blame | 历史 | 原始文档
fuliqi
2024-07-16 38f9471ecf47b7c15b352113bc0f5a2ec1e64e7b 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61

package com.ycl.jxkg.config.spring.security;


 


 


import com.ycl.jxkg.base.SystemCode;


import com.ycl.jxkg.constants.CaffeineConstant;


import com.ycl.jxkg.utils.CaffeineUtil;


import lombok.extern.slf4j.Slf4j;


import org.springframework.beans.factory.annotation.Autowired;


import org.springframework.context.annotation.Bean;


import org.springframework.security.authentication.AuthenticationManager;


import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;


import org.springframework.security.core.Authentication;


import org.springframework.security.core.context.SecurityContextHolder;


import org.springframework.security.core.context.SecurityContextImpl;


import org.springframework.security.core.userdetails.User;


import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;


 


import javax.servlet.FilterChain;


import javax.servlet.ServletException;


import javax.servlet.http.HttpServletRequest;


import javax.servlet.http.HttpServletResponse;


import java.io.IOException;


import java.util.Enumeration;


import java.util.Objects;


 


/**


 * @author 29443


 * @date 2022/4/4


 */


@Slf4j


public class SessionFilter extends BasicAuthenticationFilter {


 


    @Autowired


    private CaffeineUtil caffeineUtil;


 


    public SessionFilter(AuthenticationManager authenticationManager) {


        super(authenticationManager);


    }


 


 


    @Override


    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {


        // 检查请求中是否有security设置的认证信息。没有的话本Filter不做处理


        SecurityContextImpl securityContext = (SecurityContextImpl) request.getSession().getAttribute("SPRING_SECURITY_CONTEXT");


        if (Objects.isNull(securityContext)) {


            chain.doFilter(request, response);


            return;


        }


        // 有的话验证


        Authentication authentication = securityContext.getAuthentication();


        User authUser = (User) authentication.getPrincipal();


        // 检查这个用户对应的sessionId是否和登录时的sessionId相等


        String loginSessionId = (String) caffeineUtil.get(CaffeineConstant.AUTH, authUser.getUsername());


        if (! request.getSession().getId().equals(loginSessionId)) {


            log.warn("检测到同一账号两个浏览器登录");


            RestUtil.response(response, SystemCode.UNAUTHORIZED.getCode(), "当前登录已失效");


        } else {


            chain.doFilter(request, response);


        }


    }


}