@IPU_REQ_0043@weihf@添加spring session校验，使用ipu-cache.xml配置session所用redis。

ipu-rest-scaffold/pom.xml

@@ -47,6 +47,7 @@
		<ipu-db>3.2-SNAPSHOT</ipu-db>
		<ipu-rest>3.2-SNAPSHOT</ipu-rest>
		<junit>4.12</junit>
		<spring.session>1.3.5.RELEASE</spring.session>
	</properties>
	<dependencies>
@@ -62,6 +63,17 @@
			<artifactId>ipu-portal</artifactId>
			<version>${ipu-rest}</version>
		</dependency>
		<!-- 添加springboot使用redis管理session的依赖 -->
		<dependency>
		    <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-redis</artifactId>
		</dependency>
        <dependency>
            <groupId>org.springframework.session</groupId>
            <artifactId>spring-session-data-redis</artifactId>
            <version>${spring.session}</version>
        </dependency>
	</dependencies>
	<build>

ipu-rest-scaffold/src/main/java/com/ai/ipu/server/RestScaffoldStart.java

@@ -1,9 +1,11 @@
package com.ai.ipu.server;
import com.ai.ipu.basic.util.IpuBaseException;
import com.ai.ipu.restful.boot.IpuRestApplication;
import com.ai.ipu.server.handler.AuthHandler;
import com.ai.ipu.server.handler.HandlerManager;
import com.ai.ipu.server.util.RedisUtil;
/**
 * @author huangbo@asiainfo.com
 * @team IPU
@@ -21,8 +23,16 @@ public class RestScaffoldStart {
		try{
			IpuBaseException.registerCode(EXCEPTION_MESSAGES_CONFIG);
		}catch(Exception e) {}
		//将ipu-cache配置作为springboot配置
		String[] newArgs;
		try {
			newArgs = RedisUtil.initRedis(args);
		} catch (Exception e) {
			e.printStackTrace();
			newArgs = args.clone();
		}
		/*启动*/
	    IpuRestApplication.start(args);
	    IpuRestApplication.start(newArgs);
	}
    private static void defineHandler() {

ipu-rest-scaffold/src/main/java/com/ai/ipu/server/config/RedisSessionConfig.java

@@ -0,0 +1,14 @@
package com.ai.ipu.server.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
/**
 * 添加@EnableRedisHttpSession来开启spring session支持
 */
@Configuration
// maxInactiveIntervalInSeconds 默认是1800秒过期，这里测试修改为60秒
@EnableRedisHttpSession(maxInactiveIntervalInSeconds = 60)
public class RedisSessionConfig {
}

ipu-rest-scaffold/src/main/java/com/ai/ipu/server/config/RedisSessionInterceptor.java

@@ -0,0 +1,54 @@
package com.ai.ipu.server.config;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import com.ai.ipu.basic.util.IpuException;
import com.ai.ipu.server.util.RedisUtil;
/**
 * 登录状态拦截器RedisSessionInterceptor
 */
public class RedisSessionInterceptor implements HandlerInterceptor {
    @Autowired
    private RedisUtil redisUtil;
	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
			throws Exception {
		// 无论访问的地址是不是正确的，都进行登录验证，登录成功后的访问再进行分发，404的访问自然会进入到错误控制器中
		if (redisUtil.getSessionId(request) != null) {
			try {
				// 验证当前请求的session是否是已登录的session
				String loginSessionId = (String) redisUtil.getRedisSessionId(request);
				System.out.println("用户已登录，sessionId为： " + loginSessionId);
				if (redisUtil.isValidSession(request)) {
					return true;
				}
			} catch (Exception e) {
				e.printStackTrace();
			}
		}
		throw new IpuException("404-用户未登录！");
	}
	
	public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
			ModelAndView modelAndView) throws Exception {
        
	}
	@Override
	public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
			throws Exception {
	}
	
}

ipu-rest-scaffold/src/main/java/com/ai/ipu/server/config/WebSecurityConfig.java

@@ -0,0 +1,26 @@
package com.ai.ipu.server.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
/**
 * Session配置拦截器
 */
@Configuration
public class WebSecurityConfig extends WebMvcConfigurerAdapter {
    @Bean
	public RedisSessionInterceptor getSessionInterceptor() {
		return new RedisSessionInterceptor();
	}
    
	public void addInterceptors(InterceptorRegistry registry) {
		// 所有已api开头的访问都要进入RedisSessionInterceptor拦截器进行登录验证，并排除login接口(全路径)。必须写成链式，分别设置的话会创建多个拦截器。
		// 必须写成getSessionInterceptor()，否则SessionInterceptor中的@Autowired会无效
		registry.addInterceptor(getSessionInterceptor()).addPathPatterns("/**").excludePathPatterns("/login");
		super.addInterceptors(registry);
	}
}

ipu-rest-scaffold/src/main/java/com/ai/ipu/server/control/AuthController.java

@@ -1,5 +1,7 @@
package com.ai.ipu.server.control;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@@ -12,6 +14,7 @@ import com.ai.ipu.data.impl.JsonMap;
import com.ai.ipu.server.handler.AuthHandler;
import com.ai.ipu.server.handler.HandlerManager;
import com.ai.ipu.server.service.AuthService;
import com.ai.ipu.server.util.RedisUtil;
@Controller
public class AuthController {
@@ -20,7 +23,10 @@ public class AuthController {
    /**自动实例化AuthServiceImpl*/
    @Autowired
    private AuthService authService;
    
