Commit 129ed8d3 authored by maqing's avatar maqing

会话不失效

parent e4925b28
package com.hungraim.ltc.controller; package com.hungraim.ltc.controller;
import com.hungraim.ltc.redis.RedisCache; import com.alibaba.fastjson.JSONObject;
import com.hungraim.ltc.util.CsoftSecurityUtil; import com.hungraim.ltc.util.CsoftSecurityUtil;
import com.hungraim.ltc.util.Result; import com.hungraim.ltc.util.Result;
import lombok.AllArgsConstructor; import lombok.AllArgsConstructor;
import lombok.SneakyThrows; import lombok.SneakyThrows;
import org.springframework.data.redis.core.RedisTemplate; import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.core.Authentication; import org.springframework.security.jwt.JwtHelper;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.endpoint.TokenEndpoint; import org.springframework.security.oauth2.provider.endpoint.TokenEndpoint;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.web.HttpRequestMethodNotSupportedException;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.security.Principal; import java.security.Principal;
import java.util.HashMap;
import java.util.Map; import java.util.Map;
import java.util.concurrent.TimeUnit;
/** /**
* 认证中心 * 认证中心
...@@ -32,8 +24,7 @@ import java.util.concurrent.TimeUnit; ...@@ -32,8 +24,7 @@ import java.util.concurrent.TimeUnit;
@AllArgsConstructor @AllArgsConstructor
public class AuthController { public class AuthController {
private final RedisTemplate redisTemplate;
private final RedisCache redisCache;
private final TokenEndpoint tokenEndpoint; private final TokenEndpoint tokenEndpoint;
@PostMapping("/token") @PostMapping("/token")
...@@ -43,8 +34,6 @@ public class AuthController { ...@@ -43,8 +34,6 @@ public class AuthController {
String decrypt = CsoftSecurityUtil.decryptRSADefault(password); String decrypt = CsoftSecurityUtil.decryptRSADefault(password);
parameters.put("password", decrypt); parameters.put("password", decrypt);
OAuth2AccessToken oAuth2AccessToken = tokenEndpoint.postAccessToken(principal, parameters).getBody(); OAuth2AccessToken oAuth2AccessToken = tokenEndpoint.postAccessToken(principal, parameters).getBody();
// redisCache.setCacheObject("token", oAuth2AccessToken.getValue());
return Result.success(oAuth2AccessToken); return Result.success(oAuth2AccessToken);
} }
...@@ -58,8 +47,11 @@ public class AuthController { ...@@ -58,8 +47,11 @@ public class AuthController {
return Result.success(keyMap.get(0).toString()); return Result.success(keyMap.get(0).toString());
} }
@GetMapping("/logout") @PostMapping("/logout")
public Result doLogout(){ public Result doLogout(String access_token){
String claims = JwtHelper.decode(access_token).getClaims();
String jti = (String)JSONObject.parseObject(claims).get("jti");
redisTemplate.opsForValue().set(jti,access_token);
return Result.success(); return Result.success();
} }
......
...@@ -35,14 +35,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { ...@@ -35,14 +35,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
.authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll() .authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
.and() .and()
.authorizeRequests() .authorizeRequests()
.antMatchers("/getPublicKey","/oauth/*","/logout").permitAll() .antMatchers("/getPublicKey","/oauth/**").permitAll()
.anyRequest().authenticated(); .anyRequest().authenticated();
http.logout()
.logoutSuccessUrl("http://localhost:8000/oauth/logout")
.invalidateHttpSession(true)
.clearAuthentication(true)
.permitAll();
http.formLogin();
} }
/** /**
......
