1. Demand analysis
If you often use Tencent QQ, you will find that its login has the following characteristics: it can be online at the same time on your mobile phone and computer, but you cannot log in to one account on two mobile phones at the same time.
Mutually exclusive login on the same terminal refers to: like Tencent QQ, only single-site login is allowed on the same type of device, and simultaneous online is allowed on different types of devices.
Dynamic demo diagram:
> Sa-Token is a lightweight java authority authentication framework, which mainly solves a series of authority-related issues such as login authentication, authority authentication, single sign-on, OAuth2, and microservice gateway authentication. > Gitee open source address: https://gitee.com/dromara/sa-token
This article will introduce how to implement the following login strategies in Sa-Token:
- Single-login: refers to an account that can only be logged in at one place at a time, and new logins will crowd out old ones. It can also be called: single-ported login.
- Multi-login: It means that an account can log in in different places at the same time, and the new login will coexist with the old login. It can also be called: multi-terminal login.
- Mutually exclusive login on the same terminal: Only single-site login is allowed on the same type of device, and simultaneous online access is allowed on different types of devices. Refer to the login mode of Tencent QQ: mobile phones and computers can be online at the same time, but two mobile phones cannot be online at the same time.
Correspondingly, the logout strategy will also be divided into the following types:
- Single-Ended Logout: Logout only on the end that calls exit.
- All terminal logout: logout at one terminal, all terminals go offline.
- Logout on the same terminal: For example, if you log off all mobile terminals, the PC terminal will not be affected.
2. Multiple logins
This mode is relatively simple, and the default mode of Sa-Token is the multi-location login mode.
1. First introduce the Sa-Token dependency:
<!-- Sa-Token 权限认证 -->
<dependency>
<groupid>cn.dev33</groupid>
<artifactid>sa-token-spring-boot-starter</artifactid>
<version>1.34.0</version>
</dependency>
Note: If you are using SpringBoot 3.x
, just sa-token-spring-boot-starter
change to sa-token-spring-boot3-starter
.
2. Write the account id into the session when the user logs in
@RestController
@RequestMapping("/user/")
public class UserController {
@RequestMapping("doLogin")
public SaResult doLogin(String username, String password) {
// 此处仅作示例模拟,真实项目需要从数据库中查询数据进行比对
if("zhang".equals(username) && "123456".equals(password)) {
StpUtil.login(10001);
return SaResult.ok("登录成功");
}
return SaResult.ok("登录失败");
}
}
Startup class:
@SpringBootApplication
public class SaTokenDemoApplication {
public static void main(String[] args) {
SpringApplication.run(SaTokenDemoApplication.class, args);
System.out.println("\n启动成功:Sa-Roken 配置如下:" + SaManager.getConfig());
}
}
As in the above code, when multiple people log in to the same account, no processing will be done on the old sessions, and the same account can log in at any location without affecting each other.
3. If you want to log out all terminals, you can call logout
the method:
// 会话注销
@RequestMapping("logout")
public SaResult logout() {
StpUtil.logout();
return SaResult.ok("退出登录成功");
}
After calling the above method to log out, all terminals of the current account will go offline together.
4. Single-ended logout
If you want to log out only one end, you can is-share
configure the value in the configuration file to false
sa-token:
is-share: false
The meaning of this configuration item is: when multiple people log in to the same account, whether to share a Token.
- When true: All logins share a Token.
- When false: Create a new Token each time you log in.
After this value is false, a different Token will be returned for each login. Correspondingly, the call StpUtil.logout()
will only log out the current Token, and other terminals will not be affected.
3. Single sign-on
The point of single login is to change the yml configuration file:
sa-token:
is-concurrent: false
is-concurrent
The meaning of is whether to allow the same account to log in concurrently:
- When true: Allow login together.
- When false: new logins crowd out old logins.
Other codes are the same as [multiple logins]. When we log in to the same account in two browsers, the old session will access the system again and we will get the following prompt:
{
"code": 401,
"msg": "Token 已被顶下线",
"data": null
}
In the single sign-on mode, there is no logout policy problem, because an account can be online on at most one device at a time, and as long as the logout is invoked, all terminals must be offline.
4. Mutually exclusive login at the same end
Well, it's finally the protagonist's turn to play. Mutual exclusive login on the same terminal allows us to 腾讯QQ
only allow single-site login on the same type of device, and allow simultaneous online on different types of devices.
So how to achieve mutually exclusive login at the same end in Sa-Token? <br>
First of 单地登录
all, in the configuration file, sa-token.is-concurrent
configure as false
, and then declare the device identity when calling related interfaces such as login:
1. Specify the device ID to log in
StpUtil.login(10001, "PC");
After calling this method to log in, the same device will be offline (different devices will not be affected), and NotLoginException
an exception will be thrown when accessing the system again, scene value=-4
scene value | corresponding constant | Meaning |
---|---|---|
-1 | NotLoginException.NOT_TOKEN | Failed to read Token from request |
-2 | NotLoginException.INVALID_TOKEN | The Token has been read, but the Token is invalid |
-3 | NotLoginException.TOKEN_TIMEOUT | The Token has been read, but the Token has expired |
-4 | NotLoginException.BE_REPLACED | The Token has been read, but the Token has been pushed offline |
-5 | NotLoginException.KICK_OUT | The Token has been read, but the Token has been kicked offline |
If the second parameter is filled with null or not filled, it means that the account id will be kicked offline from the online terminal, and an exception will be thrown when the kicked person accesses the system again NotLoginException
, scene value = -5
2. Query the currently logged-in device ID
StpUtil.getLoginDevice();
If no device type value is specified at login, calling this method will return the default value: default-device
.
3. The specified device type goes offline
Example of a business scenario: Control the offline of the PC on the mobile terminal (the mobile terminal itself is not affected)
StpUtil.logout(10001, "PC");
4. Full-terminal off-line
When calling logout
the method, if you do not fill in the specific device type, it will control all terminals to go offline by default.
StpUtil.logout(10001);
The above are the various schemes of the Sa-Token framework when dealing with login problems. It can be seen that whether it is simple multi-site login or complex same-end mutual exclusion login, Sa-Token has a complete solution.
References
- Sa-Token statement: https://sa-token.cc
- Gitee warehouse address: https://gitee.com/dromara/sa-token
- GitHub warehouse address: https://github.com/dromara/sa-token