微服务Redis-Session共享登录状态的过程详解
更新时间:2023年12月18日 09:24:37 作者:无敌小田田
这篇文章主要介绍了微服务Redis-Session共享登录状态,本文采取Spring security做登录校验,用redis做session共享,实现单服务登录可靠性,微服务之间调用的可靠性与通用性,需要的朋友可以参考下
一、背景
随着项目越来越大,需要将多个服务拆分成微服务,使代码看起来不要过于臃肿,庞大。微服务之间通常采取feign交互,为了保证不同微服务之间增加授权校验,需要增加Spring Security登录验证,为了多个服务之间session可以共享,可以通过数据库实现session共享,也可以采用redis-session实现共享。
本文采取Spring security做登录校验,用redis做session共享。实现单服务登录可靠性,微服务之间调用的可靠性与通用性
二、代码
本文项目采取 主服务一服务、子服务二 来举例
1、服务依赖文件
主服务依赖
implementation group: 'org.springframework.boot', name: 'spring-boot-starter-data-redis', version: '2.5.4'
implementation group: 'org.springframework.session', name: 'spring-session-data-redis', version: '2.4.1'
implementation(group: 'io.github.openfeign', name: 'feign-httpclient')
implementation 'org.springframework.boot:spring-boot-starter-security'子服务依赖
implementation group: 'org.springframework.boot', name: 'spring-boot-starter-data-redis', version: '2.5.4'
implementation group: 'org.springframework.session', name: 'spring-session-data-redis', version: '2.4.1'
implementation 'org.springframework.boot:spring-boot-starter-security'2、服务配置文件
主服务配置文件
#redis连接
spring.redis.host=1.2.3.4
#Redis服务器连接端口
spring.redis.port=6379
#Redis服务器连接密码
spring.redis.password=password
#连接池最大连接数(使用负值表示没有限制)
spring.redis.pool.max-active=8
#连接池最大阻塞等待时间(使用负值表示没有限制)
spring.redis.pool.max-wait=-1
#连接池中的最大空闲连接
spring.redis.pool.max-idle=8
#连接池中的最小空闲连接
spring.redis.pool.min-idle=0
#连接超时时间(毫秒)
spring.redis.timeout=30000
#数据库
spring.redis.database=0
#redis-session配置
spring.session.store-type=redis
#部分post请求过长会报错,需加配置
server.tomcat.max-http-header-size=65536
子服务配置文件
#单独登录秘钥
micService.username=service
micService.password=aaaaaaaaaaaaa
#登录白名单
micService.ipList=1.2.3.4,1.2.3.5,127.0.0.1,0:0:0:0:0:0:0:1
spring.redis.host=1.2.3.4
#Redis服务器连接端口
spring.redis.port=6379
#Redis服务器连接密码
spring.redis.password=password
#连接池最大连接数(使用负值表示没有限制)
spring.redis.pool.max-active=8
#连接池最大阻塞等待时间(使用负值表示没有限制)
spring.redis.pool.max-wait=-1
#连接池中的最大空闲连接
spring.redis.pool.max-idle=8
#连接池中的最小空闲连接
spring.redis.pool.min-idle=0
#连接超时时间(毫秒)
spring.redis.timeout=30000
#数据库
spring.redis.database=0
#最大请求头限制
server.maxPostSize=-1
server.maxHttpHeaderSize=102400
#redis session缓存
spring.session.store-type=redis
server.servlet.session.timeout=30m
3、登录校验文件
主服务SecurityConfig.java
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
//注入密码加密的类
@Bean
public AuthenticationProvider authenticationProvider() {
AuthenticationProvider authenticationProvider = new EncoderProvider();
return authenticationProvider;
}
@Autowired
public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
auth.authenticationProvider(authenticationProvider());
}
public static final Logger logger = LoggerFactory.getLogger(SecurityConfig.class);
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin()
.successHandler((request,response,authentication) -> {
HttpSession session = request.getSession();
session.setAttribute("TaobaoUser",authentication.getPrincipal());
ObjectMapper mapper = new ObjectMapper();
response.setContentType("application/json;charset=utf-8");
PrintWriter out = response.getWriter();
TaobaoUser user = (CurrentUser)session.getAttribute("TaobaoUser");