package com.hungraim.ltc.redis;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.BoundSetOperations;
import org.springframework.data.redis.core.HashOperations;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.core.ValueOperations;
import org.springframework.stereotype.Component;
import java.util.*;
import java.util.concurrent.TimeUnit;
/**
* @author mq
*/
@SuppressWarnings(value = { "unchecked", "rawtypes" })
@Component
public class RedisCache
{
@Autowired
public RedisTemplate redisTemplate;
/**
* 缓存基本的对象,Integer、String、实体类等
*
* @param key 缓存的键值
* @param value 缓存的值
*/
public <T> void setCacheObject(final String key, final T value)
{
redisTemplate.opsForValue().set(key, value);
}
/**
* 缓存基本的对象,Integer、String、实体类等
*
* @param key 缓存的键值
* @param value 缓存的值
* @param timeout 时间
* @param timeUnit 时间颗粒度
*/
public <T> void setCacheObject(final String key, final T value, final Integer timeout, final TimeUnit timeUnit)
{
redisTemplate.opsForValue().set(key, value, timeout, timeUnit);
}
/**
* 设置有效时间
*
* @param key Redis键
* @param timeout 超时时间
* @return true=设置成功;false=设置失败
*/
public boolean expire(final String key, final long timeout)
{
return expire(key, timeout, TimeUnit.SECONDS);
}
/**
* 设置有效时间
*
* @param key Redis键
* @param timeout 超时时间
* @param unit 时间单位
* @return true=设置成功;false=设置失败
*/
public boolean expire(final String key, final long timeout, final TimeUnit unit)
{
return redisTemplate.expire(key, timeout, unit);
}
/**
* 获得缓存的基本对象。
*
* @param key 缓存键值
* @return 缓存键值对应的数据
*/
public <T> T getCacheObject(final String key)
{
ValueOperations<String, T> operation = redisTemplate.opsForValue();
return operation.get(key);
}
/**
* 删除单个对象
*
* @param key
*/
public boolean deleteObject(final String key)
{
return redisTemplate.delete(key);
}
/**
* 删除集合对象
*
* @param collection 多个对象
* @return
*/
public long deleteObject(final Collection collection)
{
return redisTemplate.delete(collection);
}
/**
* 缓存List数据
*
* @param key 缓存的键值
* @param dataList 待缓存的List数据
* @return 缓存的对象
*/
public <T> long setCacheList(final String key, final List<T> dataList)
{
Long count = redisTemplate.opsForList().rightPushAll(key, dataList);
return count == null ? 0 : count;
}
/**
* 获得缓存的list对象
*
* @param key 缓存的键值
* @return 缓存键值对应的数据
*/
public <T> List<T> getCacheList(final String key)
{
return redisTemplate.opsForList().range(key, 0, -1);
}
/**
* 缓存Set
*
* @param key 缓存键值
* @param dataSet 缓存的数据
* @return 缓存数据的对象
*/
public <T> BoundSetOperations<String, T> setCacheSet(final String key, final Set<T> dataSet)
{
BoundSetOperations<String, T> setOperation = redisTemplate.boundSetOps(key);
Iterator<T> it = dataSet.iterator();
while (it.hasNext())
{
setOperation.add(it.next());
}
return setOperation;
}
/**
* 获得缓存的set
*
* @param key
* @return
*/
public <T> Set<T> getCacheSet(final String key)
{
return redisTemplate.opsForSet().members(key);
}
/**
* 缓存Map
*
* @param key
* @param dataMap
*/
public <T> void setCacheMap(final String key, final Map<String, T> dataMap)
{
if (dataMap != null) {
redisTemplate.opsForHash().putAll(key, dataMap);
}
}
/**
* 获得缓存的Map
*
* @param key
* @return
*/
public <T> Map<String, T> getCacheMap(final String key)
{
return redisTemplate.opsForHash().entries(key);
}
/**
* 往Hash中存入数据
*
* @param key Redis键
* @param hKey Hash键
* @param value 值
*/
public <T> void setCacheMapValue(final String key, final String hKey, final T value)
{
redisTemplate.opsForHash().put(key, hKey, value);
}
/**
* 获取Hash中的数据
*
* @param key Redis键
* @param hKey Hash键
* @return Hash中的对象
*/
public <T> T getCacheMapValue(final String key, final String hKey)
{
HashOperations<String, String, T> opsForHash = redisTemplate.opsForHash();
return opsForHash.get(key, hKey);
}
/**
* 删除Hash中的数据
*
* @param key
* @param hkey
*/
public void delCacheMapValue(final String key, final String hkey)
{
HashOperations hashOperations = redisTemplate.opsForHash();
hashOperations.delete(key, hkey);
}
/**
* 获取多个Hash中的数据
*
* @param key Redis键
* @param hKeys Hash键集合
* @return Hash对象集合
*/
public <T> List<T> getMultiCacheMapValue(final String key, final Collection<Object> hKeys)
{
return redisTemplate.opsForHash().multiGet(key, hKeys);
}
/**
* 获得缓存的基本对象列表
*
* @param pattern 字符串前缀
* @return 对象列表
*/
public Collection<String> keys(final String pattern)
{
return redisTemplate.keys(pattern);
}
}
\ No newline at end of file
...@@ -56,6 +56,13 @@ ...@@ -56,6 +56,13 @@
<groupId>org.springframework.security</groupId> <groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-resource-server</artifactId> <artifactId>spring-security-oauth2-resource-server</artifactId>
</dependency> </dependency>
<!--jwt-->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-jwt</artifactId>
<version>1.0.9.RELEASE</version>
<scope>compile</scope>
</dependency>
</dependencies> </dependencies>
......
