springboot利用springsession实现redis共享session,并且自定义sessionid

一、初衷

作为一个刚入行的小白,在公司接手了一个springboot的项目,项目中我们完全使用session,管理用户的登陆信息及权限,项目完成时,我们需要集成某公司的nigix服务器,甲方要求,并且由甲方提供,一开始,我们接入之后,发现session丢失,就是nigix每次转发过来的请求其中cookie都会丢失,这个问题我们折腾了好多天,没有解决,后来发现他们的nigix服务器就是不能带cookie过来,因为集成了统一身份认证,没次请求都会带一个固定的请求头,并且请求头里面的数据会最为用户的id,所以考虑以下,决定用springsession来管理HTTPsession,保存到redis服务器中,实现session共享,并且用用户的id来做为中间件,在redis中管理session,从而间接的实现自定义sessionid。

二、干货

1.引用依赖
 
      org.springframework.session
      spring-session

 
    org.springframework.boot  
    spring-boot-starter-data-redis  

      2. 在配置文件application.properties中加入参数
# database name
spring.redis.database=0
# server host1
spring.redis.host=**********    //redis服务器ip
# server password
#spring.redis.password=            //redis服务器密码   默认是没有的
#connection port
spring.redis.port=6379      //redis服务器端口号
# pool settings ...
spring.redis.pool.max-idle=8
spring.redis.pool.min-idle=0
spring.redis.pool.max-active=8
spring.redis.pool.max-wait=-1
# name of Redis server
#spring.redis.sentinel.master=
# comma-separated list of host:port pairs
#spring.redis.sentinel.nodes=
spring.session.store-type=redis



3.在springboot启动文件类上加入注解

@EnableRedisHttpSession(maxInactiveIntervalInSeconds = 1200,redisNamespace="xxxx")
  其中1200redis中session过期时间


并在启动文件中注入 session策略    这个策略是我自己实现的    
  @Bean
 public HttpSessionStrategy httpSessionStrategy() { 

// return new MyHeaderHttpSessionStrategy();   //  这是原来的策略  HeaderHttpSessionStrategy()

return new MyCookieHttpSessionStrategy(); //   这是原来的策略    CookieHttpSessionStrategy();
//


 }

4.MyHeaderHttpSessionStrategy:

package com.taibang.logisticsmanager.config;

import java.util.concurrent.TimeUnit;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.core.ValueOperations;
import org.springframework.session.Session;
import org.springframework.session.web.http.HttpSessionStrategy;
import org.springframework.util.Assert;
/**
 * 自方法只能从请求头中读取sessionid
 * 请求头中的信息作为中间件
 * @author Dream
 *
 */
public class MyHeaderHttpSessionStrategy implements HttpSessionStrategy {
	 @Autowired
	private RedisTemplate redisTemplate;
	private String headerName = "CAS_USER";//每次请求的请求头名称
	 private String defaultSessionId = "default-sessionid";
	public String getRequestedSessionId(HttpServletRequest request) {
		System.out.println("测试CAS_USER:"+request.getHeader("CAS_USER"));
		ValueOperations vops = redisTemplate.opsForValue();
		System.out.println("vops1:"+vops);
		String sessionid = request.getHeader("CAS_USER");
		System.out.println("redis中sessionid"+sessionid);
		 if (sessionid != null && !sessionid.equals("")) {
	            String jsessionid = vops.get(sessionid);
	            if(jsessionid!=null){
	               boolean flag =redisTemplate.expire(sessionid, 60*10, TimeUnit.SECONDS);
	               System.out.println("flag:"+flag);
	            }
	            return jsessionid;
	        } else {
	        	System.out.println("返回默认sessionid"+sessionid);
	            return vops.get(sessionid);
	        }
	}

	public void onNewSession(Session session, HttpServletRequest request,
			HttpServletResponse response) {
		String jsessionid = request.getHeader("CAS_USER");
		String sessionid = session.getId();
		System.out.println("创建sessionid:"+sessionid);
        ValueOperations vops = redisTemplate.opsForValue();
        System.out.println("创建sessionvops2:"+vops);
        if (jsessionid != null && !jsessionid.equals("")) {
            //保存xxx和sessionid映射关系
            vops.set(jsessionid, sessionid);
            boolean flag= redisTemplate.expire(jsessionid, 60*10, TimeUnit.SECONDS);
            System.out.println("flag:"+flag);
        }else{
            //没有传xxx时,保存为默认
            vops.set(jsessionid, sessionid);
            redisTemplate.expire(jsessionid, 60*10, TimeUnit.SECONDS);
        }
		response.setHeader(this.headerName, jsessionid);
	}

	public void onInvalidateSession(HttpServletRequest request,
			HttpServletResponse response) {
		System.out.println("注销session");
		String jsessionid = request.getHeader("CAS_USER");
	     redisTemplate.expire(jsessionid, 0, TimeUnit.SECONDS);
		response.setHeader(this.headerName, "");
	}

