ソースを参照

SessionManager

MaxKey 3 年 前
コミット
69aa4f27ad

+ 2 - 0
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/AbstractSessionManager.java

@@ -37,6 +37,8 @@ public class AbstractSessionManager  implements SessionManager{
 	
 	protected JdbcTemplate jdbcTemplate;
 	
+	protected int validitySeconds = 60 * 30; //default 30 minutes.
+	
 	private static final String DEFAULT_DEFAULT_SELECT_STATEMENT = 
 			"select id,sessionid,userId,username,displayname,logintime from mxk_history_login where sessionstatus = 1";
 	

+ 10 - 4
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/InMemorySessionManager.java

@@ -34,13 +34,19 @@ public class InMemorySessionManager extends AbstractSessionManager{
 
 	protected  static  Cache<String, Session> sessionStore = 
         	        Caffeine.newBuilder()
-        	            .expireAfterWrite(30, TimeUnit.MINUTES)
-        	            .maximumSize(200000)
+        	            .expireAfterWrite(10, TimeUnit.MINUTES)
+        	            .maximumSize(2000000)
         	            .build();
 	
-	public InMemorySessionManager(JdbcTemplate jdbcTemplate) {
+	public InMemorySessionManager(JdbcTemplate jdbcTemplate,int validitySeconds) {
         super();
         this.jdbcTemplate = jdbcTemplate;
+        sessionStore = 
+                Caffeine.newBuilder()
+                    .expireAfterWrite(validitySeconds, TimeUnit.SECONDS)
+                    .maximumSize(2000000)
+                    .build();
+        
     }
 
     @Override
@@ -65,7 +71,7 @@ public class InMemorySessionManager extends AbstractSessionManager{
     public void setValiditySeconds(int validitySeconds) {
     	sessionStore = 
                 Caffeine.newBuilder()
-                    .expireAfterWrite(validitySeconds/60, TimeUnit.MINUTES)
+                    .expireAfterWrite(validitySeconds, TimeUnit.SECONDS)
                     .maximumSize(200000)
                     .build();
         

+ 13 - 11
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/RedisSessionManager.java

@@ -30,8 +30,6 @@ import org.springframework.jdbc.core.JdbcTemplate;
 public class RedisSessionManager extends AbstractSessionManager {
     private static final Logger _logger = LoggerFactory.getLogger(RedisSessionManager.class);
 	
-	protected int serviceTicketValiditySeconds = 60 * 30; //default 30 minutes.
-	
 	RedisConnectionFactory connectionFactory;
 	
 	public static String PREFIX="REDIS_SESSION_";
@@ -40,10 +38,11 @@ public class RedisSessionManager extends AbstractSessionManager {
 	 */
 	public RedisSessionManager(
 			RedisConnectionFactory connectionFactory,
-			JdbcTemplate jdbcTemplate) {
+			JdbcTemplate jdbcTemplate,int validitySeconds) {
 		super();
 		this.connectionFactory = connectionFactory;
 		this.jdbcTemplate = jdbcTemplate;
+		this.validitySeconds = validitySeconds;
 	}
 	
 	/**
@@ -58,9 +57,9 @@ public class RedisSessionManager extends AbstractSessionManager {
 	}
 
 	@Override
-	public void create(String sessionId, Session ticket) {
+	public void create(String sessionId, Session session) {
 		RedisConnection conn = connectionFactory.getConnection();
-		conn.setexObject(PREFIX + sessionId, serviceTicketValiditySeconds, ticket);
+		conn.setexObject(PREFIX + sessionId, validitySeconds, session);
 		conn.close();
 	}
 
@@ -81,13 +80,16 @@ public class RedisSessionManager extends AbstractSessionManager {
         return session;
     }
 
-    @Override
-    public void setValiditySeconds(int validitySeconds) {
-       this.serviceTicketValiditySeconds = validitySeconds;
-        
-    }
+   
+    public int getValiditySeconds() {
+		return validitySeconds;
+	}
 
-    @Override
+	public void setValiditySeconds(int validitySeconds) {
+		this.validitySeconds = validitySeconds;
+	}
+
+	@Override
     public void refresh(String sessionId,LocalTime refreshTime) {
         Session session = get(sessionId);
         session.setLastAccessTime(refreshTime);

