【7.2.2】增加单点客户端根据CaClientToken销毁session机制

2022-05-20 14:29:21 +08:00 · 2022-05-20 14:29:21 +08:00 · c7ca6a5842
parent a6329ab656
commit c7ca6a5842
9 changed files with 263 additions and 74 deletions
--- a/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/constants/AuthConstants.java
+++ b/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/constants/AuthConstants.java
@ -122,4 +122,9 @@ public interface AuthConstants {
     */
    String SYS_AUTH_SSO_GET_LOGIN_CODE = "/sso/getLoginCode";

+    /**
+     * 用户存放单点登录回调时的token和本系统token的缓存
+     */
+    String CA_CLIENT_TOKEN_CACHE_PREFIX = "CA_CLIENT:TOKEN:";
+
 }
--- a/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/AuthServiceImpl.java
+++ b/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/AuthServiceImpl.java
@ -130,6 +130,9 @@ public class AuthServiceImpl implements AuthServiceApi {
    @Resource(name = "loginErrorCountCacheApi")
    private CacheOperatorApi<Integer> loginErrorCountCacheApi;

+    @Resource(name = "caClientTokenCacheApi")
+    private CacheOperatorApi<String> caClientTokenCacheApi;
+
    @Override
    public LoginResponse login(LoginRequest loginRequest) {
        return loginAction(loginRequest, true, null);
@ -192,7 +195,12 @@ public class AuthServiceImpl implements AuthServiceApi {
            throw new AuthException(AuthExceptionEnum.SSO_TOKEN_DECRYPT_USER_ERROR);
        }

-        return loginWithUserNameAndCaToken(account, caToken);
+        LoginResponse loginResponse = loginWithUserNameAndCaToken(account, caToken);
+
+        // 存储单点token和生成的本地token的映射关系
+        caClientTokenCacheApi.put(loginWithTokenRequest.getToken(), loginResponse.getToken());
+
+        return loginResponse;
    }

    @Override
@ -208,7 +216,6 @@ public class AuthServiceImpl implements AuthServiceApi {

        logoutWithToken(token);
        sessionManagerApi.destroySessionCookie();
-
    }

