springboot利用springsession实现redis共享session,并且自定义sessionid
一、初衷
作为一个刚入行的小白,在公司接手了一个springboot的项目,项目中我们完全使用session,管理用户的登陆信息及权限,项目完成时,我们需要集成某公司的nigix服务器,甲方要求,并且由甲方提供,一开始,我们接入之后,发现session丢失,就是nigix每次转发过来的请求其中cookie都会丢失,这个问题我们折腾了好多天,没有解决,后来发现他们的nigix服务器就是不能带cookie过来,因为集成了统一身份认证,没次请求都会带一个固定的请求头,并且请求头里面的数据会最为用户的id,所以考虑以下,决定用springsession来管理HTTPsession,保存到redis服务器中,实现session共享,并且用用户的id来做为中间件,在redis中管理session,从而间接的实现自定义sessionid。
二、干货
1.引用依赖
2. 在配置文件application.properties中加入参数
# database name
spring.redis.database=0
# server host1
spring.redis.host=********** //redis服务器ip
# server password
#spring.redis.password= //redis服务器密码 默认是没有的
#connection port
spring.redis.port=6379 //redis服务器端口号
# pool settings ...
spring.redis.pool.max-idle=8
spring.redis.pool.min-idle=0
spring.redis.pool.max-active=8
spring.redis.pool.max-wait=-1
# name of Redis server
#spring.redis.sentinel.master=
# comma-separated list of host:port pairs
#spring.redis.sentinel.nodes=
spring.session.store-type=redis
3.在springboot启动文件类上加入注解
@EnableRedisHttpSession(maxInactiveIntervalInSeconds = 1200,redisNamespace="xxxx")
其中1200redis中session过期时间
并在启动文件中注入 session策略 这个策略是我自己实现的
@Bean
public HttpSessionStrategy httpSessionStrategy() {
// return new MyHeaderHttpSessionStrategy(); // 这是原来的策略 HeaderHttpSessionStrategy()
return new MyCookieHttpSessionStrategy(); // 这是原来的策略 CookieHttpSessionStrategy();
//
}
public HttpSessionStrategy httpSessionStrategy() {
// return new MyHeaderHttpSessionStrategy(); // 这是原来的策略 HeaderHttpSessionStrategy()
return new MyCookieHttpSessionStrategy(); // 这是原来的策略 CookieHttpSessionStrategy();
//
}
4.MyHeaderHttpSessionStrategy:
package com.taibang.logisticsmanager.config;
import java.util.concurrent.TimeUnit;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.core.ValueOperations;
import org.springframework.session.Session;
import org.springframework.session.web.http.HttpSessionStrategy;
import org.springframework.util.Assert;
/**
* 自方法只能从请求头中读取sessionid
* 请求头中的信息作为中间件
* @author Dream
*
*/
public class MyHeaderHttpSessionStrategy implements HttpSessionStrategy {
@Autowired
private RedisTemplate redisTemplate;
private String headerName = "CAS_USER";//每次请求的请求头名称
private String defaultSessionId = "default-sessionid";
public String getRequestedSessionId(HttpServletRequest request) {
System.out.println("测试CAS_USER:"+request.getHeader("CAS_USER"));
ValueOperations vops = redisTemplate.opsForValue();
System.out.println("vops1:"+vops);
String sessionid = request.getHeader("CAS_USER");
System.out.println("redis中sessionid"+sessionid);
if (sessionid != null && !sessionid.equals("")) {
String jsessionid = vops.get(sessionid);
if(jsessionid!=null){
boolean flag =redisTemplate.expire(sessionid, 60*10, TimeUnit.SECONDS);
System.out.println("flag:"+flag);
}
return jsessionid;
} else {
System.out.println("返回默认sessionid"+sessionid);
return vops.get(sessionid);
}
}
public void onNewSession(Session session, HttpServletRequest request,
HttpServletResponse response) {
String jsessionid = request.getHeader("CAS_USER");
String sessionid = session.getId();
System.out.println("创建sessionid:"+sessionid);
ValueOperations vops = redisTemplate.opsForValue();
System.out.println("创建sessionvops2:"+vops);
if (jsessionid != null && !jsessionid.equals("")) {
//保存xxx和sessionid映射关系
vops.set(jsessionid, sessionid);
boolean flag= redisTemplate.expire(jsessionid, 60*10, TimeUnit.SECONDS);
System.out.println("flag:"+flag);
}else{
//没有传xxx时,保存为默认
vops.set(jsessionid, sessionid);
redisTemplate.expire(jsessionid, 60*10, TimeUnit.SECONDS);
}
response.setHeader(this.headerName, jsessionid);
}
public void onInvalidateSession(HttpServletRequest request,
HttpServletResponse response) {
System.out.println("注销session");
String jsessionid = request.getHeader("CAS_USER");
redisTemplate.expire(jsessionid, 0, TimeUnit.SECONDS);
response.setHeader(this.headerName, "");
}
/**
* The name of the header to obtain the session id from. Default is "x-auth-token".
