Spring Security 之集群Session配置
1. 新建Maven项目 cluster-session
2. pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion>
<groupId>com.java</groupId>
<artifactId>cluster-session</artifactId>
<version>1.0.0</version> <parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.5.RELEASE</version>
</parent> <dependencies> <!-- Spring Boot -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-data-redis</artifactId>
</dependency> <dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
<version>2.0.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session</artifactId>
<version>1.3.5.RELEASE</version>
</dependency> <!-- 热部署 -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>springloaded</artifactId>
<version>1.2.8.RELEASE</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>provided</scope>
</dependency> </dependencies> <build>
<finalName>${project.artifactId}</finalName>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.8</source>
<target>1.8</target>
<encoding>UTF-8</encoding>
</configuration>
</plugin> <plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>repackage</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>
3. ClusterSessionStarter.java
package com.java; import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication; /**
* <blockquote><pre>
*
* 主启动类
*
* </pre></blockquote>
*
* @author Logan
*
*/
@SpringBootApplication
public class ClusterSessionStarter { public static void main(String[] args) {
SpringApplication.run(ClusterSessionStarter.class, args);
} }
4. SessionInformationExpiredStrategyImpl.java
package com.java.session; import java.io.IOException; import javax.servlet.ServletException;
import javax.utils.ResponseUtils; import org.springframework.security.web.session.SessionInformationExpiredEvent;
import org.springframework.security.web.session.SessionInformationExpiredStrategy; /**
* Session过期处理策略
*
* @author Logan
* @createDate 2019-02-14
* @version 1.0.0
*
*/
public class SessionInformationExpiredStrategyImpl implements SessionInformationExpiredStrategy { @Override
public void onExpiredSessionDetected(SessionInformationExpiredEvent event) throws IOException, ServletException { ResponseUtils.write(event.getResponse(), "你的账号在另一地点被登录");
} }
5. ApplicationContextConfig.java
package com.java.config; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession; /**
* 配置文件类
*
* @author Logan
* @createDate 2019-02-14
* @version 1.0.0
*
*/
@Configuration
@EnableRedisHttpSession(maxInactiveIntervalInSeconds = 1800)
public class ApplicationContextConfig { /**
* 配置密码编码器,Spring Security 5.X必须配置,否则登录时报空指针异常
*/
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
} }
6. LoginConfig.java
package com.java.config; import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import com.java.session.SessionInformationExpiredStrategyImpl; /**
* 登录相关配置
*
* @author Logan
* @createDate 2019-02-14
* @version 1.0.0
*
*/
@Configuration
public class LoginConfig extends WebSecurityConfigurerAdapter { @Override
protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() // 设置不需要授权的请求
.antMatchers("/js/*", "/login.html").permitAll() // 其它任何请求都需要验证权限
.anyRequest().authenticated() // 设置自定义表单登录页面
.and().formLogin().loginPage("/login.html") // 设置登录验证请求地址为自定义登录页配置action ("/login/form")
.loginProcessingUrl("/login/form") // 设置默认登录成功跳转页面
.defaultSuccessUrl("/main.html") /* session 管理 */
.and().sessionManagement() // 设置Session失效跳转页面
