公司平台接受监管后,系统整改,其中一个就是一个用户账号只能在一个地方登录,别的地方登录上来后,当前登录的人必须下线。
因为一直做web开发,之前给某公司做过这个功能,只不过那个是8年前,比较老的方式,单体系统,目前都是分布式。但是其实实现原理都是一样的。分布式系统只是部署了多份app。那么就得依赖一个第三方存储的地方,可以是db,可以是缓存。这里我就用缓存redis。
首先说一下这个单账号只能一个ip登录的原理:
明天继续。先贴代码:
LoginAloneHttpSessionListener.java
import javax.servlet.ServletContext; import javax.servlet.annotation.WebListener; import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSessionAttributeListener; import javax.servlet.http.HttpSessionBindingEvent; import javax.servlet.http.HttpSessionEvent; import javax.servlet.http.HttpSessionListener; import org.apache.log4j.Logger; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationContext; import org.springframework.data.redis.core.BoundHashOperations; import org.springframework.data.redis.core.StringRedisTemplate; import org.springframework.stereotype.Component; import org.springframework.web.context.support.WebApplicationContextUtils; @Component @WebListener public class LoginAloneHttpSessionListener implements HttpSessionListener, HttpSessionAttributeListener { private static Logger logger = Logger.getLogger(LoginAloneHttpSessionListener.class); @Autowired private StringRedisTemplate stringRedisTemplate; /**初始化方法 stringRedisTemplate * * @param session * @author chenweixian 陈惟鲜 * @date 2018年2月26日 上午10:40:02 */ public void initStringRedisTemplate(HttpSession session){ if (stringRedisTemplate == null){ ServletContext servletContext = session.getServletContext(); ApplicationContext context = WebApplicationContextUtils.getWebApplicationContext(servletContext); stringRedisTemplate = context.getBean("stringRedisTemplate", StringRedisTemplate.class); } } @Override public void sessionCreated(HttpSessionEvent event) { this.initStringRedisTemplate(event.getSession()); // logger.info("============session【"+event.getSession().getId()+"】 已创建"); } @Override public void sessionDestroyed(HttpSessionEvent event) { this.initStringRedisTemplate(event.getSession()); BoundHashOperations<String, String, String> boundHashOperations = stringRedisTemplate.boundHashOps(RedisContants.ADMIN_LOGIN_MAP); boundHashOperations.delete(event.getSession().getId()); // logger.info("============session【"+event.getSession().getId()+"】 已销毁"); } @Override public void attributeAdded(HttpSessionBindingEvent event) { this.handleUserInfo(event); // logger.info("============session【"+event.getSession().getId()+"】====attribute Added"); } @Override public void attributeRemoved(HttpSessionBindingEvent event) { if (SystemContants.USER_INFO.equals(event.getName())){ this.initStringRedisTemplate(event.getSession()); BoundHashOperations<String, String, String> boundHashOperations = stringRedisTemplate.boundHashOps(RedisContants.ADMIN_LOGIN_MAP); boundHashOperations.delete(event.getSession().getId()); } // logger.info("============session【"+event.getSession().getId()+"】====attribute Removed"); } @Override public void attributeReplaced(HttpSessionBindingEvent event) { this.handleUserInfo(event); // logger.info("============session【"+event.getSession().getId()+"】=====attribute Replaced"); } /**处理用户信息 * * @param event * @author chenweixian 陈惟鲜 * @date 2018年2月26日 上午11:07:11 */ private void handleUserInfo(HttpSessionBindingEvent event){ if (SystemContants.USER_INFO.equals(event.getName())){ this.initStringRedisTemplate(event.getSession()); UserVo userVo = (UserVo)event.getValue(); BoundHashOperations<String, String, String> boundHashOperations = stringRedisTemplate.boundHashOps(RedisContants.ADMIN_LOGIN_MAP); // 踢出之前在线的用户 if (userVo != null){ if (boundHashOperations.keys().size() > 0){ for (String key : boundHashOperations.keys()){ if(userVo.getUserId().equalsIgnoreCase(boundHashOperations.get(key))){ // 踢出 boundHashOperations.delete(key); } } } } // 加入当前登录用户 boundHashOperations.put(event.getSession().getId(), userVo.getUserId()); } } }
