限制统一账号不同终端登录

2 years ago · dc04eea7c6
parent 556fd410c8
commit dc04eea7c6
6 changed files with 117 additions and 35 deletions
--- a/dangan-admin/src/main/resources/application.yml
+++ b/dangan-admin/src/main/resources/application.yml
@ -90,6 +90,8 @@ spring:

 # token配置
 token:
+  #是否允许账户多终端同时登录（true允许 false不允许）
+  soloLogin: true
  # 令牌自定义标识
  header: Authorization
  # 令牌密钥
--- a/dangan-common/src/main/java/com/da/common/constant/Constants.java
+++ b/dangan-common/src/main/java/com/da/common/constant/Constants.java
@ -1,8 +1,9 @@
 package com.da.common.constant;

-import java.util.Locale;
 import io.jsonwebtoken.Claims;

+import java.util.Locale;
+
 /**
 * 通用常量信息
 * 
@ -10,6 +11,11 @@ import io.jsonwebtoken.Claims;
 */
 public class Constants
 {
+     /**
+     *登录用户编号 redis key
+     */
+     public static final String LOGIN_USERID_KEY = "login_userid:";
+
    /**
     * UTF-8 字符集
     */
--- a/dangan-framework/src/main/java/com/da/framework/security/handle/LogoutSuccessHandlerImpl.java
+++ b/dangan-framework/src/main/java/com/da/framework/security/handle/LogoutSuccessHandlerImpl.java
@ -1,23 +1,23 @@
 package com.da.framework.security.handle;

-import java.io.IOException;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
 import com.alibaba.fastjson2.JSON;
 import com.da.common.constant.Constants;
 import com.da.common.core.domain.AjaxResult;
 import com.da.common.core.domain.model.LoginUser;
-import com.da.common.utils.MessageUtils;
 import com.da.common.utils.ServletUtils;
 import com.da.common.utils.StringUtils;
 import com.da.framework.manager.AsyncManager;
 import com.da.framework.manager.factory.AsyncFactory;
 import com.da.framework.web.service.TokenService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;

 /**
 * 自定义退出处理类 返回成功
@ -36,7 +36,7 @@ public class LogoutSuccessHandlerImpl implements LogoutSuccessHandler
     * @return
     */
    @Override
-    public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
+    /*public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
            throws IOException, ServletException
    {
        LoginUser loginUser = tokenService.getLoginUser(request);
@ -49,5 +49,23 @@ public class LogoutSuccessHandlerImpl implements LogoutSuccessHandler
            AsyncManager.me().execute(AsyncFactory.recordLogininfor(userName, Constants.LOGOUT, MessageUtils.message("user.logout.success")));
        }
        ServletUtils.renderString(response, JSON.toJSONString(AjaxResult.success(MessageUtils.message("user.logout.success"))));
+    }*/
+    public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
+            throws IOException, ServletException
+    {
+        LoginUser loginUser = tokenService.getLoginUser(request);
+        if (StringUtils.isNotNull(loginUser))
+        {
+            String userName = loginUser.getUsername();
+            // 删除用户缓存记录（旧方法）
+            //tokenService.delLoginUser(loginUser.getToken());
+
+            // 删除用户缓存记录 只允许单用户登录（关键）
+            tokenService.delLoginUser(loginUser.getToken(), loginUser.getUser().getUserId());
+
+            // 记录用户退出日志
+            AsyncManager.me().execute(AsyncFactory.recordLogininfor(userName, Constants.LOGOUT, "退出成功"));
+        }
+        ServletUtils.renderString(response, JSON.toJSONString(AjaxResult.success("退出成功")));
    }
 }
--- a/dangan-framework/src/main/java/com/da/framework/web/service/SysLoginService.java
+++ b/dangan-framework/src/main/java/com/da/framework/web/service/SysLoginService.java
@ -1,12 +1,5 @@
 package com.da.framework.web.service;

-import javax.annotation.Resource;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.authentication.BadCredentialsException;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.stereotype.Component;
 import com.da.common.constant.CacheConstants;
 import com.da.common.constant.Constants;
 import com.da.common.constant.UserConstants;
@ -14,11 +7,7 @@ import com.da.common.core.domain.entity.SysUser;
 import com.da.common.core.domain.model.LoginUser;
 import com.da.common.core.redis.RedisCache;
 import com.da.common.exception.ServiceException;
-import com.da.common.exception.user.BlackListException;
-import com.da.common.exception.user.CaptchaException;
-import com.da.common.exception.user.CaptchaExpireException;
-import com.da.common.exception.user.UserNotExistsException;
-import com.da.common.exception.user.UserPasswordNotMatchException;
+import com.da.common.exception.user.*;
 import com.da.common.utils.DateUtils;
 import com.da.common.utils.MessageUtils;
 import com.da.common.utils.StringUtils;
@ -28,6 +17,15 @@ import com.da.framework.manager.factory.AsyncFactory;
 import com.da.framework.security.context.AuthenticationContextHolder;
 import com.da.system.service.ISysConfigService;
 import com.da.system.service.ISysUserService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.stereotype.Component;
+
+import javax.annotation.Resource;