.invalidSessionUrl("/login.html") // 设置最大Session数为1
.maximumSessions(1) // 设置Session过期处理策略
.expiredSessionStrategy(new SessionInformationExpiredStrategyImpl()).and() // 暂时停用csrf,否则会影响验证
.and().csrf().disable();
} }
7. SecurityUserDetailsService.java
package com.java.service; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Component; /**
* UserDetailsService实现类
*
* @author Logan
* @createDate 2019-02-14
* @version 1.0.0
*
*/
@Component
public class SecurityUserDetailsService implements UserDetailsService { @Autowired
private PasswordEncoder passwordEncoder; @Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { // 数据库存储密码为加密后的密文(明文为123456)
String password = passwordEncoder.encode("123456"); System.out.println("username: " + username);
System.out.println("password: " + password); // 模拟查询数据库,获取属于Admin和Normal角色的用户
User user = new User(username, password, AuthorityUtils.commaSeparatedStringToAuthorityList("Admin,Normal")); return user;
} }
8. ResponseUtils.java
package javax.utils; import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.io.PrintWriter;
import java.net.URLEncoder; import javax.servlet.http.HttpServletResponse; import com.fasterxml.jackson.databind.ObjectMapper; /**
* HTTP 输出响应内容工具类
*
* @author Logan
* @createDate 2019-02-14
* @version 1.0.0
*
*/
public class ResponseUtils { /**
* 发送HTTP响应信息
*
* @param response HTTP响应对象
* @param message 信息内容
* @throws IOException 抛出异常,由调用者捕获处理
*/
public static void write(HttpServletResponse response, String message) throws IOException {
response.setContentType("text/html;charset=UTF-8"); try (
PrintWriter writer = response.getWriter();
) {
writer.write(message);
writer.flush();
}
} /**
* 发送HTTP响应信息,JSON格式
*
* @param response HTTP响应对象
* @param message 输出对象
* @throws IOException 抛出异常,由调用者捕获处理
*/
public static void write(HttpServletResponse response, Object message) throws IOException {
response.setContentType("application/json;charset=UTF-8");
ObjectMapper mapper = new ObjectMapper(); try (
PrintWriter writer = response.getWriter();
) {
writer.write(mapper.writeValueAsString(message));
writer.flush();
}
} /**
* 下载文件
*
* @param response HTTP响应对象
* @param message 输出对象
* @throws IOException 抛出异常,由调用者捕获处理
*/
public static void write(HttpServletResponse response, File file) throws IOException {
String fileName = file.getName();
try (
OutputStream out = response.getOutputStream();
FileInputStream in = new FileInputStream(file);
) { // 对文件名进行URL转义,防止中文乱码
fileName = URLEncoder.encode(fileName, "UTF-8"); // 空格用URLEncoder.encode转义后会变成"+",所以要替换成"%20",浏览器会解码回空格
fileName = fileName.replace("+", "%20"); // "+"用URLEncoder.encode转义后会变成"%2B",所以要替换成"+",浏览器不对"+"进行解码
fileName = fileName.replace("%2B", "+");
response.setContentType("application/x-msdownload;charset=UTF-8");
response.setHeader("Content-Disposition", "attachment; filename=" + fileName); byte[] bytes = new byte[4096];
int len = -1;
while ((len = in.read(bytes)) != -1) {
out.write(bytes, 0, len);
}
out.flush();
}
} }
9. application.properties
server.port=8080
server.servlet.session.timeout=600 spring.session.store-type=redis # REDIS (RedisProperties)
# Redis数据库索引(默认为0)
spring.redis.database=0 # Redis服务器地址
spring.redis.host=192.168.32.10 # Redis服务器连接端口
spring.redis.port=6379 # Redis服务器连接密码(默认为空)
spring.redis.password=redis123. # 连接池最大连接数(使用负值表示没有限制)
spring.redis.jedis.pool.max-active=10 # 连接池最大阻塞等待时间(使用负值表示没有限制)