out.write(mapper.writeValueAsString(user));
out.flush();
out.close();
})
.failureHandler((request,response,authentication) -> {
ObjectMapper mapper = new ObjectMapper();
response.setContentType("application/json;charset=utf-8");
PrintWriter out = response.getWriter();
out.write(mapper.writeValueAsString(new ExceptionMessage("400",authentication.getMessage())));
out.flush();
out.close();
})
.loginPage("/Login.html")
.loginProcessingUrl("/login")
.and()
.authorizeRequests()
.antMatchers("/api/common/invalidUrl","/**/*.css", "/**/*.js", "/**/*.gif ", "/**/*.png ", "/**/*.jpg", "/webjars/**", "**/favicon.ico", "/guestAccess", "/Login.html",
"/v2/api-docs","/configuration/security","/configuration/ui","/api/common/CheckLatestVersionInfo").permitAll()
.anyRequest()
//任何请求
.authenticated()
.and()
.sessionManagement()
.maximumSessions(-1)
.sessionRegistry(sessionRegistry());
;
http.csrf().disable();
}
@Autowired
private FindByIndexNameSessionRepository sessionRepository;
@Bean
public SpringSessionBackedSessionRegistry sessionRegistry(){
return new SpringSessionBackedSessionRegistry(sessionRepository);
}
}EncoderProvider.java
@Service
public class EncoderProvider implements AuthenticationProvider {
public static final Logger logger = LoggerFactory.getLogger(EncoderProvider.class);
/**
* 自定义验证方式
*/
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
try {
//支持用户名和员工号登录 可能为用户名或员工号
String username = authentication.getName();
String credential = (String) authentication.getCredentials();
//加密过程在这里体现
TaobaoUser user= userService.getUserData(username);
//校验,用户名是否存在
if(user==null){
throw new DisabledException("用户名或密码错误");
}
//校验登录状态
checkPassword()
Collection<GrantedAuthority> authorities = new ArrayList<>();
return new UsernamePasswordAuthenticationToken(userCurrent, credential, authorities);
} catch (Exception ex) {
ex.printStackTrace();
throw new DisabledException("登录发生错误 : " + ex.getMessage());
}
}
@Override
public boolean supports(Class<?> arg0) {
return true;
}子服务SecurityConfig.java
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
//注入密码加密的类
@Bean
public AuthenticationProvider authenticationProvider() {
AuthenticationProvider authenticationProvider = new EncoderProvider();
return authenticationProvider;
}
@Autowired
public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authenticationProvider());
}
public static final Logger logger = LoggerFactory.getLogger(SecurityConfig.class);
@Override
protected void configure(HttpSecurity http) throws Exception {
logger.info("用户登录日志test1 username:"+http.toString());
http.formLogin()
.loginProcessingUrl("/login")
.successHandler((request,response,authentication) -> {
HttpSession session = request.getSession();
session.setAttribute("TaobaoUser",authentication.getPrincipal());
ObjectMapper mapper = new ObjectMapper();
response.setContentType("application/json;charset=utf-8");
PrintWriter out = response.getWriter();
TaobaoUser user = (TaobaoUser )session.getAttribute("TaobaoUser");
out.write(mapper.writeValueAsString(user));
out.flush();
out.close();
})
.failureHandler((request,response,authentication) -> {
ObjectMapper mapper = new ObjectMapper();
