集群环境下的Session并发管理

最新推荐文章于 2022-04-24 20:39:27 发布
最新推荐文章于 2022-04-24 20:39:27 发布
阅读量292 收藏
点赞数
分类专栏: spring security 文章标签: spring spring boot
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_41359273/article/details/124178779
版权

集群环境下的Session并发管理

1.pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.6.4</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>com.yl</groupId>
    <artifactId>securitydemo</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>securitydemo</name>
    <description>Demo project for Spring Boot</description>
    <properties>
        <java.version>11</java.version>
    </properties>
    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-jdbc</artifactId>
        </dependency>
        <dependency>
            <groupId>com.alibaba</groupId>
            <artifactId>druid-spring-boot-starter</artifactId>
            <version>1.1.10</version>
        </dependency>
        <dependency>
            <groupId>org.mybatis.spring.boot</groupId>
            <artifactId>mybatis-spring-boot-starter</artifactId>
            <version>2.2.2</version>
        </dependency>
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>com.github.penggle</groupId>
            <artifactId>kaptcha</artifactId>
            <version>2.3.2</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.session</groupId>
            <artifactId>spring-session-data-redis</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-redis</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-test</artifactId>
            <scope>test</scope>
        </dependency>
    </dependencies>

    <build>
        <resources>
            <resource>
                <directory>src/main/java</directory>
                <includes>
                    <include>**/*.xml</include>
                </includes>
            </resource>
            <resource>
                <directory>src/min/resources</directory>
            </resource>
        </resources>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>

</project>

2.application.properties

server.port=8080
spring.datasource.url=jdbc:mysql://localhost:3306/demo?useUnicode=true&characterEncoding=utf8&useSSL=false&serverTimezone=Asia/Shanghai
spring.datasource.type=com.alibaba.druid.pool.DruidDataSource
spring.datasource.driver-class-name = com.mysql.cj.jdbc.Driver
spring.datasource.username=root
spring.datasource.password=root

spring.redis.host=192.168.244.136
spring.redis.port=6379
spring.redis.password=root123

3.建表语句

DROP TABLE IF EXISTS `role`;
CREATE TABLE `role`  (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `name` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NULL DEFAULT NULL,
  `description` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NULL DEFAULT NULL,
  PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 4 CHARACTER SET = utf8mb4 COLLATE = utf8mb4_0900_ai_ci ROW_FORMAT = Dynamic;

-- ----------------------------
-- Records of role
-- ----------------------------
INSERT INTO `role` VALUES (1, 'ROLE_db', '数据库管理员');
INSERT INTO `role` VALUES (2, 'ROLE_admin', '系统管理员');
INSERT INTO `role` VALUES (3, 'ROLE_user', '用户');

-- ----------------------------
-- Table structure for user
-- ----------------------------
DROP TABLE IF EXISTS `user`;
CREATE TABLE `user`  (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `username` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NULL DEFAULT NULL,
  `password` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NULL DEFAULT NULL,
  `enabled` tinyint(1) NULL DEFAULT NULL,
  `locked` tinyint(1) NULL DEFAULT NULL,
  PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 4 CHARACTER SET = utf8mb4 COLLATE = utf8mb4_0900_ai_ci ROW_FORMAT = Dynamic;

-- ----------------------------
-- Records of user
-- ----------------------------
INSERT INTO `user` VALUES (1, 'root', '$2a$10$O8G0X/sUPAA76MV7U3BwY.3Uo8/QMBcqK678Rwkoz.fowbce.CLtO', 1, 0);
INSERT INTO `user` VALUES (2, 'admin', '$2a$10$O8G0X/sUPAA76MV7U3BwY.3Uo8/QMBcqK678Rwkoz.fowbce.CLtO', 1, 0);
INSERT INTO `user` VALUES (3, 'tom', '$2a$10$O8G0X/sUPAA76MV7U3BwY.3Uo8/QMBcqK678Rwkoz.fowbce.CLtO', 1, 0);

-- ----------------------------
-- Table structure for user_role_ref
-- ----------------------------
DROP TABLE IF EXISTS `user_role_ref`;
CREATE TABLE `user_role_ref`  (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `user_id` int(11) NULL DEFAULT NULL,
  `role_id` int(11) NULL DEFAULT NULL,
  PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 5 CHARACTER SET = utf8mb4 COLLATE = utf8mb4_0900_ai_ci ROW_FORMAT = Dynamic;

-- ----------------------------
-- Records of user_role_ref
-- ----------------------------
INSERT INTO `user_role_ref` VALUES (1, 1, 1);
INSERT INTO `user_role_ref` VALUES (2, 1, 2);
INSERT INTO `user_role_ref` VALUES (3, 2, 2);
INSERT INTO `user_role_ref` VALUES (4, 3, 3);