    @Override
--- a/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/session/cache/catoken/MemoryCaClientTokenCache.java
+++ b/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/session/cache/catoken/MemoryCaClientTokenCache.java
@ -0,0 +1,53 @@
+/*
+ * Copyright [2020-2030] [https://www.stylefeng.cn]
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Guns采用APACHE LICENSE 2.0开源协议，您在使用过程中，需要注意以下几点：
+ *
+ * 1.请不要删除和修改根目录下的LICENSE文件。
+ * 2.请不要删除和修改Guns源码头部的版权声明。
+ * 3.请保留源码和相关描述文件的项目出处，作者声明等。
+ * 4.分发源码时候，请注明软件出处 https://gitee.com/stylefeng/guns
+ * 5.在修改包名，模块名称，项目代码等时，请注明软件出处 https://gitee.com/stylefeng/guns
+ * 6.若您的项目无法满足以上几点，可申请商业授权
+ */
+package cn.stylefeng.roses.kernel.auth.session.cache.catoken;
+
+import cn.hutool.cache.impl.TimedCache;
+import cn.stylefeng.roses.kernel.cache.memory.AbstractMemoryCacheOperator;
+
+import static cn.stylefeng.roses.kernel.auth.api.constants.AuthConstants.CA_CLIENT_TOKEN_CACHE_PREFIX;
+
+
+/**
+ * 存放单点回调时候的token和本系统token的映射关系
+ * <p>
+ * key：    单点回调客户端时候的token
+ * value：  本系统的token
+ *
+ * @author fengshuonan
+ * @date 2022/5/20 11:40
+ */
+public class MemoryCaClientTokenCache extends AbstractMemoryCacheOperator<String> {
+
+    public MemoryCaClientTokenCache(TimedCache<String, String> timedCache) {
+        super(timedCache);
+    }
+
+    @Override
+    public String getCommonKeyPrefix() {
+        return CA_CLIENT_TOKEN_CACHE_PREFIX;
+    }
+
+}
--- a/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/session/cache/catoken/RedisCaClientTokenCache.java
+++ b/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/session/cache/catoken/RedisCaClientTokenCache.java
@ -0,0 +1,53 @@
+/*
+ * Copyright [2020-2030] [https://www.stylefeng.cn]
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Guns采用APACHE LICENSE 2.0开源协议，您在使用过程中，需要注意以下几点：
+ *
+ * 1.请不要删除和修改根目录下的LICENSE文件。
+ * 2.请不要删除和修改Guns源码头部的版权声明。
+ * 3.请保留源码和相关描述文件的项目出处，作者声明等。
+ * 4.分发源码时候，请注明软件出处 https://gitee.com/stylefeng/guns
+ * 5.在修改包名，模块名称，项目代码等时，请注明软件出处 https://gitee.com/stylefeng/guns
+ * 6.若您的项目无法满足以上几点，可申请商业授权
+ */
+package cn.stylefeng.roses.kernel.auth.session.cache.catoken;
+
+import cn.stylefeng.roses.kernel.cache.redis.AbstractRedisCacheOperator;
+import org.springframework.data.redis.core.RedisTemplate;
+
+import static cn.stylefeng.roses.kernel.auth.api.constants.AuthConstants.CA_CLIENT_TOKEN_CACHE_PREFIX;
+
+
+/**
+ * 存放单点回调时候的token和本系统token的映射关系
+ * <p>
+ * key：    单点回调客户端时候的token
+ * value：  本系统的token
+ *
+ * @author fengshuonan
+ * @date 2022/5/20 11:37
+ */
+public class RedisCaClientTokenCache extends AbstractRedisCacheOperator<String> {
+
+    public RedisCaClientTokenCache(RedisTemplate<String, String> redisTemplate) {
+        super(redisTemplate);
+    }
+
+    @Override
+    public String getCommonKeyPrefix() {
+        return CA_CLIENT_TOKEN_CACHE_PREFIX;
+    }
+
+}
--- a/kernel-d-auth/auth-spring-boot-starter/src/main/java/cn/stylefeng/roses/kernel/auth/starter/GunsAuthAutoConfiguration.java
+++ b/kernel-d-auth/auth-spring-boot-starter/src/main/java/cn/stylefeng/roses/kernel/auth/starter/GunsAuthAutoConfiguration.java
@ -24,8 +24,6 @@
 */
 package cn.stylefeng.roses.kernel.auth.starter;

-import cn.hutool.cache.CacheUtil;
-import cn.hutool.cache.impl.TimedCache;
 import cn.stylefeng.roses.kernel.auth.api.SessionManagerApi;
 import cn.stylefeng.roses.kernel.auth.api.cookie.SessionCookieCreator;
 import cn.stylefeng.roses.kernel.auth.api.expander.AuthConfigExpander;
@ -35,12 +33,9 @@ import cn.stylefeng.roses.kernel.auth.api.pojo.login.LoginUser;
 import cn.stylefeng.roses.kernel.auth.password.BcryptPasswordStoredEncrypt;
 import cn.stylefeng.roses.kernel.auth.password.RsaPasswordTransferEncrypt;
 import cn.stylefeng.roses.kernel.auth.session.DefaultSessionManager;
-import cn.stylefeng.roses.kernel.auth.session.cache.logintoken.MemoryLoginTokenCache;
-import cn.stylefeng.roses.kernel.auth.session.cache.loginuser.MemoryLoginUserCache;
 import cn.stylefeng.roses.kernel.auth.session.cookie.DefaultSessionCookieCreator;
 import cn.stylefeng.roses.kernel.auth.session.timer.ClearInvalidLoginUserCacheTimer;
 import cn.stylefeng.roses.kernel.cache.api.CacheOperatorApi;
-import cn.stylefeng.roses.kernel.cache.api.constants.CacheConstants;
 import cn.stylefeng.roses.kernel.jwt.JwtTokenOperator;
 import cn.stylefeng.roses.kernel.jwt.api.JwtApi;
 import cn.stylefeng.roses.kernel.jwt.api.pojo.config.JwtConfig;
@ -117,37 +112,6 @@ public class GunsAuthAutoConfiguration {
        return new DefaultSessionCookieCreator();
    }

