Spring Security+JWT+OAuth2实现同一账号重复登录时第一次登陆成功的强制下线(包括多平台使用同一个登陆系统的)

最新推荐文章于 2024-06-07 14:53:32 发布
转载 最新推荐文章于 2024-06-07 14:53:32 发布 · 2.6k 阅读 · 7 ·
CC 4.0 BY-SA版权
原文链接:https://blog.youkuaiyun.com/m0_53559551/article/details/118567486
文章标签:

#spring security #oauth2

本文分享了如何在Spring Security框架中通过重写DefaultTokenServices的createAccessToken方法,实现在单平台或多平台环境下,当同一账号重复登录时强制下线旧登录的问题。详细步骤包括检查并处理过期和重复的token,以及在OAuth2AuthorizationServerConfig中的配置调整。

引言
我们后台项目是用Spring Security+JWT+OAuth2做的安全框架,现在有个需求就是同一账号重复登录时第一次登陆成功的强制下线。尝试了很多方法无果,当时真的是被弄得焦头烂额了。最后功夫不负有心人找到了解决方案,下面跟大家分享下。

单平台
具体实现方案就是重写DefaultTokenServices的createAccessToken方法(下发token的方法)
虽说是重写但是我们新建了一个SingleTokenServices类,将DefaultTokenServices中的方法复制过来,该实现的类也实现,只需要修改createAccessToken方法即可。

 OAuth2AccessToken existingAccessToken = tokenStore.getAccessToken(authentication);
        OAuth2RefreshToken refreshToken = null;
        if (existingAccessToken != null) {
            if (existingAccessToken.isExpired()) {
                if (existingAccessToken.getRefreshToken() != null) {
                    refreshToken = existingAccessToken.getRefreshToken();
                    tokenStore.removeRefreshToken(refreshToken);
                }
            }
            refreshToken = existingAccessToken.getRefreshToken();
            tokenStore.removeRefreshToken(refreshToken);
            tokenStore.removeAccessToken(existingAccessToken);
        }
        refreshToken = createRefreshToken(authentication);
        if (refreshToken instanceof ExpiringOAuth2RefreshToken) {
            ExpiringOAuth2RefreshToken expiring = (ExpiringOAuth2RefreshToken) refreshToken;
            if (System.currentTimeMillis() > expiring.getExpiration().getTime()) {
                refreshToken = createRefreshToken(authentication);
            }
        }
        OAuth2AccessToken accessToken = createAccessToken(authentication, refreshToken);
        tokenStore.storeAccessToken(accessToken, authentication);
        refreshToken = accessToken.getRefreshToken();
        if (refreshToken != null) {
            tokenStore.storeRefreshToken(refreshToken, authentication);
        }
        return accessToken;

最后在你的OAuth2AuthorizationServerConfig类中也要进行一些改动才能生效(**endpoints.tokenServices(tokenServices(endpoints))**是关键),下面列出关键代码。

 @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
        // 设置错误转换
        endpoints.exceptionTranslator(new OAuth2ExceptionTranslator());
        //加入关键代码
        endpoints.tokenServices(tokenServices(endpoints));
        JwtAccessTokenConverter tokenConverter = new OAuth2JwtAccessTokenConverter(userDetailsService);
        // 设置token相关配置
        endpoints.reuseRefreshTokens(false) // 不复用refreshToken 每次刷新token之后返回一个新的accessToken和refreshToken
                .accessTokenConverter(tokenConverter) // 使用Jwt
                .userDetailsService(userDetailsService); // refresh_token时会用到该服务的loadUserByUsername方法

        // 追加自定义的granter
        List<TokenGranter> tokenGranters = new ArrayList<>();
        tokenGranters.add(new OAuth2LoginGranter(
                endpoints.getTokenServices(),
                endpoints.getClientDetailsService(),
                endpoints.getOAuth2RequestFactory(),
                userDetailsService,
                endpoints.getTokenStore()
        ));
        tokenGranters.add(endpoints.getTokenGranter());
        endpoints.tokenGranter(new CompositeTokenGranter(tokenGranters));
    }
    