spring.redis.jedis.pool.max-wait=-1 # 连接池中的最大空闲连接
spring.redis.jedis.pool.max-idle=5 # 连接池中的最小空闲连接
spring.redis.jedis.pool.min-idle=0 # 连接超时时间(毫秒)
spring.redis.timeout=10000 spring.cache.redis.time-to-live=600
10. src/main/resources 下静态资源文件如下:
static/login.html
static/main.html
11. login.html
<!DOCTYPE html>
<html> <head>
<title>登录</title>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
</head> <body> <!--登录框-->
<div align="center">
<h2>用户自定义登录页面</h2>
<fieldset style="width: 300px;">
<legend>登录框</legend>
<form action="/login/form" method="post">
<table>
<tr>
<th>用户名:</th>
<td><input name="username" value="Logan" /> </td>
</tr>
<tr>
<th>密码:</th>
<td><input type="password" name="password" value="123456" /> </td>
</tr>
<tr>
<th></th>
<td></td>
</tr>
<tr>
<td colspan="2" align="center"><button type="submit">登录</button></td>
</tr>
</table>
</form>
</fieldset> </div> </body> </html>
12. main.html
<html> <head>
<title>首页</title>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<script>
window.onclick = function() {
window.open("http://www.cnblogs.com/jonban/");
}
</script>
</head> <body style="background-color: cyan;text-align: center;">
<h1><span style="text-align:center;color:purple;cursor: pointer;">Designed by Logan.</span></h1>
<canvas id="c"></canvas>
<script>
var b = document.body;
var c = document.getElementsByTagName('canvas')[0];
var a = c.getContext('2d');
document.body.clientWidth;
</script> <script>
with(m = Math)
C = cos, S = sin, P = pow, R = random;
c.width = c.height = f = 613;
h = -250; function p(a, b, c) {
if(c > 60)
return [S(a * 7) * (13 + 5 / (.2 + P(b * 4, 4))) - S(b) * 50,
b * f + 50,
625 + C(a * 7) * (13 + 5 / (.2 + P(b * 4, 4))) + b * 400,
a * 1 - b / 2, a
];
A = a * 2 - 1;
B = b * 2 - 1;
if(A * A + B * B < 1) {
if(c > 37) {
n = (j = c & 1) ? 6 : 4;
o = .5 / (a + .01) + C(b * 125) * 3 - a * 300;
w = b * h;
return [o * C(n) + w * S(n) + j * 610 - 390, o * S(n) - w * C(n) + 550 - j * 350, 1180 + C(B + A) * 99 - j * 300, .4 - a * .1 + P(1 - B * B, -h * 6) * .15 - a * b * .4 + C(a + b) / 5 + P(C((o * (a + 1) + (B > 0 ? w : -w)) / 25), 30) * .1 * (1 - B * B), o / 1e3 + .7 - o * w * 3e-6]
}
if(c > 32) {
c = c * 1.16 - .15;
o = a * 45 - 20;
w = b * b * h;
z = o * S(c) + w * C(c) + 620;
return [o * C(c) - w * S(c), 28 + C(B * .5) * 99 - b * b * b * 60 - z / 2 - h, z, (b * b * .3 + P((1 - (A * A)), 7) * .15 + .3) * b, b * .7]
}
o = A * (2 - b) * (80 - c * 2);
w = 99 - C(A) * 120 - C(b) * (-h - c * 4.9) + C(P(1 - b, 7)) * 50 + c * 2;
z = o * S(c) + w * C(c) + 700;
return [o * C(c) - w * S(c), B * 99 - C(P(b, 7)) * 50 - c / 3 - z / 1.35 + 450, z, (1 - b / 1.2) * .9 + a * .1, P((1 - b), 20) / 4 + .05]
}
}
setInterval('for(i=0;i<1e4;i++)if(s=p(R(),R(),i%46/.74)){z=s[2];x=~~(s[0]*f/z-h);y=~~(s[1]*f/z-h);if(!m[q=y*f+x]|m[q]>z)m[q]=z,a.fillStyle="rgb("+~(s[3]*h)+","+~(s[4]*h)+","+~(s[3]*s[3]*-80)+")",a.fillRect(x,y,1,1)}', 0)
</script>
</body> </html>
.
Spring Security 之集群Session配置的更多相关文章
- Spring-Session实现Session共享Redis集群方式配置教程
循序渐进,由易到难,这样才更有乐趣! 概述 本篇开始继续上一篇的内容基础上进行,本篇主要介绍Spring-Session实现配置使用Redis集群,会有两种配置方式,一种是Redis-Cluster, ...
- spring boot下JedisCluster方式连接Redis集群的配置
最近在使用springboot做项目,使用redis做缓存.在外网开发的时候redis服务器没有使用集群配置,所有就是用了RedisTemplate的方式进行连接redis服务器.但是项目代码挪到内网 ...
- spring 使用redis集群配置
上面两篇介绍了redis集群的配置合一些基本的概念,所以接下来当然是要在项目中使用咯,redis的java支持已经做的非常好了,所以我们来试着使用这些api来进行redis的操作,首先我们需要操作re ...
