学会网站开发有什么好处,网页设计与制作课程教学总结,建设网站需要从哪方面考虑,目前哪些企业需要做网站建设的呢2019独角兽企业重金招聘Python工程师标准 要进行单设备登录#xff0c;在其他地点登录后#xff0c;本地的其他操作会被拦截返回登录界面。 原理就在于要在登录时在redis中存储Session,进行操作时要进行Session的比对。 具体实现#xff0c;假设我们的OAuth 2… 2019独角兽企业重金招聘Python工程师标准 要进行单设备登录在其他地点登录后本地的其他操作会被拦截返回登录界面。 原理就在于要在登录时在redis中存储Session,进行操作时要进行Session的比对。 具体实现假设我们的OAuth 2的登录调用接口如下 共享Session,User模块跟OAuth模块都要设置 Configuration
EnableRedisHttpSession
public class SessionConfig {} Feign Component
FeignClient(oauth-center)
public interface Oauth2Client {/*** 获取access_tokenbr* 这是spring-security-oauth2底层的接口类TokenEndpointbr** param parameters* return* see org.springframework.security.oauth2.provider.endpoint.TokenEndpoint*/PostMapping(path /api-o/oauth/token)MapString, Object postAccessToken(RequestParam MapString, String parameters);/*** 删除access_token和refresh_tokenbr* 认证中心的OAuth2Controller方法removeToken** param access_token*/DeleteMapping(path /api-o/remove_token)void removeToken(RequestParam(access_token) String access_token);} Controller /*** Created by Administrator on 2018/10/19.*/
Slf4j
RestController
public class UserTokenController {Autowiredprivate Oauth2Client oauth2Client;Resourceprivate RedisService redisServiceImpl;/*** 系统登陆br* 根据用户名登录br* 采用oauth2密码模式获取access_token和refresh_token** param loginParam* return*/PostMapping(/users-anon/sys/logins)public MapString, Object login(RequestBody LoginParam loginParam,HttpServletRequest request) {MapString, String parameters new HashMap();parameters.put(OAuth2Utils.GRANT_TYPE, password);parameters.put(OAuth2Utils.CLIENT_ID, system);
// parameters.put(OAuth2Utils.CLIENT_ID, system);parameters.put(client_secret, system);parameters.put(OAuth2Utils.SCOPE, app);
// parameters.put(username, username);// 为了支持多类型登录这里在username后拼装上登录类型parameters.put(username, loginParam.getUsername() | CredentialType.USERNAME.name());parameters.put(password, loginParam.getPassword());parameters.put(status,200);MapString, Object tokenInfo null;try {tokenInfo oauth2Client.postAccessToken(parameters);}catch (Exception e){e.printStackTrace();return ResponseUtils.getResult(500,login failed);}
// saveLoginLog(username, 用户名密码登陆, BlackIPAccessFilter.getIpAddress(request));return ResponseUtils.getDataResult(tokenInfo);}
} 加入Session的存储 /*** Created by Administrator on 2018/10/19.*/
Slf4j
RestController
public class UserTokenController {Autowiredprivate Oauth2Client oauth2Client;Resourceprivate RedisService redisServiceImpl;/*** 系统登陆br* 根据用户名登录br* 采用oauth2密码模式获取access_token和refresh_token** param loginParam* return*/ PostMapping(/users-anon/sys/logins)public MapString, Object login(RequestBody LoginParam loginParam, HttpServletRequest request) {MapString, String parameters new HashMap();parameters.put(OAuth2Utils.GRANT_TYPE, password);parameters.put(OAuth2Utils.CLIENT_ID, system);
// parameters.put(OAuth2Utils.CLIENT_ID, system);parameters.put(client_secret, system);parameters.put(OAuth2Utils.SCOPE, app);
// parameters.put(username, username);// 为了支持多类型登录这里在username后拼装上登录类型parameters.put(username, loginParam.getUsername() | CredentialType.USERNAME.name());parameters.put(password, loginParam.getPassword());parameters.put(status,200);MapString, Object tokenInfo null;try {tokenInfo oauth2Client.postAccessToken(parameters);HttpSession session request.getSession();String sessionId UUID.randomUUID().toString();//此处修改为共享Sessionsession.setAttribute(sessionId, sessionId);session.setAttribute(username,loginParam.getUsername());String key loginParam.getUsername() -onlyLogin;redisServiceImpl.set(key,sessionId);redisServiceImpl.expire(key,30 * 60);redisServiceImpl.hset(sessionHash,sessionId,loginParam.getUsername());}catch (Exception e){e.printStackTrace();return ResponseUtils.getResult(500,login failed);}
// saveLoginLog(username, 用户名密码登陆, BlackIPAccessFilter.getIpAddress(request));return ResponseUtils.getDataResult(tokenInfo);} } 配置拦截器 Slf4j
Component
public class RedisInterceptor extends HandlerInterceptorAdapter {Resourceprivate RedisService redisServiceImpl;Overridepublic void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, Nullable ModelAndView modelAndView) throws Exception {}Overridepublic void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Nullable Exception ex) throws Exception {}Overridepublic boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {HttpSession session request.getSession();//读取共享SessionString requestedSessionId (String) session.getAttribute(sessionId);String userName null;response.setCharacterEncoding(utf-8);response.setContentType(text/javascript;charsetutf-8);try {if (!StringUtils.isEmpty(requestedSessionId)) {userName redisServiceImpl.hget(sessionHash, requestedSessionId);}if (StringUtils.isEmpty(userName)) {response.getWriter().write({\message\:\请先登陆\});return false;} else {String cacheSessionId null;String sessionKey userName -onlyLogin;try {cacheSessionId redisServiceImpl.get(sessionKey);} catch (Exception e) {e.printStackTrace();}if (StringUtils.isEmpty(cacheSessionId)) {response.getWriter().write({\message\:\请先登陆\});return false;} else {if (!cacheSessionId.equals(requestedSessionId)) {response.getWriter().write({\message\:\您的账号已在别处登陆,请重新登陆\});return false;} else {redisServiceImpl.expire(sessionKey, 30 * 60);return super.preHandle(request, response, handler);}}}}catch (Exception e) {e.printStackTrace();}response.getWriter().write({\message\:\服务器忙\});return false;}
} 拦截器就是为了获取每次的Session并且跟redis中的session进行比对如果session不同则进行拦截。 Configuration
public class RedisSessionConfig extends WebMvcConfigurerAdapter {Autowiredprivate RedisInterceptor redisInterceptor;Overridepublic void addInterceptors(InterceptorRegistry registry) {registry.addInterceptor(redisInterceptor).excludePathPatterns(/**/users-anon/**).excludePathPatterns(/api-o/oauth/token);super.addInterceptors(registry);}
} 这里要配置对登录的url以及feign的url进行放行则可以对多地点登录时使之前的登录无法操作。 转载于:https://my.oschina.net/u/3768341/blog/2885756