    @Bean("tokenStore")
    public TokenStore tokenStore() {
        //使用redis的tokenStore,令牌(Access Token)会保存到内存
        return new RedisTokenStore(redisTemplate.getConnectionFactory());
    }

    private SingleTokenServices tokenServices(AuthorizationServerEndpointsConfigurer endpoints) {
        SingleTokenServices tokenServices = new SingleTokenServices();
        tokenServices.setTokenStore(tokenStore());
        tokenServices.setSupportRefreshToken(true);//支持刷新token
        tokenServices.setReuseRefreshToken(true);
        tokenServices.setClientDetailsService(endpoints.getClientDetailsService());
        tokenServices.setTokenEnhancer(endpoints.getTokenEnhancer());
        addUserDetailsService(tokenServices, this.userDetailsService);
        return tokenServices;
    }

    private void addUserDetailsService(SingleTokenServices tokenServices, UserDetailsService userDetailsService) {
        if (userDetailsService != null) {
            PreAuthenticatedAuthenticationProvider provider = new PreAuthenticatedAuthenticationProvider();
            provider.setPreAuthenticatedUserDetailsService(new UserDetailsByNameServiceWrapper<>(
                    userDetailsService));
            tokenServices.setAuthenticationManager(new ProviderManager(Arrays.asList(provider)));
        }
    }

多平台
具体是指多平台共用一个登陆系统,比如我们的后台有审核后台和管理后台但是公用的是一套代码。解决方案依旧是重写DefaultTokenServices类的createAccessToken方法,介于这种玩法比较少我就直接上代码了。

package com.duanbo.server.oms.oauth2;

import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.common.*;
import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
import org.springframework.security.oauth2.common.exceptions.InvalidScopeException;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.provider.*;
import org.springframework.security.oauth2.provider.token.*;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.Assert;

import java.util.Date;
import java.util.Set;
import java.util.UUID;


public class SingleTokenServices implements AuthorizationServerTokenServices, ResourceServerTokenServices,
        ConsumerTokenServices, InitializingBean {
    private int refreshTokenValiditySeconds = 60 * 60 * 24 * 30; // default 30 days.

    private int accessTokenValiditySeconds = 60 * 60 * 12; // default 12 hours.

    private boolean supportRefreshToken = false;

    private boolean reuseRefreshToken = true;

    private TokenStore tokenStore;

    private ClientDetailsService clientDetailsService;

    private TokenEnhancer accessTokenEnhancer;

    private AuthenticationManager authenticationManager;

    /**
     * Initialize these token services. If no random generator is set, one will be created.
     */
    public void afterPropertiesSet() throws Exception {
        Assert.notNull(tokenStore, "tokenStore must be set");
    }

    @Transactional
    public OAuth2AccessToken createAccessToken(OAuth2Authentication authentication) throws AuthenticationException {
        //获取当前登录人的信息
        OAuth2UserDetails principal = (OAuth2UserDetails) authentication.getUserAuthentication().getPrincipal();
        //如果当前的ClientId()为audit,并且当前登录的ClientId()和用户id与tokenStore中储存的对应
        if (authentication.getOAuth2Request().getClientId().equals("audit") && tokenStore.findTokensByClientIdAndUserName("audit", "account_password:" + principal.getId()).size() != 0) {
            return reAccessToken(authentication);
        } else if (authentication.getOAuth2Request().getClientId().equals("management") && tokenStore.findTokensByClientIdAndUserName("management", "account_password:" + principal.getId()).size() != 0) {
            return reAccessToken(authentication);
        } else {
            return firstAccessToken(authentication);
        }