*
* @param headerName the name of the header to obtain the session id from.
*/
public void setHeaderName(String headerName) {
Assert.notNull(headerName, "headerName cannot be null");
this.headerName = headerName;
}
}
5: MyCookieHttpSessionStrategy();因为项目需要两个登陆入口,如果不使用nigix服务器,没有了请求头,就没有办法管理,所有就写了这个 保留了cookie的机制
package com.taibang.logisticsmanager.config;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.concurrent.TimeUnit;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.core.ValueOperations;
import org.springframework.session.Session;
import org.springframework.session.web.http.CookieHttpSessionStrategy;
import org.springframework.session.web.http.CookieSerializer;
import org.springframework.session.web.http.CookieSerializer.CookieValue;
import org.springframework.session.web.http.DefaultCookieSerializer;
import org.springframework.session.web.http.HttpSessionManager;
import org.springframework.session.web.http.MultiHttpSessionStrategy;
import org.springframework.util.Assert;
/**
* 自定义策略,有请求头,从请求头读取sessionid信息,无请求头使用cookie的策略
* @author Dream
*
*/
public final class MyCookieHttpSessionStrategy implements MultiHttpSessionStrategy, HttpSessionManager{
/**
* The default delimiter for both serialization and deserialization.
*/
private static final String DEFAULT_DELIMITER = " ";
private static final String SESSION_IDS_WRITTEN_ATTR = MyCookieHttpSessionStrategy.class
.getName().concat(".SESSIONS_WRITTEN_ATTR");
static final String DEFAULT_ALIAS = "0";
static final String DEFAULT_SESSION_ALIAS_PARAM_NAME = "_s";
private static final Pattern ALIAS_PATTERN = Pattern.compile("^[\\w-]{1,50}$");
private String sessionParam = DEFAULT_SESSION_ALIAS_PARAM_NAME;
private CookieSerializer cookieSerializer = new DefaultCookieSerializer();
/**
* The delimiter between a session alias and a session id when reading a cookie value.
* The default value is " ".
*/
private String deserializationDelimiter = DEFAULT_DELIMITER;
/**
* The delimiter between a session alias and a session id when writing a cookie value.
* The default is " ".
*/
private String serializationDelimiter = DEFAULT_DELIMITER;
private String headerName = "CAS_USER";//此处请求头名成可修改
@Autowired
private RedisTemplate redisTemplate;
public String getRequestedSessionId(HttpServletRequest request) {
ValueOperations vops = redisTemplate.opsForValue();
String sessionid = request.getHeader("CAS_USER");
if (sessionid != null && !sessionid.equals("")) {
String jsessionid = vops.get(sessionid);
if(jsessionid!=null){
boolean flag =redisTemplate.expire(sessionid, 60*10, TimeUnit.SECONDS);
}
return jsessionid;
}
Map sessionIds = getSessionIds(request);
String sessionAlias = getCurrentSessionAlias(request);
return sessionIds.get(sessionAlias);
}
public String getCurrentSessionAlias(HttpServletRequest request) {
if (this.sessionParam == null) {
return DEFAULT_ALIAS;
}
String u = request.getParameter(this.sessionParam);
if (u == null) {
return DEFAULT_ALIAS;
}
if (!ALIAS_PATTERN.matcher(u).matches()) {
return DEFAULT_ALIAS;
}
return u;
}
public String getNewSessionAlias(HttpServletRequest request) {
Set sessionAliases = getSessionIds(request).keySet();
if (sessionAliases.isEmpty()) {
return DEFAULT_ALIAS;
}
long lastAlias = Long.decode(DEFAULT_ALIAS);
for (String alias : sessionAliases) {
long selectedAlias = safeParse(alias);
if (selectedAlias > lastAlias) {
lastAlias = selectedAlias;
}
}
return Long.toHexString(lastAlias + 1);
}
private long safeParse(String hex) {
try {
return Long.decode("0x" + hex);
}
catch (NumberFormatException notNumber) {
return 0;
}
}
public void onNewSession(Session session, HttpServletRequest request,
HttpServletResponse response) {
String jsessionid = request.getHeader("CAS_USER");
String sessionid = session.getId();
ValueOperations vops = redisTemplate.opsForValue();
if (jsessionid != null && !jsessionid.equals("")) {
//保存xxx和sessionid映射关系
vops.set(jsessionid, sessionid);
