Spring Security——集成Spring Session、Redis和JSON序列化解决方案

àì夳堔傛蜴生んèń 2022-10-22 14:51 34阅读 0赞

# 官方文档 #

[https://docs.spring.io/spring-session/docs/2.4.2/reference/html5/\#spring-security][https_docs.spring.io_spring-session_docs_2.4.2_reference_html5_spring-security]

# Maven #

主要

<dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-security</artifactId>
            </dependency>
            
            <dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-data-redis</artifactId>
            </dependency>
            
            <dependency>
                <groupId>org.springframework.session</groupId>
                <artifactId>spring-session-core</artifactId>
            </dependency>
            
            <dependency>
                <groupId>org.springframework.session</groupId>
                <artifactId>spring-session-data-redis</artifactId>
            </dependency>

# 解决方案 #

## 集成Spring Session ##

### Maven ###

<dependency>
                <groupId>org.springframework.session</groupId>
                <artifactId>spring-session-core</artifactId>
            </dependency>

## 配置  ##

/**
     * @author ShenTuZhiGang
     * @version 1.0.0
     * @date 2021-02-16 20:27
     */
    @Configuration
    @EnableSpringHttpSession
    public class CustomSpringHttpSessionConfig {
    
        @Bean
        public MapSessionRepository sessionRepository() {
            return new MapSessionRepository(new ConcurrentHashMap<>());
        }
    
    }

## 集成Spring Session Redis ##

### Maven ###

<dependency>
        <groupId>org.springframework.session</groupId>
        <artifactId>spring-session-data-redis</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-data-redis</artifactId>
    </dependency>

### 配置  ###

取消Spring Session配置

/**
     * @author ShenTuZhiGang
     * @version 1.0.0
     * @date 2021-02-16 20:27
     */
    //@Configuration
    //@EnableSpringHttpSession
    public class CustomSpringHttpSessionConfig {
    
        @Bean
        public MapSessionRepository sessionRepository() {
            return new MapSessionRepository(new ConcurrentHashMap<>());
        }
    
    }

Redis Session配置

@Configuration
    public class SecurityConfiguration<S extends Session> extends WebSecurityConfigurerAdapter {
    
    	@Autowired
    	private FindByIndexNameSessionRepository<S> sessionRepository;
    
    	@Override
    	protected void configure(HttpSecurity http) throws Exception {
    		// @formatter:off
    		http
    			// other config goes here...
    			.sessionManagement((sessionManagement) -> sessionManagement
    				.maximumSessions(2)
    				.sessionRegistry(sessionRegistry())
    			);
    		// @formatter:on
    	}
    
    	@Bean
    	public SpringSessionBackedSessionRegistry<S> sessionRegistry() {
    		return new SpringSessionBackedSessionRegistry<>(this.sessionRepository);
    	}
    
    }

Session Listener

/**
     * @author ShenTuZhiGang
     * @version 1.0.0
     * @date 2021-02-25 10:45
     */
    @Configuration
    @EnableRedisHttpSession
    public class CustomRedisHttpSessionConfig {
        /**
         * httpSession的会话监听，
         */
        @Bean
        public HttpSessionEventPublisher httpSessionEventPublisher() {
            return new HttpSessionEventPublisher();
        }
    }

## JSON序列化 ##

![watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI3Mjc4MQ_size_16_color_FFFFFF_t_70][]

### Jackson2 ###

Redis配置

/**
     * @author ShenTuZhiGang
     * @version 1.0.0
     * @date 2021-03-16 23:12
     */
    @Configuration
    public class CustomRedisConfig {
        
        // private ObjectMapper objectMapper = new ObjectMapper();
        
        @Autowired
        private ObjectMapper objectMapper; //需要另外配置，不是重点，自行配置
    
        /**
         * @see org.springframework.security.jackson2.SecurityJackson2Modules
         * @return Redis序列化器
         */
        @Bean
        public RedisSerializer<Object> redisSerializer(){
            ObjectMapper om = objectMapper.copy();
            //om.registerModules(SecurityJackson2Modules.getModules(getClass().getClassLoader()));
            //om.enableDefaultTyping(ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY);
            om.registerModule(new CoreJackson2Module());
            //om.registerModule(new CasJackson2Module());
            om.registerModule(new WebJackson2Module());
            om.registerModule(new WebServletJackson2Module());
            om.registerModule(new WebServerJackson2Module());
            om.registerModule(new OAuth2ClientJackson2Module());
            SecurityJackson2Modules.enableDefaultTyping(om);
            return new GenericJackson2JsonRedisSerializer(om);
        }
    