    }

    public OAuth2AccessToken reAccessToken(OAuth2Authentication authentication) {
        OAuth2AccessToken existingAccessToken = tokenStore.getAccessToken(authentication);
        OAuth2RefreshToken refreshToken = null;
        if (existingAccessToken != null) {
            if (existingAccessToken.isExpired()) {
                if (existingAccessToken.getRefreshToken() != null) {
                    refreshToken = existingAccessToken.getRefreshToken();
                    tokenStore.removeRefreshToken(refreshToken);
                }
            }
            refreshToken = existingAccessToken.getRefreshToken();
            tokenStore.removeRefreshToken(refreshToken);
            tokenStore.removeAccessToken(existingAccessToken);
        }
        refreshToken = createRefreshToken(authentication);
        if (refreshToken instanceof ExpiringOAuth2RefreshToken) {
            ExpiringOAuth2RefreshToken expiring = (ExpiringOAuth2RefreshToken) refreshToken;
            if (System.currentTimeMillis() > expiring.getExpiration().getTime()) {
                refreshToken = createRefreshToken(authentication);
            }
        }
        OAuth2AccessToken accessToken = createAccessToken(authentication, refreshToken);
        tokenStore.storeAccessToken(accessToken, authentication);
        refreshToken = accessToken.getRefreshToken();
        if (refreshToken != null) {
            tokenStore.storeRefreshToken(refreshToken, authentication);
        }
        return accessToken;
    }

    public OAuth2AccessToken firstAccessToken(OAuth2Authentication authentication) {
        OAuth2AccessToken existingAccessToken = tokenStore.getAccessToken(authentication);
        OAuth2RefreshToken refreshToken = null;
        if (existingAccessToken != null) {
            if (existingAccessToken.isExpired()) {
                if (existingAccessToken.getRefreshToken() != null) {
                    refreshToken = existingAccessToken.getRefreshToken();
                    // The token store could remove the refresh token when the
                    // access token is removed, but we want to
                    // be sure...
                    tokenStore.removeRefreshToken(refreshToken);
                }
                tokenStore.removeAccessToken(existingAccessToken);
            } else {
                // Re-store the access token in case the authentication has changed
                tokenStore.storeAccessToken(existingAccessToken, authentication);
                return existingAccessToken;
            }
        }

        // Only create a new refresh token if there wasn't an existing one
        // associated with an expired access token.
        // Clients might be holding existing refresh tokens, so we re-use it in
        // the case that the old access token
        // expired.
        if (refreshToken == null) {
            refreshToken = createRefreshToken(authentication);
        }
        // But the refresh token itself might need to be re-issued if it has
        // expired.
        else if (refreshToken instanceof ExpiringOAuth2RefreshToken) {
            ExpiringOAuth2RefreshToken expiring = (ExpiringOAuth2RefreshToken) refreshToken;
            if (System.currentTimeMillis() > expiring.getExpiration().getTime()) {
                refreshToken = createRefreshToken(authentication);
            }
        }

        OAuth2AccessToken accessToken = createAccessToken(authentication, refreshToken);
        tokenStore.storeAccessToken(accessToken, authentication);
        // In case it was modified
        refreshToken = accessToken.getRefreshToken();
        if (refreshToken != null) {
            tokenStore.storeRefreshToken(refreshToken, authentication);
        }
        return accessToken;
    }

    @Transactional(noRollbackFor = {InvalidTokenException.class, InvalidGrantException.class})
    public OAuth2AccessToken refreshAccessToken(String refreshTokenValue, TokenRequest tokenRequest)
            throws AuthenticationException {

        if (!supportRefreshToken) {
            throw new InvalidGrantException("Invalid refresh token: " + refreshTokenValue);
        }

        OAuth2RefreshToken refreshToken = tokenStore.readRefreshToken(refreshTokenValue);
        if (refreshToken == null) {
            throw new InvalidGrantException("Invalid refresh token: " + refreshTokenValue);
        }