boolean flag= redisTemplate.expire(jsessionid, 60*10, TimeUnit.SECONDS);
return;
}
Set sessionIdsWritten = getSessionIdsWritten(request);
if (sessionIdsWritten.contains(session.getId())) {
return;
}
sessionIdsWritten.add(session.getId());
Map sessionIds = getSessionIds(request);
String sessionAlias = getCurrentSessionAlias(request);
sessionIds.put(sessionAlias, session.getId());
String cookieValue = createSessionCookieValue(sessionIds);
this.cookieSerializer
.writeCookieValue(new CookieValue(request, response, cookieValue));
}
@SuppressWarnings("unchecked")
private Set getSessionIdsWritten(HttpServletRequest request) {
Set sessionsWritten = (Set) request
.getAttribute(SESSION_IDS_WRITTEN_ATTR);
if (sessionsWritten == null) {
sessionsWritten = new HashSet();
request.setAttribute(SESSION_IDS_WRITTEN_ATTR, sessionsWritten);
}
return sessionsWritten;
}
private String createSessionCookieValue(Map sessionIds) {
if (sessionIds.isEmpty()) {
return "";
}
if (sessionIds.size() == 1 && sessionIds.keySet().contains(DEFAULT_ALIAS)) {
return sessionIds.values().iterator().next();
}
StringBuffer buffer = new StringBuffer();
for (Map.Entry entry : sessionIds.entrySet()) {
String alias = entry.getKey();
String id = entry.getValue();
buffer.append(alias);
buffer.append(this.serializationDelimiter);
buffer.append(id);
buffer.append(this.serializationDelimiter);
}
buffer.deleteCharAt(buffer.length() - 1);
return buffer.toString();
}
public void onInvalidateSession(HttpServletRequest request,
HttpServletResponse response) {
if(request.getHeader("CAS_USER")!=null) {
String jsessionid = request.getHeader("CAS_USER");
redisTemplate.expire(jsessionid, 0, TimeUnit.SECONDS);
}else {
Map sessionIds = getSessionIds(request);
String requestedAlias = getCurrentSessionAlias(request);
sessionIds.remove(requestedAlias);
String cookieValue = createSessionCookieValue(sessionIds);
this.cookieSerializer
.writeCookieValue(new CookieValue(request, response, cookieValue));
}
}
public void setHeaderName(String headerName) {
Assert.notNull(headerName, "headerName cannot be null");
this.headerName = headerName;
}
/**
* Sets the name of the HTTP parameter that is used to specify the session alias. If
* the value is null, then only a single session is supported per browser.
*
* @param sessionAliasParamName the name of the HTTP parameter used to specify the
* session alias. If null, then ony a single session is supported per browser.
*/
public void setSessionAliasParamName(String sessionAliasParamName) {
this.sessionParam = sessionAliasParamName;
}
/**
* Sets the {@link CookieSerializer} to be used.
*
* @param cookieSerializer the cookieSerializer to set. Cannot be null.
*/
public void setCookieSerializer(CookieSerializer cookieSerializer) {
Assert.notNull(cookieSerializer, "cookieSerializer cannot be null");
this.cookieSerializer = cookieSerializer;
}
/**
* Sets the name of the cookie to be used.
* @param cookieName the name of the cookie to be used
* @deprecated use {@link #setCookieSerializer(CookieSerializer)}
*/
@Deprecated
public void setCookieName(String cookieName) {
DefaultCookieSerializer serializer = new DefaultCookieSerializer();
serializer.setCookieName(cookieName);
this.cookieSerializer = serializer;
}
/**
* Sets the delimiter between a session alias and a session id when deserializing a
* cookie. The default is " " This is useful when using
* RFC 6265 for writing the cookies
* which doesn't allow for spaces in the cookie values.
*
* @param delimiter the delimiter to set (i.e. "_ " will try a delimeter of either "_"
* or " ")
*/
public void setDeserializationDelimiter(String delimiter) {
this.deserializationDelimiter = delimiter;
}
/**
* Sets the delimiter between a session alias and a session id when deserializing a
* cookie. The default is " ". This is useful when using
* RFC 6265 for writing the cookies
* which doesn't allow for spaces in the cookie values.