SET FOREIGN_KEY_CHECKS = 1;

4.实体类

package com.yl.securitydemo.model;

import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;

import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Objects;

public class User implements UserDetails {
    private Integer id;
    private String username;
    private String password;
    private Boolean enabled;
    private Boolean locked;
    private List<Role> roles;

    public Integer getId() {
        return id;
    }

    public void setId(Integer id) {
        this.id = id;
    }

    public void setUsername(String username) {
        this.username = username;
    }

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        List<SimpleGrantedAuthority> list = new ArrayList<>();
        for (Role role : roles) {
            list.add(new SimpleGrantedAuthority("ROLE_" + role.getName()));
        }
        return list;
    }

    @Override
    public String getPassword() {
        return password;
    }

    @Override
    public String getUsername() {
        return username;
    }

    // 账户是否未过期
    @Override
    public boolean isAccountNonExpired() {
        return true;
    }

    // 账户是否未锁定
    @Override
    public boolean isAccountNonLocked() {
        return !locked;
    }

    // 凭证是否未过期
    @Override
    public boolean isCredentialsNonExpired() {
        return true;
    }

    @Override
    public boolean isEnabled() {
        return enabled;
    }

    public void setPassword(String password) {
        this.password = password;
    }

    public void setEnabled(Boolean enabled) {
        this.enabled = enabled;
    }

    public void setLocked(Boolean locked) {
        this.locked = locked;
    }

    public List<Role> getRoles() {
        return roles;
    }

    public void setRoles(List<Role> roles) {
        this.roles = roles;
    }

    @Override
    public boolean equals(Object o) {
        if (this == o) return true;
        if (o == null || getClass() != o.getClass()) return false;
        User user = (User) o;
        return username.equals(user.username);
    }

    @Override
    public int hashCode() {
        return Objects.hash(username);
    }

    @Override
    public String toString() {
        return "User{" +
                "id=" + id +
                ", username='" + username + '\'' +
                ", password='" + password + '\'' +
                ", enabled=" + enabled +
                ", locked=" + locked +
                '}';
    }
}


package com.yl.securitydemo.model;

import java.io.Serializable;

public class Role implements Serializable {
    private Integer id;
    private String name;
    private String description;

    public Integer getId() {
        return id;
    }

    public void setId(Integer id) {
        this.id = id;
    }

    public String getName() {
        return name;
    }

    public void setName(String name) {
        this.name = name;
    }

    public String getDescription() {
        return description;
    }

    public void setDescription(String description) {
        this.description = description;
    }

    @Override
    public String toString() {
        return "Role{" +
                "id=" + id +
                ", name='" + name + '\'' +
                ", description='" + description + '\'' +
                '}';
    }
}


package com.yl.securitydemo.model;

import java.io.Serializable;

public class UserRoleRef implements Serializable {
    private Integer id;
    private Integer userId;
    private Integer roleId;

    public Integer getId() {
        return id;
    }

    public void setId(Integer id) {
        this.id = id;
    }

    public Integer getUserId() {
        return userId;
    }

    public void setUserId(Integer userId) {
        this.userId = userId;
    }

    public Integer getRoleId() {
        return roleId;
    }

    public void setRoleId(Integer roleId) {
        this.roleId = roleId;
    }

    @Override
    public String toString() {
        return "UserRoleRef{" +
                "id=" + id +
                ", userId=" + userId +
                ", roleId=" + roleId +
                '}';
    }
}

5.mapper及其xml文件

package com.yl.securitydemo.mapper;



import com.yl.securitydemo.model.Role;
import com.yl.securitydemo.model.User;
import org.apache.ibatis.annotations.Mapper;

import java.util.List;

@Mapper
public interface UserMapper {
    User loadUserByUsername(String username);

    List<Role> getRolesByUserId(Integer userId);
}


<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.yl.securitydemo.mapper.UserMapper">

    <select id="loadUserByUsername" resultType="com.yl.securitydemo.model.User">
        select * from user where username = #{username}
    </select>
    <select id="getRolesByUserId" resultType="com.yl.securitydemo.model.Role">
        select * from role where id in (select role_id from user_role_ref where user_id = #{userId})
    </select>

</mapper>

6.userservice

package com.yl.securitydemo.service;

import com.yl.securitydemo.mapper.UserMapper;
import com.yl.securitydemo.model.User;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