        OAuth2Authentication authentication = tokenStore.readAuthenticationForRefreshToken(refreshToken);
        if (this.authenticationManager != null && !authentication.isClientOnly()) {
            // The client has already been authenticated, but the user authentication might be old now, so give it a
            // chance to re-authenticate.
            Authentication user = new PreAuthenticatedAuthenticationToken(authentication.getUserAuthentication(), "", authentication.getAuthorities());
            user = authenticationManager.authenticate(user);
            Object details = authentication.getDetails();
            authentication = new OAuth2Authentication(authentication.getOAuth2Request(), user);
            authentication.setDetails(details);
        }
        String clientId = authentication.getOAuth2Request().getClientId();
        if (clientId == null || !clientId.equals(tokenRequest.getClientId())) {
            throw new InvalidGrantException("Wrong client for this refresh token: " + refreshTokenValue);
        }

        // clear out any access tokens already associated with the refresh
        // token.
        tokenStore.removeAccessTokenUsingRefreshToken(refreshToken);

        if (isExpired(refreshToken)) {
            tokenStore.removeRefreshToken(refreshToken);
            throw new InvalidTokenException("Invalid refresh token (expired): " + refreshToken);
        }

        authentication = createRefreshedAuthentication(authentication, tokenRequest);

        if (!reuseRefreshToken) {
            tokenStore.removeRefreshToken(refreshToken);
            refreshToken = createRefreshToken(authentication);
        }

        OAuth2AccessToken accessToken = createAccessToken(authentication, refreshToken);
        tokenStore.storeAccessToken(accessToken, authentication);
        if (!reuseRefreshToken) {
            tokenStore.storeRefreshToken(accessToken.getRefreshToken(), authentication);
        }
        return accessToken;
    }

    public OAuth2AccessToken getAccessToken(OAuth2Authentication authentication) {
        return tokenStore.getAccessToken(authentication);
    }

    /**
     * Create a refreshed authentication.
     *
     * @param authentication The authentication.
     * @param request        The scope for the refreshed token.
     * @return The refreshed authentication.
     * @throws InvalidScopeException If the scope requested is invalid or wider than the original scope.
     */
    private OAuth2Authentication createRefreshedAuthentication(OAuth2Authentication authentication, TokenRequest request) {
        OAuth2Authentication narrowed = authentication;
        Set<String> scope = request.getScope();
        OAuth2Request clientAuth = authentication.getOAuth2Request().refresh(request);
        if (scope != null && !scope.isEmpty()) {
            Set<String> originalScope = clientAuth.getScope();
            if (originalScope == null || !originalScope.containsAll(scope)) {
                throw new InvalidScopeException("Unable to narrow the scope of the client authentication to " + scope
                        + ".", originalScope);
            } else {
                clientAuth = clientAuth.narrowScope(scope);
            }
        }
        narrowed = new OAuth2Authentication(clientAuth, authentication.getUserAuthentication());
        return narrowed;
    }

    protected boolean isExpired(OAuth2RefreshToken refreshToken) {
        if (refreshToken instanceof ExpiringOAuth2RefreshToken) {
            ExpiringOAuth2RefreshToken expiringToken = (ExpiringOAuth2RefreshToken) refreshToken;
            return expiringToken.getExpiration() == null
                    || System.currentTimeMillis() > expiringToken.getExpiration().getTime();
        }
        return false;
    }

    public OAuth2AccessToken readAccessToken(String accessToken) {
        return tokenStore.readAccessToken(accessToken);
    }

    public OAuth2Authentication loadAuthentication(String accessTokenValue) throws AuthenticationException,
            InvalidTokenException {
        OAuth2AccessToken accessToken = tokenStore.readAccessToken(accessTokenValue);
        if (accessToken == null) {
            throw new InvalidTokenException("Invalid access token: " + accessTokenValue);
        } else if (accessToken.isExpired()) {
            tokenStore.removeAccessToken(accessToken);
            throw new InvalidTokenException("Access token expired: " + accessTokenValue);
        }