response.setContentType("application/json;charset=utf-8");
PrintWriter out = response.getWriter();
out.write(mapper.writeValueAsString(new ExceptionMessage("400",authentication.getMessage())));
out.flush();
out.close();
})
.loginPage("/Login.html")
.and()
.authorizeRequests()
.antMatchers("/**/*.css", "/**/*.js", "/**/*.gif ", "/**/*.png ",
"/**/*.jpg", "/webjars/**", "**/favicon.ico", "/Login.html",
"/v2/api-docs","/configuration/security","/configuration/ui").permitAll()
.anyRequest().authenticated()
.and()
.sessionManagement()
.maximumSessions(-1)
.sessionRegistry(sessionRegistry());
http.csrf().disable();
}
@Autowired
private FindByIndexNameSessionRepository sessionRepository;
@Bean
public SpringSessionBackedSessionRegistry sessionRegistry(){
return new SpringSessionBackedSessionRegistry(sessionRepository);
}
}EncoderProvider.java
@Service
public class EncoderProvider implements AuthenticationProvider {
public static final Logger logger = LoggerFactory.getLogger(EncoderProvider.class);
@Value("${service.username}")
private String userName1;
@Value("${service.ipList}")
private String ipList;
/**
* 自定义验证方式
*/
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
try {
//支持用户名和员工号登录 可能为用户名或员工号
String username = authentication.getName();
String credential = (String)authentication.getCredentials();
TaobaoUser user=new TaobaoUser();
if(username.equals(userName1)){
List<String> ips = Arrays.asList(ipList.split(","));
WebAuthenticationDetails details = (WebAuthenticationDetails) authentication.getDetails();
String remoteIp = details.getRemoteAddress();
logger.info("ip为{}-通过用户{}调用接口",remoteIp,username);
if(!ips.contains(remoteIp)){
throw new DisabledException("无权登陆!");
}
}else{
throw new DisabledException("账户不存在!");
}
user.setA("A");
Collection<GrantedAuthority> authorities = new ArrayList<>();
return new UsernamePasswordAuthenticationToken(currentUser, credential, authorities);
} catch (Exception ex) {
ex.printStackTrace();
throw new DisabledException("登录发生错误 : " + ex.getMessage());
}
}
@Override
public boolean supports(Class<?> arg0) {
return true;
}
}4、主服务feign配置
FeignManage.java
#url = "${file.client.url}",
@FeignClient(name="file-service",
fallback = FeignFileManageFallback.class,
configuration = FeignConfiguration.class)
public interface FeignFileManage {
@RequestMapping(value = "/file/upload", method = {RequestMethod.POST}, consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
ApiBaseMessage fileUpload(@RequestPart("file") MultipartFile file, @RequestParam("fileName") String fileName) ;
}public class FeignManageFallback implements FeignManage{
@Override
public ApiBaseMessage fileUpload(MultipartFile file, String type) {
return ApiBaseMessage.getOperationSucceedInstance("400","失败");
}
}FeignFileManageFallback.java
FeignConfiguration.java
@Configuration
@Import(FeignClientsConfiguration.class)
public class FeignConfiguration {
/**
删除请求头文件
*/
final String[] copyHeaders = new String[]{"transfer-encoding","Content-Length"};
@Bean
public FeignFileManageFallback echoServiceFallback(){
return new FeignFileManageFallback();
}
@Bean
public FeignBasicAuthRequestInterceptor getFeignBasicAuthRequestInterceptor(){