-    /**
-     * 登录用户的缓存，默认使用内存方式
-     * <p>
-     * 如需redis，可在项目创建一个名为 loginUserCache 的bean替代即可
-     *
-     * @author fengshuonan
-     * @date 2021/1/31 21:04
-     */
-    @Bean
-    @ConditionalOnMissingBean(name = "loginUserCache")
-    public CacheOperatorApi<LoginUser> loginUserCache() {
-        Long sessionExpiredSeconds = AuthConfigExpander.getSessionExpiredSeconds();
-        TimedCache<String, LoginUser> loginUsers = CacheUtil.newTimedCache(1000L * sessionExpiredSeconds);
-        return new MemoryLoginUserCache(loginUsers);
-    }
-
-    /**
-     * 登录用户token的缓存，默认使用内存方式
-     * <p>
-     * 如需redis，可在项目创建一个名为 allPlaceLoginTokenCache 的bean替代即可
-     *
-     * @author fengshuonan
-     * @date 2021/1/31 21:04
-     */
-    @Bean
-    @ConditionalOnMissingBean(name = "allPlaceLoginTokenCache")
-    public CacheOperatorApi<Set<String>> allPlaceLoginTokenCache() {
-        TimedCache<String, Set<String>> loginTokens = CacheUtil.newTimedCache(CacheConstants.NONE_EXPIRED_TIME);
-        return new MemoryLoginTokenCache(loginTokens);
-    }
-
    /**
     * 默认的session缓存为内存缓存，方便启动
     * <p>
@ -171,8 +135,8 @@ public class GunsAuthAutoConfiguration {
     */
    @Bean
    @ConditionalOnMissingBean(ClearInvalidLoginUserCacheTimer.class)
-    public ClearInvalidLoginUserCacheTimer clearInvalidLoginUserCacheTimer() {
-        return new ClearInvalidLoginUserCacheTimer(loginUserCache(), allPlaceLoginTokenCache());
+    public ClearInvalidLoginUserCacheTimer clearInvalidLoginUserCacheTimer(CacheOperatorApi<LoginUser> loginUserCache, CacheOperatorApi<Set<String>> allPlaceLoginTokenCache) {
+        return new ClearInvalidLoginUserCacheTimer(loginUserCache, allPlaceLoginTokenCache);
    }