    @Autowired
    private HttpServletRequest request;
    @Autowired
    private RedisUtil redisUtil;
    /**
     * 登录
     * @param input
@@ -37,6 +43,8 @@ public class AuthController {
        JMap result = new JsonMap();
        if(authService.login(username, password)){
            result.put("msg", "校验成功");
            String sessionId = "12345678";
            redisUtil.saveSessionId(request, sessionId);
        }else{
            AuthHandler handler = HandlerManager.takeAuthHandler();
            result.put("msg", handler.authFailMessage(username));

ipu-rest-scaffold/src/main/java/com/ai/ipu/server/util/RedisOperUtil.java

@@ -0,0 +1,107 @@
package com.ai.ipu.server.util;
import java.util.concurrent.TimeUnit;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.stereotype.Component;
import com.ai.ipu.basic.string.StringUtil;
import com.ai.ipu.basic.util.IpuException;
import com.ai.ipu.basic.util.IpuUtility;
import com.ai.ipu.cache.ICache;
@Component
public class RedisOperUtil implements ICache{
    @Autowired
    private StringRedisTemplate redisTemplate;
    /**
     * 存
     */
    @Override
    public boolean put(Object key, Object value) throws Exception {
        boolean result = true;
        try{
            if (key instanceof String)
                redisTemplate.opsForValue().set(key.toString(), String.valueOf(value));
            else
            	IpuUtility.error("key只支持String，保存数据到缓存操作失败"); 
        }catch (NullPointerException e)
		{
			if (StringUtil.isEmpty((String)key))
				IpuUtility.error("由于key值为空，导致保存数据到缓存操作失败", e);
			IpuUtility.error("由于value值为空，导致保存数据到缓存操作失败", e);
			result = false;
		}
        return result;
    }
    /**
     * 取
     */
    @Override
    public Object get(Object key) throws Exception {      
        
        return redisTemplate.opsForValue().get(key);
    }
    /**
     * 移除
     */
    @Override
    public boolean remove(Object key) throws Exception {
        throw new IpuException("不支持删除操作");
    }
    /**
     * 清除
     */
    @Override
    public void clear() throws Exception {
        ;
    }
    /**
     * key是否存在
     */
    @Override
    public boolean keyExists(String key) { 	
        return redisTemplate.opsForValue().get(key) == null?false:true;
    }
    /**
     * 设置数据
     * @param key
     * @param value
     * @param timeoutSeconds
     * @return
     * @throws Exception
     */
    @Override
    public boolean put(Object key, Object value, int timeoutSeconds) throws Exception {
        boolean result = true;
        try {
            if (key instanceof String)
            	redisTemplate.opsForValue().set(key.toString(), String.valueOf(value), timeoutSeconds, TimeUnit.SECONDS);
            else
            	IpuUtility.error("key只支持String，保存数据到缓存操作失败"); 
        }catch (NullPointerException e)
		{
			if (StringUtil.isEmpty((String)key))
				IpuUtility.error("由于key值为空，导致保存数据到缓存操作失败", e);
			IpuUtility.error("由于value值为空，导致保存数据到缓存操作失败", e);
			result = false;
		}
        return result;
    }
    @Override
    public void close() throws Exception {
    	;
    }
}

ipu-rest-scaffold/src/main/java/com/ai/ipu/server/util/RedisUtil.java

@@ -0,0 +1,129 @@
package com.ai.ipu.server.util;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.jsoup.helper.StringUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import com.ai.ipu.basic.util.IpuException;
import com.ai.ipu.cache.CacheFactory;
import com.ai.ipu.cache.config.IpuCacheConfig;
import com.ai.ipu.cache.util.IpuCacheConstant;
@Component
public class RedisUtil{    
    private static final String DEFAULT_CACHE_NAME = "ssn";
    @Autowired
    private RedisOperUtil redis;
    
	public static String[] initRedis(String[] args) throws Exception {
		//将ipu-cache配置作为springboot配置
		String[] argv = new String[args.length+9];
        String cacheName = DEFAULT_CACHE_NAME;
		int i=0;		
		for (String arg : args) {
			if (arg.contains("--redis.cache.name")&&arg.contains("=")) {
				cacheName = arg.substring(arg.indexOf("=")+1);
				argv[i++] = " ";
			}
			else
				argv[i++] = arg;
		}
		String cacheType = IpuCacheConfig.getCacheType(cacheName);
		if (!CacheFactory.DEFAULT_CACHE_TYPE.endsWith(cacheType))
			throw new IpuException("只支持redis保存spring session信息！请检查ipu-cache.xml里的type");
		