- Spring Cloud Eureka集群配置及注意事项(Greenwich版本)
Spring Cloud Eureka集群配置及注意事项(Greenwich版本) 一·概述 Spring Cloud Netflix Eureka 是一个提供服务注册与发现的套件.服务提供者只需要将 ...
- 大型网站系统架构实践(六)深入探讨web应用集群Session保持
原理 在第三,四篇文章中讲到了会话保持的问题,而且还遗留了一个问题,就是会话保持存在单点故障, 当时的方案是cookie插入后缀,即haproxy指负责分发请求,应用服务自行保持用户会话,如果应 用服 ...
- nginx+tomcat+redis的集群+session共享
nginx+tomcat+redis的集群+session共享 环境准备 1.tomcat版本:tomcat7 tomcat下载及安装,目前很多好的资源和步骤,此处省略. 2.jdk版本:jdk1.7 ...
- ActiveMq+zookeeper+levelDB集群整合配置
ActiveMq+zookeeper+levelDB集群整合配置 环境:linux系统,jdk1.7 三台linux系统电脑.我这里使用一台window,分别远程3台linux电脑.三台电脑的ip分 ...
- Spring Security(13)——session管理
1.1 检测session超时 1.2 concurrency-control 1.3 session 固定攻击保护 Spring Security通过http元素下的子元素s ...
- redis单点、redis主从、redis哨兵sentinel,redis集群cluster配置搭建与使用
目录 redis单点.redis主从.redis哨兵 sentinel,redis集群cluster配置搭建与使用 1 .redis 安装及配置 1.1 redis 单点 1.1.2 在命令窗口操作r ...
随机推荐
- mc02_配置本地git仓库并上传到github
注册github账号 仔细阅读使用说明便可,这里提一下如何删除一个repository. 点击要删除的repository,打开后点击Settings 然后滚动到页面最下方,点击最后一个按钮 在弹出框 ...
- apply,call,bind
/*apply和call都是为了改变某个函数运行时的上下文而存在的(就是为了改变函数内部this的指向): 如果使用apply或call方法,那么this指向他们的第一个参数,apply的第二个参数是 ...
- 6-----BBS论坛
BBS论坛(六) 6.1.优化json数据的返回 (1)新建utils/restful.py # utils/restful.py from flask import jsonify class Ht ...
- 性能测试工具LoadRunner23-LR之Analysis 性能分析
一.图表分析 1.Average Transaction Response Time(事务平均响应时间) “事务平均响应时间”显示的是测试场景运行期间的每一秒内事务执行所用的平均时间,通过它可以分析测 ...
- jquery dataTable 自定义 Button及按钮事件
参考网址:http://stackoverflow.com/questions/18134913/jquery-datatabletabletool-custom-buttons-calling-ev ...
- 多级菜单 menu
jquery menu: http://jqueryui.com/menu/ Kendo UI Demos http://demos.telerik.com/kendo-ui/web/menu/ind ...
- 计算机为什么要区别C盘,D盘,E盘等?
为什么要区分C盘,D盘,E盘,F盘? 1)各盘出现背景 在计算机刚诞生的年代,还没有硬盘,那时数据存储主要靠软盘.软盘驱动器按照顺序占据了A和B盘符的位置,后来随着硬盘的应用,就出现了C盘及以后的 ...
- java Redis工具类
redis就是一个nosql数据库,做存储做缓存的,java代码中就是嵌入了一个客户端,读取与存储数据而已. 先来一个简单的工具类: package com.ming.redis; import re ...
- css内容整理2
10.6.css伪类.伪元素 伪类用于向某些选择器添加特殊效果:伪元素用于将特殊的效果添加达到某选择器. 区别:伪类的效果可通过添加一个实际的类达到,用::伪元素效果则需要添加一个实际的元素,用:: ...
- spring boot Configuration Annotation Proessor not found in classpath
出现spring boot Configuration Annotation Proessor not found in classpath的提示是在用了@ConfigurationPropertie ...