Springboot+shiro 踢出SessionId
运用场景 : 管理员踢出在线用户,让其页面失效。重登即可激活
思路:
1.利用sessionId ,如果踢出 将其标记为 0,重定向到 踢出页面
2.在登录的时候,将sessionId 标记为1,表示 已激活 可以正常使用
3.将 sessionId 和值,存入redis hash表里面,每次比较 从redis 中取出
4.利用 HandlerInterceptorAdapter 拦截器,注:该拦截器 内 可使用@Autowired注入, 比较方便
// 继承 HandlerInterceptorAdapter
package com.example.springboot.shiro.core.shiro.filter;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.util.WebUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import redis.clients.jedis.Jedis;
import redis.clients.jedis.JedisPool;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class SessionControlInterceptor extends HandlerInterceptorAdapter {
@Autowired
private JedisPool jedisPool;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
Subject subject = SecurityUtils.getSubject();
//如果没有登录,直接返回true
if (!subject.isAuthenticated()) {
return true;
}
Jedis jedis = null;
String sessionidVal = null;
try {
String sessionId = request.getSession().getId();
jedis = jedisPool.getResource();
sessionidVal = jedis.hget("sessionIdMap", sessionId);
System.err.println("在redis中 取出 sessionIdMap 表 中的值 ");
if (sessionidVal.equals("0")) {
WebUtils.issueRedirect(request, response, "kickout");
}
} catch (Exception e) {
e.printStackTrace();
} finally {
if (jedis != null) {
jedis.close();
}
}
return Boolean.TRUE;
}
}
//配置 HandlerInterceptorAdapter
package com.example.springboot.shiro.core.shiro.config;
import com.example.springboot.shiro.core.shiro.filter.SessionControlInterceptor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
/**
* SessionId 踢出 | HandlerInterceptorAdapter 配置
*/
@Configuration
public class WebSecurityConfig extends WebMvcConfigurerAdapter {
@Bean
public SessionControlInterceptor getSessionControlInterceptorFilter(){
return new SessionControlInterceptor();
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
InterceptorRegistration addInterceptor = registry.addInterceptor(getSessionControlInterceptorFilter());
// 排除配置
addInterceptor.excludePathPatterns("/unauthorized");
addInterceptor.excludePathPatterns("/login**");
// 拦截配置
addInterceptor.addPathPatterns("/index");
addInterceptor.addPathPatterns("/list");
addInterceptor.addPathPatterns("/online");
addInterceptor.addPathPatterns("/role");
addInterceptor.addPathPatterns("/Roleassignment");
addInterceptor.addPathPatterns("/permissionlist");
addInterceptor.addPathPatterns("/PermissionAssignment");
}
}
//在登录方法前设置 sessionId 值为1
//认证通过后 把登录的用户状态 标记 为 1 激活
redisUtils.setSessionIdMapHash(sessionId);
// 激活方法
public void setSessionIdMapHash(String sessionId) {
Jedis jedis = null;
try {
jedis = jedisPool.getResource();
jedis.hset("sessionIdMap", sessionId, "1");
} catch (Exception e) {
e.printStackTrace();
} finally {
if (jedis != null) {
jedis.close();
}
}
}