+ 8 - 7
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/SessionManagerFactory.java

@@ -1,5 +1,5 @@
 /*
- * Copyright [2021] [MaxKey of copyright http://www.maxkey.top]
+ * Copyright [2022] [MaxKey of copyright http://www.maxkey.top]
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -30,17 +30,18 @@ public class SessionManagerFactory {
 	 public SessionManager getManager(
 			 	int persistence,
 			 	JdbcTemplate jdbcTemplate,
-	            RedisConnectionFactory redisConnFactory){
-		 
+	            RedisConnectionFactory redisConnFactory,
+	            int validitySeconds){
 		 SessionManager sessionService = null;
 		if (persistence == ConstsPersistence.INMEMORY) {
-			sessionService = new InMemorySessionManager(jdbcTemplate);
-		    _logger.debug("InMemorySessionService");
+			sessionService = new InMemorySessionManager(jdbcTemplate,validitySeconds);
+		    _logger.debug("InMemorySessionManager");
 		} else if (persistence == ConstsPersistence.JDBC) {
 		    _logger.debug("JdbcSessionService not support "); 
 		} else if (persistence == ConstsPersistence.REDIS) {
-			sessionService = new RedisSessionManager(redisConnFactory,jdbcTemplate);
-		    _logger.debug("RedisSessionService");
+			sessionService = new RedisSessionManager(
+						redisConnFactory,jdbcTemplate,validitySeconds);
+		    _logger.debug("RedisSessionManager");
 		}
 		
 		return sessionService;

+ 5 - 3
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/AbstractRemeberMeService.java

@@ -89,8 +89,8 @@ public abstract class AbstractRemeberMeService {
         return true;
     }
     
-    public RemeberMe resolve(String rememberMeToken) throws ParseException {
-    	JWTClaimsSet claims = authJwtService.resolve(rememberMeToken);
+    public RemeberMe resolve(String rememberMeJwt) throws ParseException {
+    	JWTClaimsSet claims = authJwtService.resolve(rememberMeJwt);
     	RemeberMe remeberMe = new RemeberMe();
 		remeberMe.setId(claims.getJWTID());
 		remeberMe.setUsername(claims.getSubject());
@@ -117,7 +117,9 @@ public abstract class AbstractRemeberMeService {
 	}
 
 	public void setValidity(Integer validity) {
-		this.validity = validity;
+		if(validity != 0 ) {
+			this.validity = validity;
+		}
 	}
     
 

+ 5 - 1
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/JdbcRemeberMeService.java

@@ -50,10 +50,14 @@ public class JdbcRemeberMeService extends AbstractRemeberMeService {
     public JdbcRemeberMeService(
     			JdbcTemplate jdbcTemplate,
     			ApplicationConfig applicationConfig,
-    			AuthJwtService authJwtService) {
+    			AuthJwtService authJwtService,
+    			int validity) {
         this.jdbcTemplate = jdbcTemplate;
         this.applicationConfig = applicationConfig;
         this.authJwtService = authJwtService;
+        if(validity != 0) {
+        	this.validity = validity;
+        }
     }
 
     @Override

+ 15 - 14
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/AuthenticationAutoConfiguration.java

@@ -70,7 +70,7 @@ public class AuthenticationAutoConfiguration  implements InitializingBean {
         return new SavedRequestAwareAuthenticationSuccessHandler();
     }
     
-    @Bean(name = "authenticationProvider")
+    @Bean
     public AbstractAuthenticationProvider authenticationProvider(
     		AbstractAuthenticationProvider normalAuthenticationProvider,
     		AbstractAuthenticationProvider mobileAuthenticationProvider,
@@ -100,7 +100,7 @@ public class AuthenticationAutoConfiguration  implements InitializingBean {
         	);
     }
     
-    @Bean(name = "mobileAuthenticationProvider")
+    @Bean
     public AbstractAuthenticationProvider mobileAuthenticationProvider(
     		AbstractAuthenticationRealm authenticationRealm,
     		ApplicationConfig applicationConfig,
@@ -116,7 +116,7 @@ public class AuthenticationAutoConfiguration  implements InitializingBean {
         	);
     }
 