return new FeignBasicAuthRequestInterceptor();
}
/**
* feign 调用,添加CurrentUser
*/
private class FeignBasicAuthRequestInterceptor implements RequestInterceptor {
@Override
public void apply(RequestTemplate template) {
//1、使用RequestContextHolder拿到刚进来的请求数据
ServletRequestAttributes requestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
if (requestAttributes != null) {
HttpServletRequest request = requestAttributes.getRequest();
Enumeration<String> headerNames = request.getHeaderNames();
if (headerNames != null) {
while (headerNames.hasMoreElements()) {
String name = headerNames.nextElement();
String values = request.getHeader(name);
//删除的请求头
if (!Arrays.asList(copyHeaders).contains(name)) {
template.header(name, values);
}
}
}
}else{
template.header("Accept", "*/*");
template.header("Accept-Encoding", "gzip, deflate, br");
template.header("Content-Type", "application/json");
}
//增加用户信息
if(requestAttributes!=null && SessionHelper.getCurrentUser()!=null){
try {
template.header("TaobaoUser", URLEncoder.encode(JSON.toJSONString(SessionHelper.getCurrentUser()),"utf-8") );
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
}
}
}
}5、主服务session文件
SessionUtil.java
public class SessionUtil {
public static CurrentUser getCurrentUser() {
HttpSession session = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest().getSession();
CurrentUser user = (CurrentUser)session.getAttribute("TaobaoUser");
return user;
}
public static void setCurrentUser(String userName){
HttpSession session = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest().getSession();
Collection<GrantedAuthority> authorities = new ArrayList<>();
session.setAttribute("TaobaoUser",new CurrentUser(userName, "", authorities));
}
}三、完成配置后
1、直接访问主服务接口,不登录无法访问
2、直接访问自服务,不登录无法访问,(可通过nacos配置用户密码实现登录)
3、主服务通过feign调用子服务接口正常(session已共享)
4、子服务登陆之后,调用主服务理论也可以,需校验下主服务用户侧
到此这篇关于微服务Redis-Session共享登录状态的文章就介绍到这了,更多相关Redis Session共享登录状态内容请搜索脚本之家以前的文章或继续浏览下面的相关文章希望大家以后多多支持脚本之家!
相关文章
这篇文章主要为大家介绍了jvm排查工具箱jvm-tools下载使用详解,有需要的朋友可以借鉴参考下,希望能够有所帮助,祝大家多多进步,早日升职加薪2023-10-10
Kaptcha 是一个可高度配置的实用验证码生成工具,本文主要介绍了Spring MVC整合Kaptcha的具体使用,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友们下面随着小编来一起学习学习吧2022-06-06
Spring Boot 部署过程解析(jar or war)
这篇文章主要介绍了Spring Boot 部署过程解析(jar or war),文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友可以参考下2019-09-09
idea2020.3版本这次变化最大的也就是 UI了完全抛弃了之前一直使用的模板更改成了新的样式,感兴趣的朋友快来下载体验下吧2020-10-10
这篇文章主要介绍了浅谈Java多线程处理中Future的妙用(附源码),还是比较不错的,需要的朋友可以参考下。2017-10-10
这篇文章主要介绍了@RequestParam 参数偶尔丢失的解决,具有很好的参考价值,希望对大家有所帮助。如有错误或未考虑完全的地方,望不吝赐教2021-10-10
MyBatis提供了一种插件(plugin)的功能,虽然叫做插件,但其实这是拦截器功能。MyBatis 允许你在已映射语句执行过程中的某一点进行拦截调用。下面通过本文给大家介绍Mybatis拦截器知识,感兴趣的朋友一起看看吧2016-10-10
MyBatis中resultMap和resultType的区别详解
这篇文章主要介绍了MyBatis中resultMap和resultType的区别详解,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友们下面随着小编来一起学习学习吧2020-07-07
IDEA 非常重要的一些设置项(一连串的问题差点让我重新用回 Eclipse)
这篇文章主要介绍了IDEA 非常重要的一些设置项(一连串的问题差点让我重新用回 Eclipse),本文通过图文并茂的形式给大家介绍的非常详细,对大家的学习或工作具有一定的参考借鉴价值,需要的朋友可以参考下2020-08-08
SpringBoot中干掉Whitelabel Error Page返回自定义内容的实现
这篇文章主要介绍了SpringBoot中干掉Whitelabel Error Page返回自定义内容的实现方法,本文给大家介绍的非常详细,对大家的学习或工作具有一定的参考借鉴价值,需要的朋友可以参考下2021-01-01
最新评论