */
    public void remove(final String... keys) {
        for (String key : keys) {
            remove(key);
        }
    }

    /**
     * 批量删除key
     *
     * @param pattern
     */
    public void removePattern(final String pattern) {
        Set<Serializable> keys = redisTemplate.keys(pattern);
        if (keys.size() > 0)
            redisTemplate.delete(keys);
    }

    /**
     * 删除对应的value
     *
     * @param key
     */
    public void remove(final String key) {
        if (exists(key)) {
            redisTemplate.delete(key);
        }
    }

    /**
     * 判断缓存中是否有对应的value
     *
     * @param key
     * @return
     */
    public boolean exists(final String key) {
        return redisTemplate.hasKey(key);
    }

    /**
     * 读取缓存
     *
     * @param key
     * @return
     */
    public Object get(final String key) {
        Object result = null;
        ValueOperations<Serializable, Object> operations = redisTemplate
                .opsForValue();
        result = operations.get(key);
        return result;
    }

    /**
     * 写入缓存
     *
     * @param key
     * @param value
     * @return
     */
    public boolean set(final String key, Object value) {
        boolean result = false;
        try {
            ValueOperations<Serializable, Object> operations = redisTemplate
                    .opsForValue();
            operations.set(key, value);
            result = true;
        } catch (Exception e) {
            e.printStackTrace();
        }
        return result;
    }

    /**
     * 写入缓存
     *
     * @param key
     * @param value
     * @return
     */
    public boolean set(final String key, Object value, Long expireTime) {
        boolean result = false;
        try {
            ValueOperations<Serializable, Object> operations = redisTemplate
                    .opsForValue();
            operations.set(key, value);
            redisTemplate.expire(key, expireTime, TimeUnit.SECONDS);
            result = true;
        } catch (Exception e) {
            e.printStackTrace();
        }
        return result;
    }

    public void setRedisTemplate(
            RedisTemplate<Serializable, Object> redisTemplate) {
        this.redisTemplate = redisTemplate;
    }
}

  为了让redis帮我们管理session 需要在登陆成功之后将session写入redis中,我们修改一下登陆的方法

//登录
@RequestMapping(value = "/login",method = RequestMethod.POST)
public R webLogin(@RequestBody Map<String, String> parameters){
    Map<String,Object> map = new HashMap<>();
    String newPassword = PasswordUtil.encodePwd(parameters.get("password"));
    UsernamePasswordToken token = new UsernamePasswordToken(parameters.get("userName"),newPassword);
    Subject subject = SecurityUtils.getSubject();
    try{
        subject.login(token);
        String loginToken = validateSucceed(null, new SsoUser(parameters.get("userName"), newPassword), false);
        map.put("token",loginToken);
        return R.ok(map);
    }catch (Exception e){
        e.printStackTrace();
        return R.error(R.CODE_LOGIN_ERROR,"用户名或者密码错误");
    }
}
private String validateSucceed(String backUrl, SsoUser ssoUser, boolean rememberMe) throws Exception {
    // 生成vt
    String token = UUID.randomUUID().toString().replace("-", "").toLowerCase();
    // 添加vtcookie
    CookieUtil.setCookie(httpServletRequest, httpServletResponse, "vt", token, true);
    // 添加vt用户到redis
    //redisService.set(vt, MAPPER.writeValueAsString(ssoUser), loginConfig.getVtRedisMaxTime());
    String userString = JSON.toJSONString(ssoUser);
    redisUtil.set(token,userString, 1800l); // 30分钟的有效时间 通过redis来模拟管理session信息
    logger.info("new token={}", token);
    return token;
}

上面的代码比较容易理解,就是先生成一个token ,存入cookie的同时 存入redis然后返回前台

最后一步,要修改shiro的过滤器,在登陆验证的时候不走shiro的session而是走redis

public class ClientAuthenticationFilter extends OncePerRequestFilter {

    private static final Logger LOGGER = LoggerFactory.getLogger(ClientAuthenticationFilter.class);

    private RedisUtil redisUtil;

    @Override
    protected void doFilterInternal(ServletRequest request, ServletResponse response
            , FilterChain filterChain) throws ServletException, IOException {
        redisUtil = (RedisUtil)SpringContextUtil.getBean("redisUtil");
        // 1、 从cookie中获取   2、从header中获取token  3、从参数中获取token
        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
        HttpServletResponse httpServletResponse = (HttpServletResponse) response;
        UserThreadLocal.clear();
        String vt = null;
        LOGGER.info("ClientAuthenticationFilter doFilterInternal, url : {}", httpServletRequest.getRequestURL());

        // 开始登录状态验证
        vt = CookieUtil.getCookieValue(httpServletRequest, "vt", true);
        LOGGER.info("ClientAuthenticationFilter doFilterInternal, vt : {}", vt);

        if(vt == null) {  // 如果cookie里面没有 就从请求头中获取token
            vt = httpServletRequest.getHeader("token");
        }

        if (StringUtils.isNotEmpty(vt)) {
            /* cookie有效,接下来判断是否超时 */
            String user = (String) redisUtil.get(vt);
            // 如果不为空 则表示没有超时
            if (StringUtils.isNotBlank(user)) {
                SsoUser ssoUser = JSON.parseObject(user, SsoUser.class);
                // 将用户重新设置时间
                redisUtil.set(vt,user, 1800l);
                LOGGER.info("logincheck success !");
                // shiro验证权限
                Subject subject = SecurityUtils.getSubject();
                UsernamePasswordToken token = new UsernamePasswordToken(ssoUser.getAccount(), ssoUser.getPassword());
                subject.login(token);

                filterChain.doFilter(httpServletRequest, httpServletResponse);
            }else{
                // session 超时需要重新登陆
                Map<String, Object> resultMap = new HashMap<>();
                resultMap.put("status", false);
                resultMap.put("code", R.CODE_LOGIN_TIMEOUT);
                resultMap.put("timeout", "timeout");
                resultMap.put("msg" , "timeout");
                String resultString = JSON.toJSONString(resultMap);
                httpServletResponse.setContentType("application/json; charset=utf-8");
                httpServletResponse.setHeader("Access-Control-Allow-Origin","*");
                PrintWriter writer = httpServletResponse.getWriter();
                writer.print(resultString);
                writer.flush();
                writer.close();
            }
        } else { // 没有登陆
 Map<String, Object> resultMap = new HashMap<>(); resultMap.put("status", false); resultMap.put("code", R.CODE_LOGIN_NO); resultMap.put("timeout", "no"); resultMap.put("msg" , "not login"); String resultString = JSON.toJSONString(resultMap); httpServletResponse.setContentType("application/json; charset=utf-8"); httpServletResponse.setHeader("Access-Control-Allow-Origin","*"); PrintWriter writer = httpServletResponse.getWriter(); writer.print(resultString); writer.flush(); writer.close();
        }
    }
}

修改shiro 的配置文件 加入红色的这行

HashMap<String, Filter> myFilters = new HashMap<>();
myFilters.put("authc", new ClientAuthenticationFilter());
shiroFilterFactoryBean.setFilters(myFilters);

其他不用修改 这样就完成了分布式session的交由redis管理的工作,代码会在后期发到git上

猜你喜欢

转载自blog.csdn.net/money9sun/article/details/86605010
今日推荐