-    @Bean(name = "trustedAuthenticationProvider")
+    @Bean
     public AbstractAuthenticationProvider trustedAuthenticationProvider(
     		AbstractAuthenticationRealm authenticationRealm,
     		ApplicationConfig applicationConfig,
@@ -130,7 +130,7 @@ public class AuthenticationAutoConfiguration  implements InitializingBean {
         	);
     }
     
-    @Bean(name = "authJwtService")
+    @Bean
     public AuthJwtService authJwtService(
     		AuthJwkConfig authJwkConfig,
     		RedisConnectionFactory redisConnFactory,
@@ -162,23 +162,22 @@ public class AuthenticationAutoConfiguration  implements InitializingBean {
             otpAuthnService.setRedisOptTokenStore(redisOptTokenStore);
         }
         
-        
         _logger.debug("OneTimePasswordService {} inited." , 
         				persistence == ConstsPersistence.REDIS ? "Redis" : "InMemory");
         return otpAuthnService;
     }
     
-    @Bean(name = "passwordPolicyValidator")
+    @Bean
     public PasswordPolicyValidator passwordPolicyValidator(JdbcTemplate jdbcTemplate,MessageSource messageSource) {
         return new PasswordPolicyValidator(jdbcTemplate,messageSource);
     }
     
-    @Bean(name = "loginRepository")
+    @Bean
     public LoginRepository loginRepository(JdbcTemplate jdbcTemplate) {
         return new LoginRepository(jdbcTemplate);
     }
-    @Bean(name = "loginHistoryRepository")
-    public LoginHistoryRepository LoginHistoryRepository(JdbcTemplate jdbcTemplate) {
+    @Bean
+    public LoginHistoryRepository loginHistoryRepository(JdbcTemplate jdbcTemplate) {
         return new LoginHistoryRepository(jdbcTemplate);
     }
     
@@ -188,12 +187,12 @@ public class AuthenticationAutoConfiguration  implements InitializingBean {
             @Value("${maxkey.server.persistence}") int persistence,
             JdbcTemplate jdbcTemplate,
             RedisConnectionFactory redisConnFactory,
-            @Value("${server.servlet.session.timeout:1800}") int timeout
+            @Value("${maxkey.session.timeout:1800}") int timeout
             ) {
+    	_logger.trace("session timeout " + timeout);
         SessionManager  sessionManager  = 
-                new SessionManagerFactory().getManager(persistence, jdbcTemplate, redisConnFactory);
-        sessionManager.setValiditySeconds(timeout);
-        _logger.trace("onlineTicket timeout " + timeout);
+                new SessionManagerFactory().getManager(
+                		persistence, jdbcTemplate, redisConnFactory,timeout);
         return sessionManager;
     }
     
@@ -209,7 +208,9 @@ public class AuthenticationAutoConfiguration  implements InitializingBean {
             ApplicationConfig applicationConfig,
             AuthJwtService authJwtService,
             JdbcTemplate jdbcTemplate) {
-        return new  JdbcRemeberMeService(jdbcTemplate,applicationConfig,authJwtService);
+    	_logger.trace("init remeberMeService , validity {}." , validity);
+        return new  JdbcRemeberMeService(
+        		jdbcTemplate,applicationConfig,authJwtService,validity);
     }
     
     @Bean

+ 6 - 0
maxkey-core/src/main/java/org/maxkey/configuration/AuthJwkConfig.java

@@ -33,6 +33,12 @@ public class AuthJwkConfig {
 	
 	@Value("${maxkey.auth.jwt.secret}")
 	String 	secret;
+	
+	@Value("${maxkey.session.timeout}")
+	String 	refreshExpire;
+	
+	@Value("${maxkey.auth.jwt.refresh.secret}")
+	String 	refreshSecret;
 
 	public AuthJwkConfig() {
 		super();

+ 7 - 7
maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/LoginEntryPoint.java