        OAuth2Authentication result = tokenStore.readAuthentication(accessToken);
        if (result == null) {
            // in case of race condition
            throw new InvalidTokenException("Invalid access token: " + accessTokenValue);
        }
        if (clientDetailsService != null) {
            String clientId = result.getOAuth2Request().getClientId();
            try {
                clientDetailsService.loadClientByClientId(clientId);
            } catch (ClientRegistrationException e) {
                throw new InvalidTokenException("Client not valid: " + clientId, e);
            }
        }
        return result;
    }

    public String getClientId(String tokenValue) {
        OAuth2Authentication authentication = tokenStore.readAuthentication(tokenValue);
        if (authentication == null) {
            throw new InvalidTokenException("Invalid access token: " + tokenValue);
        }
        OAuth2Request clientAuth = authentication.getOAuth2Request();
        if (clientAuth == null) {
            throw new InvalidTokenException("Invalid access token (no client id): " + tokenValue);
        }
        return clientAuth.getClientId();
    }

    public boolean revokeToken(String tokenValue) {
        OAuth2AccessToken accessToken = tokenStore.readAccessToken(tokenValue);
        if (accessToken == null) {
            return false;
        }
        if (accessToken.getRefreshToken() != null) {
            tokenStore.removeRefreshToken(accessToken.getRefreshToken());
        }
        tokenStore.removeAccessToken(accessToken);
        return true;
    }

    private OAuth2RefreshToken createRefreshToken(OAuth2Authentication authentication) {
        if (!isSupportRefreshToken(authentication.getOAuth2Request())) {
            return null;
        }
        int validitySeconds = getRefreshTokenValiditySeconds(authentication.getOAuth2Request());
        String value = UUID.randomUUID().toString();
        if (validitySeconds > 0) {
            return new DefaultExpiringOAuth2RefreshToken(value, new Date(System.currentTimeMillis()
                    + (validitySeconds * 1000L)));
        }
        return new DefaultOAuth2RefreshToken(value);
    }

    private OAuth2AccessToken createAccessToken(OAuth2Authentication authentication, OAuth2RefreshToken refreshToken) {
        DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken(UUID.randomUUID().toString());
        int validitySeconds = getAccessTokenValiditySeconds(authentication.getOAuth2Request());
        if (validitySeconds > 0) {
            token.setExpiration(new Date(System.currentTimeMillis() + (validitySeconds * 1000L)));
        }
        token.setRefreshToken(refreshToken);
        token.setScope(authentication.getOAuth2Request().getScope());

        return accessTokenEnhancer != null ? accessTokenEnhancer.enhance(token, authentication) : token;
    }

    /**
     * The access token validity period in seconds
     *
     * @param clientAuth the current authorization request
     * @return the access token validity period in seconds
     */
    protected int getAccessTokenValiditySeconds(OAuth2Request clientAuth) {
        if (clientDetailsService != null) {
            ClientDetails client = clientDetailsService.loadClientByClientId(clientAuth.getClientId());
            Integer validity = client.getAccessTokenValiditySeconds();
            if (validity != null) {
                return validity;
            }
        }
        return accessTokenValiditySeconds;
    }

    /**
     * The refresh token validity period in seconds
     *
     * @param clientAuth the current authorization request
     * @return the refresh token validity period in seconds
     */
    protected int getRefreshTokenValiditySeconds(OAuth2Request clientAuth) {
        if (clientDetailsService != null) {
            ClientDetails client = clientDetailsService.loadClientByClientId(clientAuth.getClientId());
            Integer validity = client.getRefreshTokenValiditySeconds();
            if (validity != null) {
                return validity;
            }
        }
        return refreshTokenValiditySeconds;
    }

    /**
     * Is a refresh token supported for this client (or the global setting if
     * {@link #setClientDetailsService(ClientDetailsService) clientDetailsService} is not set.
     *
     * @param clientAuth the current authorization request
     * @return boolean to indicate if refresh token is supported
     */
    protected boolean isSupportRefreshToken(OAuth2Request clientAuth) {
        if (clientDetailsService != null) {
            ClientDetails client = clientDetailsService.loadClientByClientId(clientAuth.getClientId());
            return client.getAuthorizedGrantTypes().contains("refresh_token");
        }
        return this.supportRefreshToken;
    }