	/**
	 * The name of the header to obtain the session id from. Default is "x-auth-token".
	 *
	 * @param headerName the name of the header to obtain the session id from.
	 */
	public void setHeaderName(String headerName) {
		Assert.notNull(headerName, "headerName cannot be null");
		this.headerName = headerName;
	}
}




5: MyCookieHttpSessionStrategy();因为项目需要两个登陆入口,如果不使用nigix服务器,没有了请求头,就没有办法管理,所有就写了这个  保留了cookie的机制
package com.taibang.logisticsmanager.config;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.concurrent.TimeUnit;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.core.ValueOperations;
import org.springframework.session.Session;
import org.springframework.session.web.http.CookieHttpSessionStrategy;
import org.springframework.session.web.http.CookieSerializer;
import org.springframework.session.web.http.CookieSerializer.CookieValue;
import org.springframework.session.web.http.DefaultCookieSerializer;
import org.springframework.session.web.http.HttpSessionManager;
import org.springframework.session.web.http.MultiHttpSessionStrategy;
import org.springframework.util.Assert;
/**
 * 自定义策略,有请求头,从请求头读取sessionid信息,无请求头使用cookie的策略
 * @author Dream
 *
 */
public final class MyCookieHttpSessionStrategy implements MultiHttpSessionStrategy, HttpSessionManager{
	/**
	 * The default delimiter for both serialization and deserialization.
	 */
	
	private static final String DEFAULT_DELIMITER = " ";

	private static final String SESSION_IDS_WRITTEN_ATTR = MyCookieHttpSessionStrategy.class
			.getName().concat(".SESSIONS_WRITTEN_ATTR");

	static final String DEFAULT_ALIAS = "0";

	static final String DEFAULT_SESSION_ALIAS_PARAM_NAME = "_s";

	private static final Pattern ALIAS_PATTERN = Pattern.compile("^[\\w-]{1,50}$");

	private String sessionParam = DEFAULT_SESSION_ALIAS_PARAM_NAME;

	private CookieSerializer cookieSerializer = new DefaultCookieSerializer();

	/**
	 * The delimiter between a session alias and a session id when reading a cookie value.
	 * The default value is " ".
	 */
	private String deserializationDelimiter = DEFAULT_DELIMITER;

	/**
	 * The delimiter between a session alias and a session id when writing a cookie value.
	 * The default is " ".
	 */
	private String serializationDelimiter = DEFAULT_DELIMITER;
	private String headerName = "CAS_USER";//此处请求头名成可修改
	@Autowired
	private RedisTemplate redisTemplate;
	
	public String getRequestedSessionId(HttpServletRequest request) {
		ValueOperations vops = redisTemplate.opsForValue();
		String sessionid = request.getHeader("CAS_USER");
		 if (sessionid != null && !sessionid.equals("")) {
	            String jsessionid = vops.get(sessionid);
	            if(jsessionid!=null){
	               boolean flag =redisTemplate.expire(sessionid, 60*10, TimeUnit.SECONDS);
	            }
	            return jsessionid;
	        }
		Map sessionIds = getSessionIds(request);
		String sessionAlias = getCurrentSessionAlias(request);
		return sessionIds.get(sessionAlias);
	}

	public String getCurrentSessionAlias(HttpServletRequest request) {
		if (this.sessionParam == null) {
			return DEFAULT_ALIAS;
		}
		String u = request.getParameter(this.sessionParam);
		if (u == null) {
			return DEFAULT_ALIAS;
		}
		if (!ALIAS_PATTERN.matcher(u).matches()) {
			return DEFAULT_ALIAS;
		}
		return u;
	}

	public String getNewSessionAlias(HttpServletRequest request) {
		Set sessionAliases = getSessionIds(request).keySet();
		if (sessionAliases.isEmpty()) {
			return DEFAULT_ALIAS;
		}
		long lastAlias = Long.decode(DEFAULT_ALIAS);
		for (String alias : sessionAliases) {
			long selectedAlias = safeParse(alias);
			if (selectedAlias > lastAlias) {
				lastAlias = selectedAlias;
			}
		}
		return Long.toHexString(lastAlias + 1);
	}

	private long safeParse(String hex) {
		try {
			return Long.decode("0x" + hex);
		}
		catch (NumberFormatException notNumber) {
			return 0;
		}
	}

	public void onNewSession(Session session, HttpServletRequest request,
			HttpServletResponse response) {
		String jsessionid = request.getHeader("CAS_USER");
		String sessionid = session.getId();
        ValueOperations vops = redisTemplate.opsForValue();
        if (jsessionid != null && !jsessionid.equals("")) {
            //保存xxx和sessionid映射关系
            vops.set(jsessionid, sessionid);
            boolean flag= redisTemplate.expire(jsessionid, 60*10, TimeUnit.SECONDS);
            return;
        }
		