@@ -108,13 +108,13 @@ public class LoginEntryPoint {
 	@Operation(summary  = "登录接口", description  = "用户登录地址",method="GET")
 	@RequestMapping(value={"/get"}, produces = {MediaType.APPLICATION_JSON_VALUE})
 	public ResponseEntity<?> get(
-				@RequestParam(value = "remember_me", required = false) String rememberMeToken) {
+				@RequestParam(value = "remember_me", required = false) String rememberMeJwt) {
 		_logger.debug("/get.");
 		//Remember Me
-		if(StringUtils.isNotBlank(rememberMeToken)
-				&& authJwtService.validateJwtToken(rememberMeToken)) {
+		if(StringUtils.isNotBlank(rememberMeJwt)
+				&& authJwtService.validateJwtToken(rememberMeJwt)) {
 			try {
-				RemeberMe remeberMe = remeberMeService.resolve(rememberMeToken);
+				RemeberMe remeberMe = remeberMeService.resolve(rememberMeJwt);
 				if(remeberMe != null) {
 					LoginCredential credential = new LoginCredential();
 					String remeberMeJwt = remeberMeService.updateRemeberMe(remeberMe);
@@ -209,9 +209,9 @@ public class LoginEntryPoint {
  	 * @return
  	 */
  	@RequestMapping(value={"/congress"}, produces = {MediaType.APPLICATION_JSON_VALUE})
-	public ResponseEntity<?> congress( @RequestBody LoginCredential loginCredential) {
- 		if(StringUtils.isNotBlank(loginCredential.getCongress())){
- 			AuthJwt authJwt = authJwtService.consumeCongress(loginCredential.getCongress());
+	public ResponseEntity<?> congress( @RequestBody LoginCredential credential) {
+ 		if(StringUtils.isNotBlank(credential.getCongress())){
+ 			AuthJwt authJwt = authJwtService.consumeCongress(credential.getCongress());
  			if(authJwt != null) {
  				return new Message<AuthJwt>(authJwt).buildResponse();
  			}

+ 10 - 7
maxkey-webs/maxkey-web-maxkey/src/main/resources/application-http.properties

@@ -17,10 +17,12 @@
 ############################################################################
 #server port
 server.port                                     =${SERVER_PORT:8080}
-#session default 1800
-#1800s =30m
-#28800s=8h
-server.servlet.session.timeout                  =${SERVER_SESSION_TIMEOUT:1800}
+#session default 600
+#600s   =10m
+#1800s  =30m
+#3600s  =1h
+#28800s =8h
+server.servlet.session.timeout                  =${SERVLET_SESSION_TIMEOUT:600}
 #server context path
 server.servlet.context-path                     =/maxkey
 #nacos discovery
@@ -49,11 +51,12 @@ maxkey.server.persistence                       =${SERVER_PERSISTENCE:0}
 maxkey.server.message.queue                     =${SERVER_MESSAGE_QUEUE:none}
 #issuer name                
 maxkey.app.issuer                               =CN=ConSec,CN=COM,CN=SH
+#must > jwt expire * 2    
+maxkey.session.timeout                          =${SERVER_SESSION_TIMEOUT:1800}
 
 maxkey.auth.jwt.issuer                          =${maxkey.server.uri}
-maxkey.auth.jwt.expire                          =86400
+maxkey.auth.jwt.expire                          =600
 maxkey.auth.jwt.secret                          =7heM-14BtxjyKPuH3ITIm7q2-ps5MuBirWCsrrdbzzSAOuSPrbQYiaJ54AeA0uH2XdkYy3hHAkTFIsieGkyqxOJZ_dQzrCbaYISH9rhUZAKYx8tUY0wkE4ArOC6LqHDJarR6UIcMsARakK9U4dhoOPO1cj74XytemI-w6ACYfzRUn_Rn4e-CQMcnD1C56oNEukwalf06xVgXl41h6K8IBEzLVod58y_VfvFn-NGWpNG0fy_Qxng6dg8Dgva2DobvzMN2eejHGLGB-x809MvC4zbG7CKNVlcrzMYDt2Gt2sOVDrt2l9YqJNfgaLFjrOEVw5cuXemGkX1MvHj6TAsbLg
-maxkey.auth.jwt.refresh.expire                  =86400
 maxkey.auth.jwt.refresh.secret                  =7heM-14BtxjyKPuH3ITIm7q2-ps5MuBirWCsrrdbzzSAOuSPrbQYiaJ54AeA0uH2XdkYy3hHAkTFIsieGkyqxOJZ_dQzrCbaYISH9rhUZAKYx8tUY0wkE4ArOC6LqHDJarR6UIcMsARakK9U4dhoOPO1cj74XytemI-w6ACYfzRUn_Rn4e-CQMcnD1C56oNEukwalf06xVgXl41h6K8IBEzLVod58y_VfvFn-NGWpNG0fy_Qxng6dg8Dgva2DobvzMN2eejHGLGB-x809MvC4zbG7CKNVlcrzMYDt2Gt2sOVDrt2l9YqJNfgaLFjrOEVw5cuXemGkX1MvHj6TAsbLg
 ############################################################################
 #Login configuration                                                       #
@@ -72,7 +75,7 @@ maxkey.login.kerberos                           =false
 maxkey.login.wsfederation                       =false
 #remeberme          
 maxkey.login.remeberme                          =${LOGIN_REMEBERME:true}
-#validity           
+#validity day          
 maxkey.login.remeberme.validity                 =0
 #JWT support
 maxkey.login.jwt                                =${LOGIN_JWT:true}