 /**
 * 登录校验方法
@ -37,6 +35,9 @@ import com.da.system.service.ISysUserService;
@Component
 public class SysLoginService
 {
+    // 是否允许账户多终端同时登录（true允许 false不允许）
+    @Value("${token.soloLogin}")
+    private boolean soloLogin;
    @Autowired
    private TokenService tokenService;

@ -96,6 +97,21 @@ public class SysLoginService
        AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success")));
        LoginUser loginUser = (LoginUser) authentication.getPrincipal();
        recordLoginInfo(loginUser.getUserId());
+
+        //---------------------------------------添加如下代码，验证如果用户不允许多终端同时登录，清除缓存信息
+        if (!soloLogin)
+        {
+            // 如果用户不允许多终端同时登录，清除缓存信息
+            String userIdKey = Constants.LOGIN_USERID_KEY + loginUser.getUser().getUserId();
+            String userKey = redisCache.getCacheObject(userIdKey);
+            if (StringUtils.isNotEmpty(userKey))
+            {
+                redisCache.deleteObject(userIdKey);
+                redisCache.deleteObject(userKey);
+            }
+        }
+        //----------------新增代码结束
+
        // 生成token
        return tokenService.createToken(loginUser);
    }
--- a/dangan-framework/src/main/java/com/da/framework/web/service/TokenService.java
+++ b/dangan-framework/src/main/java/com/da/framework/web/service/TokenService.java
@ -1,14 +1,5 @@
 package com.da.framework.web.service;

-import java.util.HashMap;
-import java.util.Map;
-import java.util.concurrent.TimeUnit;
-import javax.servlet.http.HttpServletRequest;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.stereotype.Component;
 import com.da.common.constant.CacheConstants;
 import com.da.common.constant.Constants;
 import com.da.common.core.domain.model.LoginUser;
@ -22,6 +13,16 @@ import eu.bitwalker.useragentutils.UserAgent;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;

 /**
 * token验证处理
@ -33,6 +34,10 @@ public class TokenService
 {
    private static final Logger log = LoggerFactory.getLogger(TokenService.class);

+    // 是否允许账户多终端同时登录（true允许 false不允许）
+    @Value("${token.soloLogin}")
+    private boolean soloLogin;
+
    // 令牌自定义标识
    @Value("${token.header}")
    private String header;
@ -96,15 +101,29 @@ public class TokenService
    /**
     * 删除用户身份信息
     */
-    public void delLoginUser(String token)
+/*    public void delLoginUser(String token)
    {
        if (StringUtils.isNotEmpty(token))
        {
            String userKey = getTokenKey(token);
            redisCache.deleteObject(userKey);
        }
+    }*/
+    public void delLoginUser(String token, Long userId)
+    {
+        if (StringUtils.isNotEmpty(token))
+        {
+            String userKey = getTokenKey(token);
+            redisCache.deleteObject(userKey);
+        }
+        if (!soloLogin && StringUtils.isNotNull(userId))
+        {
+            String userIdKey = getUserIdKey(userId);
+            redisCache.deleteObject(userIdKey);
+        }
    }

+
    /**
     * 创建令牌
     *
@ -144,13 +163,28 @@ public class TokenService
     *
     * @param loginUser 登录信息
     */
-    public void refreshToken(LoginUser loginUser)
+/*    public void refreshToken(LoginUser loginUser)
+    {
+        loginUser.setLoginTime(System.currentTimeMillis());
+        loginUser.setExpireTime(loginUser.getLoginTime() + expireTime * MILLIS_MINUTE);
+        // 根据uuid将loginUser缓存
+        String userKey = getTokenKey(loginUser.getToken());
+        redisCache.setCacheObject(userKey, loginUser, expireTime, TimeUnit.MINUTES);
+    }*/
+    public String refreshToken(LoginUser loginUser)
    {
        loginUser.setLoginTime(System.currentTimeMillis());
        loginUser.setExpireTime(loginUser.getLoginTime() + expireTime * MILLIS_MINUTE);
        // 根据uuid将loginUser缓存
        String userKey = getTokenKey(loginUser.getToken());
        redisCache.setCacheObject(userKey, loginUser, expireTime, TimeUnit.MINUTES);
+        if (!soloLogin)
+        {
+            // 缓存用户唯一标识，防止同一帐号，同时登录
+            String userIdKey = getUserIdKey(loginUser.getUser().getUserId());
+            redisCache.setCacheObject(userIdKey, userKey, expireTime, TimeUnit.MINUTES);
+        }
+        return userKey;
    }

    /**
@ -168,6 +202,11 @@ public class TokenService
        loginUser.setOs(userAgent.getOperatingSystem().getName());
    }

+    private String getUserIdKey(Long userId)
+    {
+        return Constants.LOGIN_USERID_KEY + userId;
+    }
+
    /**
     * 从数据声明生成令牌
     *
--- a/dangan-ui/src/utils/request.js
+++ b/dangan-ui/src/utils/request.js
@ -93,7 +93,8 @@ service.interceptors.response.use(res => {
        isRelogin.show = false;
      });
    }
-      return Promise.reject('无效的会话，或者会话已过期，请重新登录。')
+      //return Promise.reject('无效的会话，或者会话已过期，请重新登录。')
+      return Promise.reject('会话已过期，或者被挤下线，请重新登录。')
    } else if (code === 500) {
      Message({ message: msg, type: 'error' })
      return Promise.reject(new Error(msg))