@Service
public class UserService implements UserDetailsService {
    @Autowired
    UserMapper userMapper;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        User user = userMapper.loadUserByUsername(username);
        if (user == null) {
            throw new UsernameNotFoundException("用户名不存在");
        }
        user.setRoles(userMapper.getRolesByUserId(user.getId()));
        return user;
    }
}

7.security的配置

package com.yl.securitydemo.config;

import com.yl.securitydemo.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.session.HttpSessionEventPublisher;
import org.springframework.session.FindByIndexNameSessionRepository;
import org.springframework.session.security.SpringSessionBackedSessionRegistry;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    UserService userService;
    @Autowired
    FindByIndexNameSessionRepository sessionRepository;
//    @Autowired
//    MyWebAuthenticationDetailsSource myWebAuthenticationDetailsSource;
    @Bean
    PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

//    @Bean
//    MyAuthenticationProvider myAuthenticationProvider() {
//        MyAuthenticationProvider provider = new MyAuthenticationProvider();
//        provider.setPasswordEncoder(passwordEncoder());
//        provider.setUserDetailsService(userService);
//        return provider;
//    }

    @Bean
    SpringSessionBackedSessionRegistry sessionRegistry() {
        return new SpringSessionBackedSessionRegistry(sessionRepository);
    }

//    @Bean
//    HttpSessionEventPublisher httpSessionEventPublisher() {
//        return new HttpSessionEventPublisher();
//    }

//    @Override
//    @Bean
//    protected AuthenticationManager authenticationManager() throws Exception {
//        return new ProviderManager(myAuthenticationProvider());
//    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userService);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
//                .antMatchers("/getVerifyCode")
//                .permitAll()
                .anyRequest()
                .authenticated()
                .and()
                .formLogin()
//                .authenticationDetailsSource(myWebAuthenticationDetailsSource)
                .permitAll()
                .and()
                .csrf().disable()
                .sessionManagement()
                .maximumSessions(1) //限制能登录的用户个数为1
                .maxSessionsPreventsLogin(true)// 禁止后面的用户登录
                .sessionRegistry(sessionRegistry());
    }
}

8.controller

package com.yl.securitydemo.controller;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.http.HttpSession;

@RestController
public class HelloController {

    @GetMapping("/hello")
    public String hello() {
        return "hello";
    }
    @Value("${server.port}")
    Integer port;

    @GetMapping("/get")
    public String get(HttpSession session) {
     return session.getAttribute("name") + ":" + port;
    }

    @GetMapping("/set")
    public String set(HttpSession session){
        session.setAttribute("name","yl");
        return String.valueOf(port);
    }
}

9.测试

1.打包项目,并且以8080和8081两个端口号启动两个实例
在这里插入图片描述
在这里插入图片描述
2.在客户端A登录admin账号,并且访问8080端口的hello接口
在这里插入图片描述