		Set sessionIdsWritten = getSessionIdsWritten(request);
		if (sessionIdsWritten.contains(session.getId())) {
			return;
		}
		sessionIdsWritten.add(session.getId());

		Map sessionIds = getSessionIds(request);
		String sessionAlias = getCurrentSessionAlias(request);
		sessionIds.put(sessionAlias, session.getId());

		String cookieValue = createSessionCookieValue(sessionIds);
		this.cookieSerializer
				.writeCookieValue(new CookieValue(request, response, cookieValue));
	}

	@SuppressWarnings("unchecked")
	private Set getSessionIdsWritten(HttpServletRequest request) {
		Set sessionsWritten = (Set) request
				.getAttribute(SESSION_IDS_WRITTEN_ATTR);
		if (sessionsWritten == null) {
			sessionsWritten = new HashSet();
			request.setAttribute(SESSION_IDS_WRITTEN_ATTR, sessionsWritten);
		}
		return sessionsWritten;
	}

	private String createSessionCookieValue(Map sessionIds) {
		if (sessionIds.isEmpty()) {
			return "";
		}
		if (sessionIds.size() == 1 && sessionIds.keySet().contains(DEFAULT_ALIAS)) {
			return sessionIds.values().iterator().next();
		}

		StringBuffer buffer = new StringBuffer();
		for (Map.Entry entry : sessionIds.entrySet()) {
			String alias = entry.getKey();
			String id = entry.getValue();

			buffer.append(alias);
			buffer.append(this.serializationDelimiter);
			buffer.append(id);
			buffer.append(this.serializationDelimiter);
		}
		buffer.deleteCharAt(buffer.length() - 1);
		return buffer.toString();
	}

	public void onInvalidateSession(HttpServletRequest request,
			HttpServletResponse response) {
		if(request.getHeader("CAS_USER")!=null) {
			String jsessionid = request.getHeader("CAS_USER");
		    redisTemplate.expire(jsessionid, 0, TimeUnit.SECONDS);
		}else {
			
			Map sessionIds = getSessionIds(request);
			String requestedAlias = getCurrentSessionAlias(request);
			sessionIds.remove(requestedAlias);
	
			String cookieValue = createSessionCookieValue(sessionIds);
			this.cookieSerializer
					.writeCookieValue(new CookieValue(request, response, cookieValue));
		}
	}
	public void setHeaderName(String headerName) {
		Assert.notNull(headerName, "headerName cannot be null");
		this.headerName = headerName;
	}
	/**
	 * Sets the name of the HTTP parameter that is used to specify the session alias. If
	 * the value is null, then only a single session is supported per browser.
	 *
	 * @param sessionAliasParamName the name of the HTTP parameter used to specify the
	 * session alias. If null, then ony a single session is supported per browser.
	 */
	public void setSessionAliasParamName(String sessionAliasParamName) {
		this.sessionParam = sessionAliasParamName;
	}

	/**
	 * Sets the {@link CookieSerializer} to be used.
	 *
	 * @param cookieSerializer the cookieSerializer to set. Cannot be null.
	 */
	public void setCookieSerializer(CookieSerializer cookieSerializer) {
		Assert.notNull(cookieSerializer, "cookieSerializer cannot be null");
		this.cookieSerializer = cookieSerializer;
	}

	/**
	 * Sets the name of the cookie to be used.
	 * @param cookieName the name of the cookie to be used
	 * @deprecated use {@link #setCookieSerializer(CookieSerializer)}
	 */
	@Deprecated
	public void setCookieName(String cookieName) {
		DefaultCookieSerializer serializer = new DefaultCookieSerializer();
		serializer.setCookieName(cookieName);
		this.cookieSerializer = serializer;
	}

	/**
	 * Sets the delimiter between a session alias and a session id when deserializing a
	 * cookie. The default is " " This is useful when using
	 * RFC 6265 for writing the cookies
	 * which doesn't allow for spaces in the cookie values.
	 *
	 * @param delimiter the delimiter to set (i.e. "_ " will try a delimeter of either "_"
	 * or " ")
	 */
	public void setDeserializationDelimiter(String delimiter) {
		this.deserializationDelimiter = delimiter;
	}