        @Bean
        public RedisTemplate<Object, Object> redisTemplate(RedisConnectionFactory redisConnectionFactory) {
            RedisTemplate<Object, Object> redisTemplate = new RedisTemplate<>();
            redisTemplate.setConnectionFactory(redisConnectionFactory);
            redisTemplate.setDefaultSerializer(redisSerializer());
            redisTemplate.afterPropertiesSet();
            return redisTemplate;
        }
    }

Redis Session配置

/**
     * @author ShenTuZhiGang
     * @version 1.0.0
     * @date 2021-02-25 10:45
     */
    @Configuration
    @EnableRedisHttpSession
    public class CustomRedisHttpSessionConfig {
    
        private final RedisSerializer<Object> redisSerializer;
    
        public CustomRedisHttpSessionConfig(RedisSerializer<Object> redisSerializer) {
            this.redisSerializer = redisSerializer;
        }
    
        /**
         * Spring Session Redis JSON序列化
         * *注：bean的名称必须为springSessionDefaultRedisSerializer
         *
         * @see org.springframework.session.data.redis.config.annotation.web.http.RedisHttpSessionConfiguration
         */
        @Bean
        public RedisSerializer<Object> springSessionDefaultRedisSerializer(){
                return redisSerializer;
        }
    
        /**
         * httpSession的会话监听，
         */
        @Bean
        public HttpSessionEventPublisher httpSessionEventPublisher() {
            return new HttpSessionEventPublisher();
        }
    }

### Fastjson ###

同理，参考：[Spring Session Redis最佳实践（3）使用Fastjson替换JDK序列化存储][Spring Session Redis_3_Fastjson_JDK]

# 常见问题 #

[Spring Boot——Spring Session Redis整合Spring Security时错误【RedisConnectionFactory is required】解决方案][Spring Boot_Spring Session Redis_Spring Security_RedisConnectionFactory is required]

[Spring Security + Spring Session + Redis——【SecurityContext】和【AuthenticationToken】JSON反序列化问题解决方案][Spring Security _ Spring Session _ Redis_SecurityContext_AuthenticationToken_JSON]

[Spring Security + Redis Session——JSON序列化错误\[The class xxx and name of xxx is not whitelisted. \]解决方案][Spring Security _ Redis Session_JSON_The class xxx and name of xxx is not whitelisted.]

# 参考文章 #

[Spring Session & RedisでJacksonを使ったシリアライズを試してみる][Spring Session _ Redis_Jackson]

[Spring Session + Redis——自定义JSON序列化解决方案][Spring Session _ Redis_JSON]

[https_docs.spring.io_spring-session_docs_2.4.2_reference_html5_spring-security]: https://docs.spring.io/spring-session/docs/2.4.2/reference/html5/#spring-security
[watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI3Mjc4MQ_size_16_color_FFFFFF_t_70]: /images/20221022/a548cc4da4114d12a645a26166760828.png
[Spring Session Redis_3_Fastjson_JDK]: https://blog.csdn.net/haiyangyiba/article/details/90552285
[Spring Boot_Spring Session Redis_Spring Security_RedisConnectionFactory is required]: https://shentuzhigang.blog.csdn.net/article/details/114836853
[Spring Security _ Spring Session _ Redis_SecurityContext_AuthenticationToken_JSON]: https://blog.csdn.net/weixin_43272781/article/details/114919024
[Spring Security _ Redis Session_JSON_The class xxx and name of xxx is not whitelisted.]: https://blog.csdn.net/weixin_43272781/article/details/114918522
[Spring Session _ Redis_Jackson]: https://siosio.hatenablog.com/entry/2019/01/12/080014
[Spring Session _ Redis_JSON]: https://blog.csdn.net/weixin_43272781/article/details/114919461