    /**
     * An access token enhancer that will be applied to a new token before it is saved in the token store.
     *
     * @param accessTokenEnhancer the access token enhancer to set
     */
    public void setTokenEnhancer(TokenEnhancer accessTokenEnhancer) {
        this.accessTokenEnhancer = accessTokenEnhancer;
    }

    /**
     * The validity (in seconds) of the refresh token. If less than or equal to zero then the tokens will be
     * non-expiring.
     *
     * @param refreshTokenValiditySeconds The validity (in seconds) of the refresh token.
     */
    public void setRefreshTokenValiditySeconds(int refreshTokenValiditySeconds) {
        this.refreshTokenValiditySeconds = refreshTokenValiditySeconds;
    }

    /**
     * The default validity (in seconds) of the access token. Zero or negative for non-expiring tokens. If a client
     * details service is set the validity period will be read from the client, defaulting to this value if not defined
     * by the client.
     *
     * @param accessTokenValiditySeconds The validity (in seconds) of the access token.
     */
    public void setAccessTokenValiditySeconds(int accessTokenValiditySeconds) {
        this.accessTokenValiditySeconds = accessTokenValiditySeconds;
    }

    /**
     * Whether to support the refresh token.
     *
     * @param supportRefreshToken Whether to support the refresh token.
     */
    public void setSupportRefreshToken(boolean supportRefreshToken) {
        this.supportRefreshToken = supportRefreshToken;
    }

    /**
     * Whether to reuse refresh tokens (until expired).
     *
     * @param reuseRefreshToken Whether to reuse refresh tokens (until expired).
     */
    public void setReuseRefreshToken(boolean reuseRefreshToken) {
        this.reuseRefreshToken = reuseRefreshToken;
    }

    /**
     * The persistence strategy for token storage.
     *
     * @param tokenStore the store for access and refresh tokens.
     */
    public void setTokenStore(TokenStore tokenStore) {
        this.tokenStore = tokenStore;
    }

    /**
     * An authentication manager that will be used (if provided) to check the user authentication when a token is
     * refreshed.
     *
     * @param authenticationManager the authenticationManager to set
     */
    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    /**
     * The client details service to use for looking up clients (if necessary). Optional if the access token expiry is
     * set globally via {@link #setAccessTokenValiditySeconds(int)}.
     *
     * @param clientDetailsService the client details service
     */
    public void setClientDetailsService(ClientDetailsService clientDetailsService) {
        this.clientDetailsService = clientDetailsService;
    }
}

而OAuth2AuthorizationServerConfig类跟单平台的操作一样。其中audit和management对应的是OAuth2AuthorizationServerConfig类中的方法,请看下面的代码。

