Springboot+shiro 踢出SessionId

運用場景 : 管理員踢出在線用戶，讓其頁面失效。重登即可激活

思路：

1.利用sessionId ，如果踢出 將其標記為 0，重定向到 踢出頁面

2.在登錄的時候，將sessionId 標記為1，表示 已激活 可以正常使用

3.將 sessionId 和值，存入redis hash表里面，每次比較 從redis 中取出

4.利用  HandlerInterceptorAdapter 攔截器，注：該攔截器 內 可使用@Autowired注入， 比較方便

 

// 繼承 HandlerInterceptorAdapter

package com.example.springboot.shiro.core.shiro.filter;


import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.util.WebUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import redis.clients.jedis.Jedis;
import redis.clients.jedis.JedisPool;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;


public class SessionControlInterceptor extends HandlerInterceptorAdapter {
    @Autowired
    private JedisPool jedisPool;

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        Subject subject = SecurityUtils.getSubject();
        //如果沒有登錄,直接返回true
        if (!subject.isAuthenticated()) {
            return true;
        }
        Jedis jedis = null;
        String sessionidVal = null;
        try {
            String sessionId = request.getSession().getId();
            jedis = jedisPool.getResource();
            sessionidVal = jedis.hget("sessionIdMap", sessionId);
            System.err.println("在redis中 取出 sessionIdMap 表 中的值 ");
            if (sessionidVal.equals("0")) {

                WebUtils.issueRedirect(request, response, "kickout");
            }
        } catch (Exception e) {
            e.printStackTrace();
        } finally {
            if (jedis != null) {
                jedis.close();
            }
        }
        return Boolean.TRUE;
    }

}

//配置 HandlerInterceptorAdapter

package com.example.springboot.shiro.core.shiro.config;

import com.example.springboot.shiro.core.shiro.filter.SessionControlInterceptor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;

/**
 * SessionId 踢出 | HandlerInterceptorAdapter  配置
 */
@Configuration

public class WebSecurityConfig extends WebMvcConfigurerAdapter {
    @Bean
    public SessionControlInterceptor getSessionControlInterceptorFilter(){
        return  new SessionControlInterceptor();
    }
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        InterceptorRegistration addInterceptor = registry.addInterceptor(getSessionControlInterceptorFilter());

        // 排除配置
        addInterceptor.excludePathPatterns("/unauthorized");
        addInterceptor.excludePathPatterns("/login**");

        // 攔截配置
        addInterceptor.addPathPatterns("/index");
        addInterceptor.addPathPatterns("/list");
        addInterceptor.addPathPatterns("/online");
        addInterceptor.addPathPatterns("/role");
        addInterceptor.addPathPatterns("/Roleassignment");
        addInterceptor.addPathPatterns("/permissionlist");
        addInterceptor.addPathPatterns("/PermissionAssignment");

    }
}

 //在登錄方法前設置 sessionId 值為1

    //認證通過后 把登錄的用戶狀態 標記 為 1 激活
            redisUtils.setSessionIdMapHash(sessionId);


// 激活方法

  public void setSessionIdMapHash(String sessionId) {
        Jedis jedis = null;
        try {

            jedis = jedisPool.getResource();
            jedis.hset("sessionIdMap", sessionId, "1");
        } catch (Exception e) {
            e.printStackTrace();
        } finally {
            if (jedis != null) {
                jedis.close();
            }
        }

    }