 }
--- a/kernel-d-auth/auth-spring-boot-starter/src/main/java/cn/stylefeng/roses/kernel/auth/starter/GunsAuthTokenCacheAutoConfiguration.java
+++ b/kernel-d-auth/auth-spring-boot-starter/src/main/java/cn/stylefeng/roses/kernel/auth/starter/GunsAuthTokenCacheAutoConfiguration.java
@ -0,0 +1,112 @@
+/*
+ * Copyright [2020-2030] [https://www.stylefeng.cn]
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Guns采用APACHE LICENSE 2.0开源协议，您在使用过程中，需要注意以下几点：
+ *
+ * 1.请不要删除和修改根目录下的LICENSE文件。
+ * 2.请不要删除和修改Guns源码头部的版权声明。
+ * 3.请保留源码和相关描述文件的项目出处，作者声明等。
+ * 4.分发源码时候，请注明软件出处 https://gitee.com/stylefeng/guns
+ * 5.在修改包名，模块名称，项目代码等时，请注明软件出处 https://gitee.com/stylefeng/guns
+ * 6.若您的项目无法满足以上几点，可申请商业授权
+ */
+package cn.stylefeng.roses.kernel.auth.starter;
+
+import cn.hutool.cache.CacheUtil;
+import cn.hutool.cache.impl.TimedCache;
+import cn.stylefeng.roses.kernel.auth.api.constants.LoginCacheConstants;
+import cn.stylefeng.roses.kernel.auth.api.expander.AuthConfigExpander;
+import cn.stylefeng.roses.kernel.auth.api.pojo.login.LoginUser;
+import cn.stylefeng.roses.kernel.auth.cache.LoginErrorCountMemoryCache;
+import cn.stylefeng.roses.kernel.auth.session.cache.catoken.MemoryCaClientTokenCache;
+import cn.stylefeng.roses.kernel.auth.session.cache.logintoken.MemoryLoginTokenCache;
+import cn.stylefeng.roses.kernel.auth.session.cache.loginuser.MemoryLoginUserCache;
+import cn.stylefeng.roses.kernel.cache.api.CacheOperatorApi;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+import java.util.Set;
+
+import static cn.stylefeng.roses.kernel.cache.api.constants.CacheConstants.NONE_EXPIRED_TIME;
+
+
+/**
+ * 认证和鉴权模块的自动配置
+ *
+ * @author fengshuonan
+ * @date 2020/11/30 22:16
+ */
+@Configuration
+public class GunsAuthTokenCacheAutoConfiguration {
+
+    /**
+     * 登录用户的缓存，默认使用内存方式
+     * <p>
+     * 如需redis，可在项目创建一个名为 loginUserCache 的bean替代即可
+     *
+     * @author fengshuonan
+     * @date 2021/1/31 21:04
+     */
+    @Bean
+    @ConditionalOnMissingBean(name = "loginUserCache")
+    public CacheOperatorApi<LoginUser> loginUserCache() {
+        Long sessionExpiredSeconds = AuthConfigExpander.getSessionExpiredSeconds();
+        TimedCache<String, LoginUser> loginUsers = CacheUtil.newTimedCache(1000L * sessionExpiredSeconds);
+        return new MemoryLoginUserCache(loginUsers);
+    }
+
+    /**
+     * 登录用户token的缓存，默认使用内存方式
+     * <p>
+     * 如需redis，可在项目创建一个名为 allPlaceLoginTokenCache 的bean替代即可
+     *
+     * @author fengshuonan
+     * @date 2021/1/31 21:04
+     */
+    @Bean
+    @ConditionalOnMissingBean(name = "allPlaceLoginTokenCache")
+    public CacheOperatorApi<Set<String>> allPlaceLoginTokenCache() {
+        TimedCache<String, Set<String>> loginTokens = CacheUtil.newTimedCache(NONE_EXPIRED_TIME);
+        return new MemoryLoginTokenCache(loginTokens);
+    }
+
+    /**
+     * 登录错误次数的缓存
+     *
+     * @author fengshuonan
+     * @date 2022/3/15 17:25
+     */
+    @Bean
+    @ConditionalOnMissingBean(name = "loginErrorCountCacheApi")
+    public CacheOperatorApi<Integer> loginErrorCountCacheApi() {
+        TimedCache<String, Integer> loginTimeCache = CacheUtil.newTimedCache(LoginCacheConstants.LOGIN_CACHE_TIMEOUT_SECONDS * 1000);
+        return new LoginErrorCountMemoryCache(loginTimeCache);
+    }
+
+    /**
+     * CaClient单点登录token的缓存
+     *
+     * @author fengshuonan
+     * @date 2022/5/20 11:52
+     */
+    @Bean
+    @ConditionalOnMissingBean(name = "caClientTokenCacheApi")
+    public CacheOperatorApi<String> caClientTokenCacheApi() {
+        TimedCache<String, String> loginTimeCache = CacheUtil.newTimedCache(NONE_EXPIRED_TIME);
+        return new MemoryCaClientTokenCache(loginTimeCache);
+    }
+
+}
--- a/kernel-d-auth/auth-spring-boot-starter/src/main/java/cn/stylefeng/roses/kernel/auth/starter/GunsLoginCacheAutoConfiguration.java
+++ b/kernel-d-auth/auth-spring-boot-starter/src/main/java/cn/stylefeng/roses/kernel/auth/starter/GunsLoginCacheAutoConfiguration.java
@ -1,33 +0,0 @@
-package cn.stylefeng.roses.kernel.auth.starter;
-
-import cn.hutool.cache.CacheUtil;
-import cn.hutool.cache.impl.TimedCache;
-import cn.stylefeng.roses.kernel.auth.api.constants.LoginCacheConstants;
-import cn.stylefeng.roses.kernel.auth.cache.LoginErrorCountMemoryCache;
-import cn.stylefeng.roses.kernel.cache.api.CacheOperatorApi;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-
-/**
- * 登录错误次数的缓存
- *
- * @author fengshuonan
- * @date 2022/3/15 17:26
- */
-@Configuration
-public class GunsLoginCacheAutoConfiguration {
-
-    /**
-     * 登录错误次数的缓存
-     *
-     * @author fengshuonan
-     * @date 2022/3/15 17:25
-     */
-    @Bean
-    @ConditionalOnMissingBean(name = "loginErrorCountCacheApi")
-    public CacheOperatorApi<Integer> loginErrorCountCacheApi() {
-        TimedCache<String, Integer> loginTimeCache = CacheUtil.newTimedCache(LoginCacheConstants.LOGIN_CACHE_TIMEOUT_SECONDS * 1000);
-        return new LoginErrorCountMemoryCache(loginTimeCache);
-    }
-}
--- a/kernel-d-auth/auth-spring-boot-starter/src/main/resources/META-INF/spring.factories
+++ b/kernel-d-auth/auth-spring-boot-starter/src/main/resources/META-INF/spring.factories
@ -1,4 +1,4 @@
 org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
  cn.stylefeng.roses.kernel.auth.starter.GunsAuthAutoConfiguration,\
  cn.stylefeng.roses.kernel.auth.starter.GunsSsoAutoConfiguration,\
-  cn.stylefeng.roses.kernel.auth.starter.GunsLoginCacheAutoConfiguration
+  cn.stylefeng.roses.kernel.auth.starter.GunsAuthTokenCacheAutoConfiguration
--- a/kernel-s-system/system-business-user/src/main/java/cn/stylefeng/roses/kernel/system/modular/user/controller/LoginController.java
+++ b/kernel-s-system/system-business-user/src/main/java/cn/stylefeng/roses/kernel/system/modular/user/controller/LoginController.java
@ -24,6 +24,7 @@
 */
 package cn.stylefeng.roses.kernel.system.modular.user.controller;