 @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        // TODO: 提高密码安全级别
        // TODO: 为前端重新配置一个账号密码
        clients.inMemory()
                .withClient("management")
                .secret(passwordEncoder().encode(""))
                .authorizedGrantTypes("refresh_token", OAuth2LoginGranter.GRANT_TYPE)
                .scopes("ALL")
                .accessTokenValiditySeconds(604800)
                .refreshTokenValiditySeconds(2592000)
                .and()
                .withClient("audit")
                .secret(passwordEncoder().encode(""))
                .authorizedGrantTypes("refresh_token", OAuth2LoginGranter.GRANT_TYPE)
                .scopes("ALL")
                .accessTokenValiditySeconds(604800)
                .refreshTokenValiditySeconds(2592000);
    }
详解比springSecurity和shiro更简单优雅的轻量级Sa-Token框架,比如登录认证,权限认证,单点登录,OAuth2.0,分布式Session会话,微服务网关鉴权
念兮为美
08-30 5135
详解比springSecurity和shiro更简单优雅的轻量级Sa-Token框架,比如登录认证,权限认证,单点登录,OAuth2.0,分布式Session会话,微服务网关鉴权。演示SpringBoot集成Sa-Token和Spring WebFlux集成Sa-Token这两个常用的开发框架。......
SpringSecurity+ oauth2实现账号多端同登录
银魄清辉自夜凝的博客
02-28 8137
问题复现 项目中使用了app+ pc+ 小程序,当用户同登录app+pc 其中一端会被挤下线。 出现原因 我们使用的是redis存储token,由于redis生token算法原因,多端登录返回同一个token,导致另外一端被挤下线,出现文章开头的情况。 下图就是security基于redis生成token的方式 可见:extractKey方法中使用values去生成token,多端登录参数进入values都一样 所以我们只需要重写token生成规则即可。 解决方式:重写token生成规则
OAuth2.0用refresh_token更新access_token令牌
张俊杰 的博客
02-07 7972
概述 使用oauth2,如果令牌失效了,可以使用刷新令牌通过refresh_token的授权模式再次获取access_token。只需修改认证服务器的配置,添加refresh_token的授权模式即可。 修改授权服务器配置,增加refresh_token配置 ​ @Autowired private UserService userService; @Override public void configure(AuthorizationServerEndpointsConfigurer endpoint
SpringBoot集成SpringSecurity5和OAuth2 — 5、OAuth2集成JWT
Mr_XiMu的博客
06-08 3034
SpringBoot集成SpringSecurity5和OAuth2 — 5、OAuth2集成JWT
基于OAuth2查询在线用户及强退用户
Mervyn的博客
08-10 2542
基于OAuth2查询在线用户及强退用户 场景 最近工作的项目需要做认证授权、限制授权登录用户。 需要统计当前在线用户数,及强退指定用户。 效果 实现 获取所有在线用户 登录后,OAuth2会向Redis存放用户的token信息,键是token值,值是OAuth2的认证对象。 实现思路:从Redis中获取所有的token值,及通过RedisTokenStore获取到OAuth2的认证对象。 /** * VO */ @Data @AllArgsConstructor @NoArgsConstructor
springboot实现一个账号只能登录一个设备,其他设备登录登录之前登录账号强制下线
最新发布
2301_80333628的博客
06-07 2068
这里每次登录候不仅会将token返回给前端,同也会将token存到数据库里。目的就是通过对token的比较判断用户是否已经登录,如果数据库里有token,并且数据库里的token和此次登录的token不一致,说明已经有用户登录过了,此次登录候就会更新数据库里的token,之前登录的用户的登录状态就会失效了。因为没有使用redis,使用jwt生成的token也不会存在redis,将登录信息生成token,将生成的token以及用户信息一并返回给前端,前端每次访问后端的接口都会携带token过来。
Spring Security OAuth2 实现登录互踢的示例代码
08-19
