• Home
• com.github.shawven
• security-browser
• 2.0.0
• source code
• AbstractSessionStrategy.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.github.shawven.security.browser.session.AbstractSessionStrategy Maven / Gradle / Ivy

package com.github.shawven.security.browser.session;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.github.shawven.security.authorization.ResponseData;
import com.github.shawven.security.authorization.Responses;
import com.github.shawven.security.browser.ResponseType;
import com.github.shawven.security.browser.config.BrowserConfiguration;
import org.apache.commons.lang3.StringUtils;
import org.springframework.http.HttpStatus;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.util.UrlUtils;
import org.springframework.util.Assert;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * 抽象的session失效处理器
 *
 * @author Shoven
 * @since 2019-05-08 21:53
 */
public class AbstractSessionStrategy {
	/**
	 * 跳转的url
	 */
	private String destinationUrl;
	/**
	 * 系统配置信息
	 */
	private BrowserConfiguration browserConfiguration;
	/**
	 * 重定向策略
	 */
	private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
	/**
	 * 跳转前是否创建新的session
	 */
	private boolean createNewSession = true;

	private ObjectMapper objectMapper = new ObjectMapper();


	public AbstractSessionStrategy(BrowserConfiguration browserConfiguration) {
		String invalidSessionUrl = browserConfiguration.getSession().getSessionInvalidUrl();
		Assert.isTrue(UrlUtils.isValidRedirectUrl(invalidSessionUrl), "url must start with '/' or with 'http(s)'");
		this.destinationUrl = invalidSessionUrl;
		this.browserConfiguration = browserConfiguration;
	}

	protected void onSessionInvalid(HttpServletRequest request, HttpServletResponse response) throws IOException {
		if (createNewSession) {
			request.getSession();
		}

		if (ResponseType.JSON.equals(browserConfiguration.getResponseType())) {
            ResponseData data = isConcurrency() ? Responses.concurrentLogin() : Responses.requireLogin();
            response.setCharacterEncoding("UTF-8");
            response.setStatus(HttpStatus.UNAUTHORIZED.value());
            response.setContentType("application/json;charset=UTF-8");
            response.getWriter().write(objectMapper.writeValueAsString(data));
        } else {
            String sourceUrl = request.getRequestURI();
            String targetUrl;
            // 登陆也或者退出页保持原来页面即可
            if (StringUtils.equals(sourceUrl, browserConfiguration.getSignInUrl())
                    || StringUtils.equals(sourceUrl, browserConfiguration.getSignOutSuccessUrl())){
                targetUrl = sourceUrl;
            } else{
                targetUrl = destinationUrl;
            }
            redirectStrategy.sendRedirect(request, response, targetUrl);
        }
	}

	/**
	 * session失效是否是并发导致的
	 *
	 * @return
	 */
	protected boolean isConcurrency() {
		return false;
	}


	public void setCreateNewSession(boolean createNewSession) {
		this.createNewSession = createNewSession;
	}

}