+ 10 - 5
maxkey-webs/maxkey-web-maxkey/src/main/resources/application-https.properties

@@ -17,10 +17,12 @@
 ############################################################################
 #server port
 server.port                                     =${SERVER_PORT:443}
-#session default 1800
-#1800s =30m
-#28800s=8h
-server.servlet.session.timeout                  =${SERVER_SESSION_TIMEOUT:1800}
+#session default 600
+#600s   =10m
+#1800s  =30m
+#3600s  =1h
+#28800s =8h
+server.servlet.session.timeout                  =${SERVLET_SESSION_TIMEOUT:600}
 #server context path
 server.servlet.context-path                     =/maxkey
 #nacos discovery
@@ -45,10 +47,13 @@ maxkey.server.persistence                       =${SERVER_PERSISTENCE:0}
 maxkey.server.message.queue                     =${SERVER_MESSAGE_QUEUE:none}
 #issuer name                
 maxkey.app.issuer                               =CN=ConSec,CN=COM,CN=SH
+#must > jwt expire * 2    
+maxkey.session.timeout                          =${SERVER_SESSION_TIMEOUT:1800}
 
-maxkey.auth.jwt.expire                          =86400
 maxkey.auth.jwt.issuer                          =${maxkey.server.uri}
+maxkey.auth.jwt.expire                          =600
 maxkey.auth.jwt.secret                          =7heM-14BtxjyKPuH3ITIm7q2-ps5MuBirWCsrrdbzzSAOuSPrbQYiaJ54AeA0uH2XdkYy3hHAkTFIsieGkyqxOJZ_dQzrCbaYISH9rhUZAKYx8tUY0wkE4ArOC6LqHDJarR6UIcMsARakK9U4dhoOPO1cj74XytemI-w6ACYfzRUn_Rn4e-CQMcnD1C56oNEukwalf06xVgXl41h6K8IBEzLVod58y_VfvFn-NGWpNG0fy_Qxng6dg8Dgva2DobvzMN2eejHGLGB-x809MvC4zbG7CKNVlcrzMYDt2Gt2sOVDrt2l9YqJNfgaLFjrOEVw5cuXemGkX1MvHj6TAsbLg
+maxkey.auth.jwt.refresh.secret                  =7heM-14BtxjyKPuH3ITIm7q2-ps5MuBirWCsrrdbzzSAOuSPrbQYiaJ54AeA0uH2XdkYy3hHAkTFIsieGkyqxOJZ_dQzrCbaYISH9rhUZAKYx8tUY0wkE4ArOC6LqHDJarR6UIcMsARakK9U4dhoOPO1cj74XytemI-w6ACYfzRUn_Rn4e-CQMcnD1C56oNEukwalf06xVgXl41h6K8IBEzLVod58y_VfvFn-NGWpNG0fy_Qxng6dg8Dgva2DobvzMN2eejHGLGB-x809MvC4zbG7CKNVlcrzMYDt2Gt2sOVDrt2l9YqJNfgaLFjrOEVw5cuXemGkX1MvHj6TAsbLg
 ############################################################################
 #Login configuration                                                       #
 ############################################################################