使用场景:
管理员修改用户权限信息后,需要将用户强制下线,重新登陆以获取最新权限。
由于并不需要记录用户的其他信息,所以我使用了一个静态对象来管理用户相关的session.
处理逻辑
1.用户登录时记录用户session信息到一个静态对象中。
@RequestMapping(value = "/success")
@ResponseBody
public Result<List<String>> success(HttpServletRequest request, HttpServletResponse response){
SessionUtil.putSession(request);//管理用户session
Collection<SimpleGrantedAuthority> authorities = (Collection<SimpleGrantedAuthority>) SecurityContextHolder.getContext().getAuthentication().getAuthorities();
LinkedList<String> roles = new LinkedList<>();
for (SimpleGrantedAuthority auth : authorities) roles.add(auth.getAuthority());
final Cookie[] cookies = request.getCookies();
if (null != cookies) {
for (Cookie c : cookies) {
if ("JSESSIONID".equalsIgnoreCase(c.getName())) {
c.setValue(c.getValue()+";SameSite=None;Secure");
}
}
}
return new Result<List<String>>(Result.SUCCESS, "登录成功", roles);
}
登录用户session管理类实现【允许一个账号登录多次】
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.util.*;
public class SessionUtil {
private static Map<String,List<HttpSession>> sessionMap = new HashMap<>();
/**
* 保存session
* @param request
*/
public static void putSession(HttpServletRequest request) {
String username = request.getParameter("username");
//获取session
HttpSession session = request.getSession();
List<HttpSession> sessionList = sessionMap.get(username);
if (sessionList==null) {
sessionList = new ArrayList<>();
sessionList.add(session);
} else {
if (!sessionList.contains(session)){
sessionList.add(session);
}
}
sessionMap.put(username,sessionList);
CacheUtil.putStatus(username,false);//用户缓存状态初始化
}
/**
* 将销毁的session从Map中移除
* @param username
*/
public static void moveSession(String username){
sessionMap.remove(username);
}
/**
* 清除session
* @param username
*/
public static void destroyedSession(String username){
List<HttpSession> sessionList=sessionMap.get(username);
if (sessionList!=null) {
for (HttpSession session:sessionList) {
session.invalidate();
}
moveSession(username);
}
}
/**
* 清除所有登录session
*/
public static void destroyedAllSession(){
for (String username:sessionMap.keySet()) {
List<HttpSession> sessionList=sessionMap.get(username);
for (HttpSession session:sessionList) {
session.invalidate();
}
moveSession(username);
}
}
}
2.修改用户信息后执行用户下线操作SessionUtil.destroyedSession(user.getUsername());
@PostMapping(value = "/update")
@ResponseBody
public Result update(@RequestBody @Validated UserDTO userDTO){
User user = userService.findUser(userDTO.getId());
List<Role> userRoleList = new ArrayList<>();
if (userDTO.getRole().isArray()){
for (JsonNode roleId:userDTO.getRole()) {
Role userRole = roleService.getRole(roleId.asInt());
userRoleList.add(userRole);
}
}
user.setRoles(userRoleList);
user.setUsername(userDTO.getUsername());
user.setPassword(userDTO.getPassword());
user.setEmailAddress(userDTO.getEmailaddress());
user.setTrueName(userDTO.getTruename());
user.setProject(userDTO.getProject());
user.setGroupName(userDTO.getGroupname());
user.setUpdateTime(new Date());
userService.editUser(user);
SessionUtil.destroyedSession(user.getUsername());
return Result.ok();
}