From 547021ca132506de94aab9ad79bc26da5a763528 Mon Sep 17 00:00:00 2001 From: vertoryao Date: Thu, 19 Dec 2024 09:50:56 +0800 Subject: [PATCH] =?UTF-8?q?feat(=E8=8F=9C=E5=8D=95=E6=A8=A1=E5=9D=97):=20?= =?UTF-8?q?=E4=BF=AE=E6=94=B9=E9=83=A8=E5=88=86=E6=9D=83=E9=99=90=E4=BB=A3?= =?UTF-8?q?=E7=A0=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...stomSessionInformationExpiredStrategy.java | 19 +++++++++++-------- .../security/JsonAuthenticationFilter.java | 6 ++---- .../security/SpringSecurityConfig.java | 6 ++---- 3 files changed, 15 insertions(+), 16 deletions(-) diff --git a/src/main/java/com/zsc/edu/gateway/framework/security/CustomSessionInformationExpiredStrategy.java b/src/main/java/com/zsc/edu/gateway/framework/security/CustomSessionInformationExpiredStrategy.java index 30e0de7..a1c8711 100644 --- a/src/main/java/com/zsc/edu/gateway/framework/security/CustomSessionInformationExpiredStrategy.java +++ b/src/main/java/com/zsc/edu/gateway/framework/security/CustomSessionInformationExpiredStrategy.java @@ -1,30 +1,33 @@ package com.zsc.edu.gateway.framework.security; import com.fasterxml.jackson.databind.ObjectMapper; -import com.zsc.edu.gateway.exception.ExceptionResult; -import com.zsc.edu.gateway.framework.SpringBeanUtil; import jakarta.servlet.http.HttpServletResponse; import org.springframework.http.HttpStatus; import org.springframework.security.web.session.SessionInformationExpiredEvent; import org.springframework.security.web.session.SessionInformationExpiredStrategy; +import org.springframework.stereotype.Component; import java.io.IOException; import java.time.LocalDateTime; +import java.util.Map; /** * @author harry_yao */ +@Component public class CustomSessionInformationExpiredStrategy implements SessionInformationExpiredStrategy { @Override public void onExpiredSessionDetected(SessionInformationExpiredEvent event) throws IOException { - ObjectMapper objectMapper = SpringBeanUtil.getBean(ObjectMapper.class); + HttpServletResponse response = event.getResponse(); response.setStatus(HttpStatus.UNAUTHORIZED.value()); response.setContentType("application/json;charset=utf-8"); - ExceptionResult result = new ExceptionResult("会话已过期(有可能是您同时登录了太多的太多的客户端)", - HttpStatus.UNAUTHORIZED.value(), - LocalDateTime.now()); - response.getWriter().print(objectMapper.writeValueAsString(result)); + ObjectMapper objectMapper = new ObjectMapper(); + response.getWriter().print(objectMapper.writeValueAsString(Map.of( + "msg", "会话已过期(有可能是您同时登录了太多的太多的客户端)", + "code", HttpStatus.UNAUTHORIZED.value(), + "timestamp", LocalDateTime.now() + ))); response.flushBuffer(); } -} +} \ No newline at end of file diff --git a/src/main/java/com/zsc/edu/gateway/framework/security/JsonAuthenticationFilter.java b/src/main/java/com/zsc/edu/gateway/framework/security/JsonAuthenticationFilter.java index 53b2177..915bf37 100644 --- a/src/main/java/com/zsc/edu/gateway/framework/security/JsonAuthenticationFilter.java +++ b/src/main/java/com/zsc/edu/gateway/framework/security/JsonAuthenticationFilter.java @@ -26,12 +26,12 @@ public class JsonAuthenticationFilter extends UsernamePasswordAuthenticationFilt Map map = new ObjectMapper().readValue(request.getInputStream(), Map.class); String username = map.get("username").toString(); String password = map.get("password").toString(); - username = (username != null) ? username : ""; username = username.trim(); password = (password != null) ? password : ""; password = password.trim(); - UsernamePasswordAuthenticationToken authRequest = UsernamePasswordAuthenticationToken.unauthenticated(username, password); + UsernamePasswordAuthenticationToken authRequest = + UsernamePasswordAuthenticationToken.unauthenticated(username, password); // Allow subclasses to set the "details" property setDetails(request, authRequest); return this.getAuthenticationManager().authenticate(authRequest); @@ -41,6 +41,4 @@ public class JsonAuthenticationFilter extends UsernamePasswordAuthenticationFilt } return super.attemptAuthentication(request, response); } - - } diff --git a/src/main/java/com/zsc/edu/gateway/framework/security/SpringSecurityConfig.java b/src/main/java/com/zsc/edu/gateway/framework/security/SpringSecurityConfig.java index 846ecfc..58995b4 100644 --- a/src/main/java/com/zsc/edu/gateway/framework/security/SpringSecurityConfig.java +++ b/src/main/java/com/zsc/edu/gateway/framework/security/SpringSecurityConfig.java @@ -41,6 +41,7 @@ public class SpringSecurityConfig { private final CustomAccessDeniedHandler customAccessDeniedHandler; private final SessionRegistry sessionRegistry; private final SecurityBeanConfig securityBeanConfig; + private final CustomSessionInformationExpiredStrategy customSessionInformationExpiredStrategy; @Resource private final DataSource dataSource; @@ -86,9 +87,6 @@ public class SpringSecurityConfig { .requestMatchers(HttpMethod.GET, "/api/rest/user/me","/api/rest/user/register","/api/rest/user/send-email").permitAll() .requestMatchers(HttpMethod.POST, "/api/rest/user/login","/api/rest/user/register").permitAll() .requestMatchers("/api/**").authenticated() - .requestMatchers("/api/**").access((authentication, object) -> { - return new AuthorizationDecision(true); - }) ) // 不用注解,直接通过判断路径实现动态访问权限 // .requestMatchers("/api/**").access((authentication, object) -> { @@ -148,7 +146,7 @@ public class SpringSecurityConfig { .sessionManagement(session -> session .maximumSessions(3) .sessionRegistry(sessionRegistry) - .expiredSessionStrategy(new CustomSessionInformationExpiredStrategy())) + .expiredSessionStrategy(customSessionInformationExpiredStrategy)) .build(); }