您好,登錄后才能下訂單哦!
通常系統(tǒng)都會(huì)限制同一個(gè)賬號(hào)的登錄人數(shù),多人登錄要么限制后者登錄,要么踢出前者,Spring Security 提供了這樣的功能,本文講解一下在沒有使用Security的時(shí)候如何手動(dòng)實(shí)現(xiàn)這個(gè)功能
demo 技術(shù)選型
JWT(token)存儲(chǔ)在Redis中,類似 JSessionId-Session的關(guān)系,用戶登錄后每次請(qǐng)求在Header中攜帶jwt
如果你是使用session的話,也完全可以借鑒本文的思路,只是代碼上需要加些改動(dòng)
兩種實(shí)現(xiàn)思路
比較時(shí)間戳
維護(hù)一個(gè) username: jwtToken 這樣的一個(gè) key-value 在Reids中, Filter邏輯如下
public class CompareKickOutFilter extends KickOutFilter { @Autowired private UserService userService; @Override public boolean isAccessAllowed(HttpServletRequest request, HttpServletResponse response) { String token = request.getHeader("Authorization"); String username = JWTUtil.getUsername(token); String userKey = PREFIX + username; RBucket<String> bucket = redissonClient.getBucket(userKey); String redisToken = bucket.get(); if (token.equals(redisToken)) { return true; } else if (StringUtils.isBlank(redisToken)) { bucket.set(token); } else { Long redisTokenUnixTime = JWTUtil.getClaim(redisToken, "createTime").asLong(); Long tokenUnixTime = JWTUtil.getClaim(token, "createTime").asLong(); // token > redisToken 則覆蓋 if (tokenUnixTime.compareTo(redisTokenUnixTime) > 0) { bucket.set(token); } else { // 注銷當(dāng)前token userService.logout(token); sendJsonResponse(response, 4001, "您的賬號(hào)已在其他設(shè)備登錄"); return false; } } return true; } }
隊(duì)列踢出
public class QueueKickOutFilter extends KickOutFilter { /** * 踢出之前登錄的/之后登錄的用戶 默認(rèn)踢出之前登錄的用戶 */ private boolean kickoutAfter = false; /** * 同一個(gè)帳號(hào)最大會(huì)話數(shù) 默認(rèn)1 */ private int maxSession = 1; public void setKickoutAfter(boolean kickoutAfter) { this.kickoutAfter = kickoutAfter; } public void setMaxSession(int maxSession) { this.maxSession = maxSession; } @Override public boolean isAccessAllowed(HttpServletRequest request, HttpServletResponse response) throws Exception { String token = request.getHeader("Authorization"); UserBO currentSession = CurrentUser.get(); Assert.notNull(currentSession, "currentSession cannot null"); String username = currentSession.getUsername(); String userKey = PREFIX + "deque_" + username; String lockKey = PREFIX_LOCK + username; RLock lock = redissonClient.getLock(lockKey); lock.lock(2, TimeUnit.SECONDS); try { RDeque<String> deque = redissonClient.getDeque(userKey); // 如果隊(duì)列里沒有此token,且用戶沒有被踢出;放入隊(duì)列 if (!deque.contains(token) && currentSession.isKickout() == false) { deque.push(token); } // 如果隊(duì)列里的sessionId數(shù)超出最大會(huì)話數(shù),開始踢人 while (deque.size() > maxSession) { String kickoutSessionId; if (kickoutAfter) { // 如果踢出后者 kickoutSessionId = deque.removeFirst(); } else { // 否則踢出前者 kickoutSessionId = deque.removeLast(); } try { RBucket<UserBO> bucket = redissonClient.getBucket(kickoutSessionId); UserBO kickoutSession = bucket.get(); if (kickoutSession != null) { // 設(shè)置會(huì)話的kickout屬性表示踢出了 kickoutSession.setKickout(true); bucket.set(kickoutSession); } } catch (Exception e) { } } // 如果被踢出了,直接退出,重定向到踢出后的地址 if (currentSession.isKickout()) { // 會(huì)話被踢出了 try { // 注銷 userService.logout(token); sendJsonResponse(response, 4001, "您的賬號(hào)已在其他設(shè)備登錄"); } catch (Exception e) { } return false; } } finally { if (lock.isHeldByCurrentThread()) { lock.unlock(); LOGGER.info(Thread.currentThread().getName() + " unlock"); } else { LOGGER.info(Thread.currentThread().getName() + " already automatically release lock"); } } return true; } }
比較兩種方法
演示
下載地址: https://gitee.com/yintianwen7/taven-springboot-learning/tree/master/login-control
以上就是本文的全部?jī)?nèi)容,希望對(duì)大家的學(xué)習(xí)有所幫助,也希望大家多多支持億速云。
免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如果涉及侵權(quán)請(qǐng)聯(lián)系站長郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。