Spring Security OAuth2 实现登录互踢的示例代码 Spring Security OAuth2 是一个基于 OAuth2 协议的身份验证框架,提供了丰富的身份验证机制和授权机制。本文主要介绍了 Spring Security OAuth2 实现登录互踢的示例...
开发笔记 | 认证授权+Spring Security+OAuth2快速学习笔记
qq_37630282的博客
07-18 2669
认证授权+Spring Security+OAuth2学习笔记
深入理解Spring Cloud Security OAuth2JWT
11-14 1263
https://www.jianshu.com/p/cb886f995e86 因项目需要,需要和三方的oauth2服务器进行集成。网上关于spring cloud security oauth2的相关资料,一般都是讲如何配置,而能把这块原理讲透彻的比较少,这边自己做一下总结和整理,顺带介绍一下JWT使用场景。 什么是OAuth2OAuth2是一个关于授权的开放标准,核心思路是通过各...
Day238.shiro和SpringSecurity对比、HttpBasic&formLogin模式登陆认证模式、自定义登陆验证结果处理等 -springsecurity-jwt-oauth2
阿昌爱Java
04-04 2211
1、spring-security简介并与shiro对比 一、 SpringSecurity 框架简介 官网:https://projects.spring.io/spring-security/ 源代码: https://github.com/spring-projects/spring-security/ Spring Security 是强大的,且容易定制的,基于Spring开发的实现认证登录与资源授权的应用安全框架。 SpringSecurity 的核心功能: Authentication:身份认
Python-kong网关的JWT插件含踢下线功能
08-10
实现Jwt拦截,登录调用第三方登录接口。登录后会生成JWT-token,把返回的jwt-token放入hearder里面,下次请求插件会解析出加密前的登录信息,放入hearder里面,然后再访问相应的业务系统
解决重复登陆问题
08-05
解决重复登陆问题@@@@@@
Spring Security 强制退出指定用户
十步杀一人-千里不留行
04-20 5516
应用场景最近社区总有人发文章带上小广告,严重影响社区氛围,好气!对于这种类型的用户,就该永久拉黑!社区的安全框架使用了 spring-security 和 spring-session,登录状态 30 天有效,session 信息是存在 redis 中,如何优雅地处理这些不老实的用户呢?首先,简单划分下用户的权限:管理员(ROLE_MANAGER):基本操作 + 管理操作普通用户(ROLE_USE...
SpringMvc实现一个账号只能在一个地方登陆,其他地方强制下线
热门推荐
alan_liuyue的博客
08-28 1万+
一.前言 在处理项目登录问题的候,为了账号的安全性以及信息的同步性,有我们需要做到同一个账户只允许在一处地方登录,如果一个账户在一个处地方登录之后,之后在另一个地方也使用同一个账户登录,则前一个登录的账户就强制下线; 做到这种效果的方式有很多种,比如使用redis、memcache等缓存机制就能轻松实现分布式状态下,控制账户登录的单一性; 本篇博客主要讲解的是在不用redis等缓存机...
SpringBoot+Redis 防止用户重复登录
weixin_43165220的博客
09-01 5266
防止用户重复登录,在redis中存储登录信息有两种方式:第一种是以用户名作为redis的key,用户信息作为value,用户信息里面包含了token;第二种是用户名和token分别为key,用户名对应的value是用户信息,token对应的value是用户名。...
jwt+shiro实现登录强制下线
myllxy
04-16 2485
其实这个东西你只需要在登录候重新刷新accessToken和refreshToken就行了,因为所有的请求都会携带accessToken和refreshToken,并且都会走shiro的请求拦截器,我在这个shiro请求拦截器中对这两个token做比较,如果refreshToken过期了(不相同就代表过期)的话就直接让前端跳转登录页面就行了 登录: @Override publ...
springsecurity 实现强制用户下线-前后端分离
渣渣飞的博客
10-07 6103
强制用户下线前言设计思路查找资料自己手写缓存过滤器HttpSession监听器强制用户下线结尾 前言 最近相对较忙,没有更新博客,正值假期,赶紧抽空写两篇。也是遇到的项目上的需求:管理员变更了用户的权限,但是用户如果系统在线的话,有些权限功能仍旧可以使用。对此,强制用户下线的需求来了。括弧:由于系统预期为一对一的单服务系统,没有使用redis做缓存。所以对强制用户下线的功能带来了一些麻烦。 设计思...
springsecurity-获取在线用户与强制用户下线
HAN_789的博客
06-15 1483
springsecurity-获取在线用户与强制用户下线
SpringBoot整合SecurityJWT实现单点登录
Spring Boot 为基础,深度整合 Spring Security 的认证授权能力,采用 JWT 实现轻量级、跨域的身份凭证传递,利用 Redis 解决 token 生命周期管理难题,并扩展支持短信验证码登录等多种认证入口,最终达成一个安全、...
评论
成就一亿技术人!
拼手气红包6.0元
还能输入1000个字符
 
红包 添加红包
表情包 插入表情
表情包 代码片
 条评论被折叠 查看
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值