*
* @param delimiter the delimiter to set (i.e. "_")
*/
public void setSerializationDelimiter(String delimiter) {
this.serializationDelimiter = delimiter;
}
public Map getSessionIds(HttpServletRequest request) {
List cookieValues = this.cookieSerializer.readCookieValues(request);
String sessionCookieValue = cookieValues.isEmpty() ? ""
: cookieValues.iterator().next();
Map result = new LinkedHashMap();
StringTokenizer tokens = new StringTokenizer(sessionCookieValue,
this.deserializationDelimiter);
if (tokens.countTokens() == 1) {
result.put(DEFAULT_ALIAS, tokens.nextToken());
return result;
}
while (tokens.hasMoreTokens()) {
String alias = tokens.nextToken();
if (!tokens.hasMoreTokens()) {
break;
}
String id = tokens.nextToken();
result.put(alias, id);
}
return result;
}
public HttpServletRequest wrapRequest(HttpServletRequest request,
HttpServletResponse response) {
request.setAttribute(HttpSessionManager.class.getName(), this);
return request;
}
public HttpServletResponse wrapResponse(HttpServletRequest request,
HttpServletResponse response) {
return new MultiSessionHttpServletResponse(response, request);
}
public String encodeURL(String url, String sessionAlias) {
String encodedSessionAlias = urlEncode(sessionAlias);
int queryStart = url.indexOf("?");
boolean isDefaultAlias = DEFAULT_ALIAS.equals(encodedSessionAlias);
if (queryStart < 0) {
return isDefaultAlias ? url
: url + "?" + this.sessionParam + "=" + encodedSessionAlias;
}
String path = url.substring(0, queryStart);
String query = url.substring(queryStart + 1, url.length());
String replacement = isDefaultAlias ? "" : "$1" + encodedSessionAlias;
query = query.replaceFirst("((^|&)" + this.sessionParam + "=)([^&]+)?",
replacement);
String sessionParamReplacement = String.format("%s=%s", this.sessionParam,
encodedSessionAlias);
if (!isDefaultAlias && !query.contains(sessionParamReplacement)
&& url.endsWith(query)) {
// no existing alias
if (!(query.endsWith("&") || query.length() == 0)) {
query += "&";
}
query += sessionParamReplacement;
}
return path + "?" + query;
}
private String urlEncode(String value) {
try {
return URLEncoder.encode(value, "UTF-8");
}
catch (UnsupportedEncodingException e) {
throw new RuntimeException(e);
}
}
/**
* A {@link CookieHttpSessionStrategy} aware {@link HttpServletResponseWrapper}.
*/
class MultiSessionHttpServletResponse extends HttpServletResponseWrapper {
private final HttpServletRequest request;
MultiSessionHttpServletResponse(HttpServletResponse response,
HttpServletRequest request) {
super(response);
this.request = request;
}
private String getCurrentSessionAliasFromUrl(String url) {
String currentSessionAliasFromUrl = null;
int queryStart = url.indexOf("?");
if (queryStart >= 0) {
String query = url.substring(queryStart + 1);
Matcher matcher = Pattern
.compile(String.format("%s=([^&]+)",
MyCookieHttpSessionStrategy.this.sessionParam))
.matcher(query);
if (matcher.find()) {
currentSessionAliasFromUrl = matcher.group(1);
}
}
return currentSessionAliasFromUrl;
}
@Override
public String encodeRedirectURL(String url) {
String encodedUrl = super.encodeRedirectURL(url);
String currentSessionAliasFromUrl = getCurrentSessionAliasFromUrl(encodedUrl);
String alias = (currentSessionAliasFromUrl != null)
? currentSessionAliasFromUrl : getCurrentSessionAlias(this.request);
return MyCookieHttpSessionStrategy.this.encodeURL(encodedUrl, alias);
}
@Override
public String encodeURL(String url) {
String encodedUrl = super.encodeURL(url);
String currentSessionAliasFromUrl = getCurrentSessionAliasFromUrl(encodedUrl);
String alias = (currentSessionAliasFromUrl != null)
? currentSessionAliasFromUrl : getCurrentSessionAlias(this.request);
return MyCookieHttpSessionStrategy.this.encodeURL(encodedUrl, alias);
}
}
}
4.在这位仁兄的博客上也学习到了很多 http://blog.csdn.net/qq351790934/article/details/54930049