	/**
	 * Sets the delimiter between a session alias and a session id when deserializing a
	 * cookie. The default is " ". This is useful when using
	 * RFC 6265 for writing the cookies
	 * which doesn't allow for spaces in the cookie values.
	 *
	 * @param delimiter the delimiter to set (i.e. "_")
	 */
	public void setSerializationDelimiter(String delimiter) {
		this.serializationDelimiter = delimiter;
	}

	public Map getSessionIds(HttpServletRequest request) {
		List cookieValues = this.cookieSerializer.readCookieValues(request);
		String sessionCookieValue = cookieValues.isEmpty() ? ""
				: cookieValues.iterator().next();
		Map result = new LinkedHashMap();
		StringTokenizer tokens = new StringTokenizer(sessionCookieValue,
				this.deserializationDelimiter);
		if (tokens.countTokens() == 1) {
			result.put(DEFAULT_ALIAS, tokens.nextToken());
			return result;
		}
		while (tokens.hasMoreTokens()) {
			String alias = tokens.nextToken();
			if (!tokens.hasMoreTokens()) {
				break;
			}
			String id = tokens.nextToken();
			result.put(alias, id);
		}
		return result;
	}

	public HttpServletRequest wrapRequest(HttpServletRequest request,
			HttpServletResponse response) {
		request.setAttribute(HttpSessionManager.class.getName(), this);
		return request;
	}

	public HttpServletResponse wrapResponse(HttpServletRequest request,
			HttpServletResponse response) {
		return new MultiSessionHttpServletResponse(response, request);
	}

	public String encodeURL(String url, String sessionAlias) {
		String encodedSessionAlias = urlEncode(sessionAlias);
		int queryStart = url.indexOf("?");
		boolean isDefaultAlias = DEFAULT_ALIAS.equals(encodedSessionAlias);
		if (queryStart < 0) {
			return isDefaultAlias ? url
					: url + "?" + this.sessionParam + "=" + encodedSessionAlias;
		}
		String path = url.substring(0, queryStart);
		String query = url.substring(queryStart + 1, url.length());
		String replacement = isDefaultAlias ? "" : "$1" + encodedSessionAlias;
		query = query.replaceFirst("((^|&)" + this.sessionParam + "=)([^&]+)?",
				replacement);
		String sessionParamReplacement = String.format("%s=%s", this.sessionParam,
				encodedSessionAlias);

		if (!isDefaultAlias && !query.contains(sessionParamReplacement)
				&& url.endsWith(query)) {
			// no existing alias
			if (!(query.endsWith("&") || query.length() == 0)) {
				query += "&";
			}
			query += sessionParamReplacement;
		}

		return path + "?" + query;
	}

	private String urlEncode(String value) {
		try {
			return URLEncoder.encode(value, "UTF-8");
		}
		catch (UnsupportedEncodingException e) {
			throw new RuntimeException(e);
		}
	}

	/**
	 * A {@link CookieHttpSessionStrategy} aware {@link HttpServletResponseWrapper}.
	 */
	class MultiSessionHttpServletResponse extends HttpServletResponseWrapper {
		private final HttpServletRequest request;

		MultiSessionHttpServletResponse(HttpServletResponse response,
				HttpServletRequest request) {
			super(response);
			this.request = request;
		}

		private String getCurrentSessionAliasFromUrl(String url) {
			String currentSessionAliasFromUrl = null;
			int queryStart = url.indexOf("?");

			if (queryStart >= 0) {
				String query = url.substring(queryStart + 1);
				Matcher matcher = Pattern
						.compile(String.format("%s=([^&]+)",
								MyCookieHttpSessionStrategy.this.sessionParam))
						.matcher(query);

				if (matcher.find()) {
					currentSessionAliasFromUrl = matcher.group(1);
				}
			}

			return currentSessionAliasFromUrl;
		}

		@Override
		public String encodeRedirectURL(String url) {
			String encodedUrl = super.encodeRedirectURL(url);
			String currentSessionAliasFromUrl = getCurrentSessionAliasFromUrl(encodedUrl);
			String alias = (currentSessionAliasFromUrl != null)
					? currentSessionAliasFromUrl : getCurrentSessionAlias(this.request);

			return MyCookieHttpSessionStrategy.this.encodeURL(encodedUrl, alias);
		}

		@Override
		public String encodeURL(String url) {
			String encodedUrl = super.encodeURL(url);
			String currentSessionAliasFromUrl = getCurrentSessionAliasFromUrl(encodedUrl);
			String alias = (currentSessionAliasFromUrl != null)
					? currentSessionAliasFromUrl : getCurrentSessionAlias(this.request);

			return MyCookieHttpSessionStrategy.this.encodeURL(encodedUrl, alias);
		}
	}

}
3.最终还是把问题解决,这个是某智教育公司的nigix服务器,人家就是不转发cookie,人后把我们项目所有人都坑了,还以为是我们自己代码有问题,第一次写博客,大神勿喷,多多指教。
4.在这位仁兄的博客上也学习到了很多     http://blog.csdn.net/qq351790934/article/details/54930049



你可能感兴趣的:(java,springboot,springsession,redis,nigix)