session expiration time
On Tomcat, the default valid time for session is 30 minutes. You can also modify the valid time of the session through the configuration file.
1) Modify web.xml
<!-- Set session invalid, unit segment--> <session-config> <session-timeout>1</session-timeout> </session-config>
2).yml file
server.session.cookie.http-only= # Whether to enable HttpOnly server.session.timeout = #Session timeout (seconds)
Use filters to obtain session for authentication (all tests are not tested, use with caution)
1) Create a new Filter
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.web.servlet.ServletComponentScan; import org.springframework.context.ApplicationContext; import org.springframework.stereotype.Component; import org.springframework.web.context.support.WebApplicationContextUtils; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest; import java.io.IOException; @Component @ServletComponentScan//Let @WebFilter work@WebFilter(urlPatterns = "/*") public class MyFilter implements Filter{ @Autowired private SessionKeyConfigProperties sessionKeyConfigProperties; @Override public void init(FilterConfig filterConfig) throws ServletException { } @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest; System.out.println(sessionKeyConfigProperties.getUserTypeKey()); //Get identity information through session AuthenticationUtil authenticationUtil = new AuthenticationUtil(sessionKeyConfigProperties); UserTypeEnum userType = authenticationUtil.getUserAuthentication(httpServletRequest.getSession()); //Certification//Authentication failed if(userType == null){ //... } //The user is not an administrator if(userType != UserTypeEnum.ADMIN){ //... } filterChain.doFilter(servletRequest,servletResponse); } @Override public void destroy() { } } Careful readers will find that I used AuthenticationUtil, which is a tool class designed to separate the functions of reading and writing user identity authentication information. 2) AuthenticationUtil class
import org.apache.shiro.web.session.HttpServletSession; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; public class AuthenticationUtil { private SessionKeyConfigProperties configProperties; public AuthenticationUtil(SessionKeyConfigProperties configProperties) { this.configProperties = configProperties; } /** * Get the user's identity type from the session* @param session * @return identity type */ public UserTypeEnum getUserAuthentication(HttpSession session){ //Get user information record in session Object userType = session.getAttribute(configProperties.getUserTypeKey()); //Get user type recorded in session if(userType != null && userType instance of UserTypeEnum) { return (UserTypeEnum)userType; } return null; } /** * Write the user's identity into session* @param session * @param userType */ public void setUserAuthentication(HttpSession session,UserTypeEnum userType){ session.setAttribute(configProperties.getUserTypeKey(),userType); } } 3) Configuration file SessiionKeyConfig.properties
user_type_key = userTypeKey
4) Configure the read file SessionKeyConfigProperties.class
import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.PropertySource; import org.springframework.steretype.Component; @Configuration @PropertySource("classpath:config/SessiionKeyConfig.properties") @Component public class SessionKeyConfigProperties { @Value("${user_type_key}") private String userTypeKey; public String getUserTypeKey() { return userTypeKey; } public void setUserTypeKey(String userTypeKey) { this.userTypeKey = userTypeKey; } } 5) Enum class
public enum UserTypeEnum { ADMIN, USER }Note: This article deletes some package information and some import information. Please modify the contents of the Enum class and configuration class by yourself according to project requirements and data dictionary.
Summarize
The above is the SpringBoot-based user authentication tool introduced to you by the editor. I hope it will be helpful to you. If you have any questions, please leave me a message and the editor will reply to you in time. Thank you very much for your support to Wulin.com website!