...@@ -51,7 +51,7 @@ public class ResourceServerConfig { ...@@ -51,7 +51,7 @@ public class ResourceServerConfig {
http.oauth2ResourceServer().jwt() http.oauth2ResourceServer().jwt()
.jwtAuthenticationConverter(jwtAuthenticationConverter()); .jwtAuthenticationConverter(jwtAuthenticationConverter());
http.authorizeExchange() http.authorizeExchange()
.pathMatchers("/api/oauth/token","/oauth/token","/oauth/*","/api/oauth/genKeyPair","/logout").permitAll() .pathMatchers("/api/oauth/token","/oauth/**","/api/oauth/genKeyPair").permitAll()
.anyExchange().access(authorizationManager) .anyExchange().access(authorizationManager)
.and() .and()
.exceptionHandling() .exceptionHandling()
......
...@@ -3,8 +3,8 @@ package com.hungraim.ltc.gateway.security; ...@@ -3,8 +3,8 @@ package com.hungraim.ltc.gateway.security;
import cn.hutool.core.convert.Convert; import cn.hutool.core.convert.Convert;
import cn.hutool.core.util.StrUtil; import cn.hutool.core.util.StrUtil;
import com.alibaba.fastjson.JSONObject;
import com.hungraim.ltc.constant.AuthConstants; import com.hungraim.ltc.constant.AuthConstants;
import com.hungraim.ltc.redis.RedisCache;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.RedisTemplate; import org.springframework.data.redis.core.RedisTemplate;
...@@ -14,6 +14,7 @@ import org.springframework.security.authorization.AuthorizationDecision; ...@@ -14,6 +14,7 @@ import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.authorization.ReactiveAuthorizationManager; import org.springframework.security.authorization.ReactiveAuthorizationManager;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.jwt.JwtHelper;
import org.springframework.security.web.server.authorization.AuthorizationContext; import org.springframework.security.web.server.authorization.AuthorizationContext;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import org.springframework.util.AntPathMatcher; import org.springframework.util.AntPathMatcher;
...@@ -66,12 +67,13 @@ public class AuthorizationManager implements ReactiveAuthorizationManager<Author ...@@ -66,12 +67,13 @@ public class AuthorizationManager implements ReactiveAuthorizationManager<Author
log.info("请求token为空拒绝访问,path={}", path); log.info("请求token为空拒绝访问,path={}", path);
return Mono.just(new AuthorizationDecision(false)); return Mono.just(new AuthorizationDecision(false));
} }
String claims = JwtHelper.decode(token).getClaims();
// String tokenRedis = redisCache.getCacheObject("token"); String jti = (String) JSONObject.parseObject(claims).get("jti");
// if (StrUtil.isBlank(tokenRedis)) { String acc_token = (String) redisTemplate.opsForValue().get(jti);
// log.info("请求token为空拒绝访问,path={}", path); if (StrUtil.isBlank(acc_token)) {
// return Mono.just(new AuthorizationDecision(false)); log.info("请求token为空拒绝访问,path={}", path);
// } return Mono.just(new AuthorizationDecision(false));
}
// 从缓存取资源权限角色关系列表 // 从缓存取资源权限角色关系列表
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment