我要评论session失效时间
在tomcat上,session的默认有效时间是30分钟。也可以通过配置文件修改session的有效时间。
1)修改web.xml
<!-- 设置session失效,单位分 --> <session-config> <session-timeout>1</session-timeout> </session-config>
2).yml文件
server.session.cookie.http-only= #是否开启httponly server.session.timeout = #会话超时(秒)
使用过滤器获取session进行身份验证(未全部测试,慎用)
1)新建filter
import org.springframework.beans.factory.annotation.autowired;
import org.springframework.boot.web.servlet.servletcomponentscan;
import org.springframework.context.applicationcontext;
import org.springframework.stereotype.component;
import org.springframework.web.context.support.webapplicationcontextutils;
import javax.servlet.*;
import javax.servlet.annotation.webfilter;
import javax.servlet.http.httpservletrequest;
import java.io.ioexception;
@component
@servletcomponentscan//让@webfilter起作用
@webfilter(urlpatterns = "/*")
public class myfilter implements filter{
@autowired
private sessionkeyconfigproperties sessionkeyconfigproperties;
@override
public void init(filterconfig filterconfig) throws servletexception {
}
@override
public void dofilter(servletrequest servletrequest, servletresponse servletresponse, filterchain filterchain)
throws ioexception, servletexception {
httpservletrequest httpservletrequest = (httpservletrequest) servletrequest;
system.out.println(sessionkeyconfigproperties.getusertypekey());
//通过session获取身份信息
authenticationutil authenticationutil = new authenticationutil(sessionkeyconfigproperties);
usertypeenum usertype = authenticationutil.getuserauthentication(httpservletrequest.getsession());
//进行认证
//认证失败
if(usertype == null){
//...
}
//用户不是管理员
if(usertype != usertypeenum.admin){
//...
}
filterchain.dofilter(servletrequest,servletresponse);
}
@override
public void destroy() {
}
}
细心的读者会发现我用了authenticationutil,这是为了将读写用户身份认证信息的功能分离而设计的工具类 2)authenticationutil类
import org.apache.shiro.web.session.httpservletsession;
import javax.servlet.http.httpservletrequest;
import javax.servlet.http.httpsession;
public class authenticationutil {
private sessionkeyconfigproperties configproperties;
public authenticationutil(sessionkeyconfigproperties configproperties) {
this.configproperties = configproperties;
}
/**
* 从session中获取用户的身份类型
* @param session
* @return 身份类型
*/
public usertypeenum getuserauthentication(httpsession session){
//获取session中的用户信息记录
object usertype = session.getattribute(configproperties.getusertypekey());
//获取session中记录的用户类型
if(usertype != null && usertype instanceof usertypeenum) {
return (usertypeenum)usertype;
}
return null;
}
/**
* 将用户的身份写入session中
* @param session
* @param usertype
*/
public void setuserauthentication(httpsession session,usertypeenum usertype){
session.setattribute(configproperties.getusertypekey(),usertype);
}
}
3)配置文件sessiionkeyconfig.properties
user_type_key = usertypekey
4)配置读取文件sessionkeyconfigproperties.class
import org.springframework.beans.factory.annotation.value;
import org.springframework.context.annotation.configuration;
import org.springframework.context.annotation.propertysource;
import org.springframework.stereotype.component;
@configuration
@propertysource("classpath:config/sessiionkeyconfig.properties")
@component
public class sessionkeyconfigproperties {
@value("${user_type_key}")
private string usertypekey;
public string getusertypekey() {
return usertypekey;
}
public void setusertypekey(string usertypekey) {
this.usertypekey = usertypekey;
}
}
5)enum类
public enum usertypeenum {
admin,
user
}
注:本文删除了一些package信息及部分import信息。enum类和配置类的内容请根据项目需求及数据字典自行修改。
总结
以上所述是小编给大家介绍的基于springboot实现用户身份验证工具,希望对大家有所帮助
您可能感兴趣的文章:
如您对本文有疑问或者有任何想说的,请点击进行留言回复,万千网友为您解惑!
网友评论