3.在客户端B再登录admin账号,访问8081端口的hello接口,登录发现账号已经登录了,成功限制用户的登录个数为1
在这里插入图片描述

#Hideonbush
关注
专栏目录
如何使用Session使程序开发跟便捷,避免多线程调用
qq_42006229的博客
05-14 353
第一步 创建数据库-- Create table create table CUSTOMER (   ID       NUMBER not null,   USERNAME VARCHAR2(100),   AGE      NUMBER,   SEX      VARCHAR2(100),   CITY     VARCHAR2(100) ) tablespace USERS   pctfre...
通过Nginx搭建Tomcat9集群并实现Session共享
01-09
2. **Session复制配置**:由于默认情况下,Tomcat集群并不共享Session,所以在使用Redis之前,需要对Tomcat进行一些配置。这包括在`$CATALINA_HOME/conf/context.xml`文件中添加对`org.apache.catalina.session....
Session,有没有必要使用它?
weixin_34329187的博客
08-01 200
Technorati 标签: session,asp.net,.net 今天来说说 Session 。这个东西嘛,我想每个Asp.net开发人员都知道它,尤其是初学Asp.net时,肯定也用过它,因为用它保存会话数据确实非常简单。 与前二篇博客不同,这次我不打算细说它的使用,而是打算说说它的缺点,同时我还会举个实际的例子,来看看它到底有什么不好的影响。 当...
并发session共享问题
ATwill的专栏
04-19 1270
解决集群Session共享问题1. Session Sticky                让负载均衡器能够根据每次的请求的会话标识来进行请求的转发,这样就能保证每次都能落到同一台服务器上面,这种方式称为Session Sticky方式。如下图:                存在问题:        1. 如果这一台Web服务器宕机或者重启了,服务器上的会话数据会丢失,用户需要重新登陆等。 ...
SpringSecurity in Action》三:Session并发控制问题
shangcunshanfu的博客
04-24 1955
文章目录1 概述2 实现方法3 测试方法 1 概述 Session并发控制指服务端控制客户端某个用户同时在线的数量,如某个账号在谷歌浏览器上进行了登陆,又在IE浏览器上进行了登陆,又在手动app上进行了登陆,那这时session并发数就是3.控制session并发的意思一是在于控制服务器资料占用,二是可以起到对帐号的保护作用。比较我们是不是都有这样的经历,我们正登着QQ呢,突然自己登出了,不久QQ就给我们发了一条消息,说你的帐号在哪哪哪登陆了,如果不是本人操作赶快修改密码。这就是session并发控制。如果
SpringSecurity in Action》四:Session共享下的Session并发控制问题
shangcunshanfu的博客
04-24 4040
文章目录1 概述2 原因3 解决方案4 方案实现 1 概述 该篇基于《SpringSecurity in Action》三:Session并发控制问题 & 《SpringSecurity in Action》二: 基于redis实现session共享 在【《SpringSecurity in Action》三:Session并发控制问题】最后做测试时,刻意回避了一个问题,就是不要在多副本情况下进行测试,因为以上一篇的配置来说,还不支持在session共享下完成session并发控制。 2 原因 这里
集群环境session同步方案对比分析
由于文件中提到的标签为'集群中几种session同步解决',我们可以推断文档内可能详细比较了上述几种方案的优缺点,并可能提供了具体的案例研究或使用场景分析,帮助读者更好地理解在不同环境下如何选择合适的session...
tomcat-session同步所需jar.rar_session集群共享_tomcat session
09-24
**Tomcat Session管理**:Tomcat提供了多种session管理策略,如`org.apache.catalina.ha.session.DeltaManager`和`org.apache.catalina.ha.session.JvmRouteBinderValve`,它们支持集群环境下的session复制。...
tomcat8集群session共享(redis处理)
12-09
"Tomcat8集群session共享(redis处理)"的主题正是针对这一问题,通过集成Redis作为分布式缓存来解决。下面我们将详细探讨这个过程。 首先,我们需要理解Session的概念。Session是在Web应用中用于跟踪用户状态的一...
Apache+Tomcat+Memcached集群环境搭建与Session管理
在高并发环境下,结合LVS(Linux Virtual Server),可以实现更高级别的负载均衡和容错能力。 在搭建Apache集群时,需要注意配置SELinux以确保服务器的安全性。可以通过`setenforce 0`临时关闭SELinux的强制执行...
并发session跟踪 及持久化
slow is fast
12-23 163
     servlet容器通过在客户浏览器中保存一个sessionid来跟踪 session,如果浏览器关闭了session,就得通过其他手段来跟踪用户的状态,在 java servlet api 中,提出了更总session的另外一种机制,如果客户端不支持cookie,可以通过重写url来达到一定的目的,将sessionID 放到url中,httpservletresponse中有一个 enc...
万恶的session,同一sessionid不能并发,session
zb219的专栏
01-30 3651
只要网站使用了session,那么每次请求就会在整个生命周期中,锁住session,这样同一sessionid的请求就必须等待解锁 这就表示,如果网站有个超时的页面,那就什么事也干不了了,必须等这个超时的页面加载完成。 你同样干不了,同一页面多个ajax并发请求,干不了,消息轮询请求。 asp.net 有 [SessionState(SessionStateBehavior.ReadOnl
springsecurity中session并发控制
nrsc
09-21 2707
文章目录1 是什么?2 超过最大并发数量时,踢掉前面的登陆3 超过最大并发数量时,阻止后面的登陆 项目源码地址https://github.com/nieandsun/security 1 是什么? 以腾讯视频会员为例,假如我的账号买了会员,则我可以享受看视频免广告,某些热门电视剧提前看等福利。若我的朋友也想享受这些福利又不想花钱买会员,则我可以让他用我的号登陆。但是假如我有很多很多的朋友都不想买...
关于集群状况下session共享问题
清白之年
04-12 1923
关于集群状态下session共享问题解决 问题: 集群状态下,登录时,如果使用传统的方式将session记录到本地,那么当访问其他服务器时,无法获取到session,又需要进行登录。 解决办法:使用redis解决,将 session保存在redis服务器(key,value格式保存),用户登录时,服务器都去redis中进行查询session redis保存session的存储格式 ...
Prefer ThreadLocalRandom over Random
weixin_34357962的博客
03-29 130
  Java 7 has introduced a new random number generator - ThreadLocalRandomNormally to generate Random numbers, we either do Create an instance of java.util.Random OR Math.random() - which intern...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值