		String jedisType = IpuCacheConfig.getCacheDefaultAttr(cacheName,
                IpuCacheConstant.Redis.CLIENT_TYPE, IpuCacheConstant.ClientType.JEDIS_CLIENT);
		
		argv[i++] = "--spring.session.store-type="+CacheFactory.DEFAULT_CACHE_TYPE;
		List<Map<String,String>> clusterList = IpuCacheConfig.getCacheServers(cacheName);
        if (null == clusterList || clusterList.isEmpty())
            throw new IllegalArgumentException("请确认ipu-cache.xml里server是否配置正确");
        
		if (IpuCacheConstant.ClientType.JEDIS_CLIENT.equalsIgnoreCase(jedisType))
        {
        	//只取第一个redis地址
            Map<String, String> server = clusterList.get(0);
        	argv[i++] = "--spring.redis.database=0";
        	argv[i++] = "--spring.redis.host=" + server.get(IpuCacheConstant.Redis.IP);
        	argv[i++] = "--spring.redis.port=" + server.get(IpuCacheConstant.Redis.PORT);
        }
        else
        {
        	//拼集群节点
        	StringBuffer nodes = new StringBuffer();
        	Map<String, String> server;
        	int j=0;
            for (; j < clusterList.size(); j++) {
                server = clusterList.get(j);
                if (j == clusterList.size()-1)
                    nodes.append(server.get(IpuCacheConstant.Redis.IP)).append(":").append(server.get(IpuCacheConstant.Redis.PORT));
                else
                	nodes.append(server.get(IpuCacheConstant.Redis.IP)).append(":").append(server.get(IpuCacheConstant.Redis.PORT)).append(",");
            }
    		argv[i++] = "--spring.redis.cluster.nodes=" + nodes.toString();
    		argv[i++] = "--spring.redis.cluster.timeout=5";
    		argv[i++] = "--spring.redis.cluster.max-redirects=3";
        }
		//设置访问密码
		String auth = IpuCacheConfig.getCacheAttr(cacheName, IpuCacheConstant.Redis.AUTH);
        if (StringUtil.isBlank(auth))
        	argv[i++] = "--spring.redis.password= ";
        else
        	argv[i++] = "--spring.redis.password=" + auth;
        
        //设置连接池参数
        int poolSize = IpuCacheConstant.RedisConstant.DEFAULT_POOL_SIZE;
        int maxIdle  = IpuCacheConstant.RedisConstant.DEFAULT_MAX_IDLE;
        int minIdle  = IpuCacheConstant.RedisConstant.DEFAULT_MIN_IDLE;
        
        String strPoolSize = IpuCacheConfig.getCacheAttr(cacheName, IpuCacheConstant.Redis.POOL_SIZE);
        String strMaxIdle = IpuCacheConfig.getCacheAttr(cacheName, IpuCacheConstant.Redis.MAX_IDLE);
        String strMinIdle = IpuCacheConfig.getCacheAttr(cacheName, IpuCacheConstant.Redis.MIN_IDLE);        
        if(!StringUtil.isBlank(strPoolSize)){
            poolSize = Integer.parseInt(strPoolSize);
        }
        if (!StringUtil.isBlank(strMaxIdle)){
            maxIdle = Integer.parseInt(strMaxIdle);
        }
        if (!StringUtil.isBlank(strMinIdle)){
            minIdle = Integer.parseInt(strMinIdle);
        }
		argv[i++] = "--spring.redis.pool.max-active=" + poolSize;
		argv[i++] = "--spring.redis.pool.max-idle=" + maxIdle;
		argv[i++] = "--spring.redis.pool.max-wait=-1";
		argv[i++] = "--spring.redis.pool.min-idle=" + minIdle;
        return argv;        
	}
	
	public Object getSessionId(HttpServletRequest request) {
		HttpSession session = request.getSession();
		return session.getAttribute("loginSessionId");
	}	
	
	public void saveSessionId(HttpServletRequest request, Object sessionId) throws Exception {
		HttpSession session = request.getSession();
		session.setAttribute("loginSessionId", sessionId);
		redis.put("loginUser:"+sessionId, session.getId());
	}	
	
	public Object getRedisSessionId(HttpServletRequest request) throws Exception {
		String sessionId = (String)getSessionId(request);
		return redis.get("loginUser:"+sessionId);
	}	
	
	public boolean isValidSession(HttpServletRequest request) throws Exception {
		HttpSession session = request.getSession();
		String sessionId = (String)getSessionId(request);
		String redisSessionId = (String)redis.get("loginUser:"+sessionId);
		return session.getId().equals(redisSessionId)?true:false;
	}
}