+import cn.hutool.core.util.StrUtil;
 import cn.stylefeng.roses.kernel.auth.api.AuthServiceApi;
 import cn.stylefeng.roses.kernel.auth.api.SessionManagerApi;
 import cn.stylefeng.roses.kernel.auth.api.context.LoginContext;
@ -31,6 +32,7 @@ import cn.stylefeng.roses.kernel.auth.api.pojo.auth.LoginRequest;
 import cn.stylefeng.roses.kernel.auth.api.pojo.auth.LoginResponse;
 import cn.stylefeng.roses.kernel.auth.api.pojo.auth.LoginWithTokenRequest;
 import cn.stylefeng.roses.kernel.auth.api.pojo.login.LoginUser;
+import cn.stylefeng.roses.kernel.cache.api.CacheOperatorApi;
 import cn.stylefeng.roses.kernel.rule.pojo.response.ResponseData;
 import cn.stylefeng.roses.kernel.rule.pojo.response.SuccessResponseData;
 import cn.stylefeng.roses.kernel.scanner.api.annotation.ApiResource;
@ -45,6 +47,7 @@ import lombok.extern.slf4j.Slf4j;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;

 import javax.annotation.Resource;
@ -70,6 +73,9 @@ public class LoginController {
    @Resource
    private IndexUserInfoService indexUserInfoService;

+    @Resource(name = "caClientTokenCacheApi")
+    private CacheOperatorApi<String> caClientTokenCacheApi;
+
    /**
     * 用户登陆
     *
@ -108,6 +114,28 @@ public class LoginController {
        return new SuccessResponseData<>(loginResponse.getToken());
    }

+    /**
+     * 单点退出，基于CaClientToken的单点退出
+     *
+     * @param caClientToken token是单点登录回调本系统时候的token
+     * @author fengshuonan
+     * @date 2021/3/17 17:24
+     */
+    @ApiResource(name = "单点退出", path = "/logoutByCaClientToken", requiredLogin = false, requiredPermission = false, method = {RequestMethod.GET, RequestMethod.POST})
+    public ResponseData<?> ssoLogout(@RequestParam("caClientToken") String caClientToken) {
+
+        // 获取CaClientToken对应的本地用户
+        String currentSystemToken = caClientTokenCacheApi.get(caClientToken);
+
+        if (StrUtil.isNotBlank(currentSystemToken)) {
+            // 移除本系统中token
+            authServiceApi.logoutWithToken(currentSystemToken);
+            caClientTokenCacheApi.remove(caClientToken);
+        }
+
+        return new SuccessResponseData<>();
+    }
+
    /**
     * 用户登出
     *