LoginFilter.java
import java.io.IOException; import java.util.regex.Pattern; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.log4j.Logger; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationContext; import org.springframework.data.redis.core.BoundHashOperations; import org.springframework.data.redis.core.StringRedisTemplate; import org.springframework.stereotype.Service; import org.springframework.web.context.support.WebApplicationContextUtils; import com.opensymphony.oscache.util.StringUtil; /**登录过滤器 * * @author : chewneixian 陈惟鲜 * @create_date 2016年8月3日 上午11:35:23 * */ @Service @WebFilter(filterName="loginFilter", urlPatterns={ "*.do", }) public class LoginFilter implements Filter { @Autowired private DictionaryVoService dictionaryVoService; // 忽略的URL // String PASS_VALIDATION_URL = ConfigPropertiesUtil.getProp("login.ignore.passUrl"); // 日志对象 private static Logger logger = Logger.getLogger(LoginFilter.class); @Autowired private StringRedisTemplate stringRedisTemplate; public void init(FilterConfig filterConfig) throws ServletException { ServletContext servletContext = filterConfig.getServletContext(); ApplicationContext context = WebApplicationContextUtils.getWebApplicationContext(servletContext); if (stringRedisTemplate == null){ stringRedisTemplate = context.getBean("stringRedisTemplate", StringRedisTemplate.class); } if (dictionaryVoService == null){ dictionaryVoService = context.getBean("dictionaryVoService", DictionaryVoService.class); } } public void destroy() { } public void doFilter(ServletRequest req, ServletResponse res,FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; String PASS_VALIDATION_URL = dictionaryVoService.findFieldValue(DictionaryContants.TYPE_ID_PLATFORM_INFO, StatusContants.LOGIN_IGNORE_PASSURL.getIndex()); // 是否跳过检查 String requestUri = request.getRequestURI(); requestUri = requestUri.replace(request.getContextPath()+"/", ""); // 去掉工程名/ if (Pattern.matches(PASS_VALIDATION_URL,requestUri)) { chain.doFilter(req, res); return ; } // 获取登录用户信息 UserVo userVo = (UserVo)request.getSession().getAttribute(SystemContants.USER_INFO); if (userVo == null){ // 用户未登录 logger.error("您未登录,或登录超时,或您的账号在其他地方登录"); response.sendRedirect(request.getContextPath() + "/login_to.do"); return ; } if (!this.isLogined(request.getSession().getId(), userVo.getUserId())){ // 用户未登录 logger.error("您的账号已经在异地登录,请重新登录修改密码。"); response.sendRedirect(request.getContextPath() + "/login_error.do"); return ; } chain.doFilter(req, res); } /** * isLogining-用于判断用户是否已经登录 * @param sessionUserName String-登录的用户名 * @return boolean-该用户是否已经登录的标志 * */ public boolean isLogined(String nowSessionId, String nowUserId){ boolean result = false; BoundHashOperations<String, String, String> boundHashOperations = stringRedisTemplate.boundHashOps(RedisContants.ADMIN_LOGIN_MAP); if (boundHashOperations.keys().size() > 0){ // 当前登线程用户ID, 在集合中没有记录 String sessionUserId = boundHashOperations.get(nowSessionId); if (!StringUtil.isEmpty(sessionUserId)){ // 当前使用这个用户ID的线程ID String mySessionId = ""; for (String key : boundHashOperations.keys()){ if(nowUserId.equalsIgnoreCase(boundHashOperations.get(key))){ mySessionId = key; break; } } // 当前线程与登录用户线程ID相等,则登录 if (nowSessionId.equals(mySessionId)){ result = true; } } } return result; } }