From 69aa4f27adb31541996c87e5fb3f12bb3640c9ed Mon Sep 17 00:00:00 2001 From: MaxKey Date: Fri, 29 Apr 2022 14:59:30 +0800 Subject: [PATCH] SessionManager --- .../authn/session/AbstractSessionManager.java | 2 ++ .../authn/session/InMemorySessionManager.java | 14 ++++++--- .../authn/session/RedisSessionManager.java | 24 ++++++++------- .../authn/session/SessionManagerFactory.java | 15 +++++----- .../rememberme/AbstractRemeberMeService.java | 8 +++-- .../rememberme/JdbcRemeberMeService.java | 6 +++- .../AuthenticationAutoConfiguration.java | 29 ++++++++++--------- .../maxkey/configuration/AuthJwkConfig.java | 6 ++++ .../web/contorller/LoginEntryPoint.java | 14 ++++----- .../resources/application-http.properties | 17 ++++++----- .../resources/application-https.properties | 15 ++++++---- 11 files changed, 91 insertions(+), 59 deletions(-) diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/AbstractSessionManager.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/AbstractSessionManager.java index b9fe4fb2e..c21afa91a 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/AbstractSessionManager.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/AbstractSessionManager.java @@ -37,6 +37,8 @@ public class AbstractSessionManager implements SessionManager{ protected JdbcTemplate jdbcTemplate; + protected int validitySeconds = 60 * 30; //default 30 minutes. + private static final String DEFAULT_DEFAULT_SELECT_STATEMENT = "select id,sessionid,userId,username,displayname,logintime from mxk_history_login where sessionstatus = 1"; diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/InMemorySessionManager.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/InMemorySessionManager.java index d78e66a6d..fc791b7f0 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/InMemorySessionManager.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/InMemorySessionManager.java @@ -34,13 +34,19 @@ public class InMemorySessionManager extends AbstractSessionManager{ protected static Cache sessionStore = Caffeine.newBuilder() - .expireAfterWrite(30, TimeUnit.MINUTES) - .maximumSize(200000) + .expireAfterWrite(10, TimeUnit.MINUTES) + .maximumSize(2000000) .build(); - public InMemorySessionManager(JdbcTemplate jdbcTemplate) { + public InMemorySessionManager(JdbcTemplate jdbcTemplate,int validitySeconds) { super(); this.jdbcTemplate = jdbcTemplate; + sessionStore = + Caffeine.newBuilder() + .expireAfterWrite(validitySeconds, TimeUnit.SECONDS) + .maximumSize(2000000) + .build(); + } @Override @@ -65,7 +71,7 @@ public class InMemorySessionManager extends AbstractSessionManager{ public void setValiditySeconds(int validitySeconds) { sessionStore = Caffeine.newBuilder() - .expireAfterWrite(validitySeconds/60, TimeUnit.MINUTES) + .expireAfterWrite(validitySeconds, TimeUnit.SECONDS) .maximumSize(200000) .build(); diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/RedisSessionManager.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/RedisSessionManager.java index 51947572a..1c6b71642 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/RedisSessionManager.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/RedisSessionManager.java @@ -30,8 +30,6 @@ import org.springframework.jdbc.core.JdbcTemplate; public class RedisSessionManager extends AbstractSessionManager { private static final Logger _logger = LoggerFactory.getLogger(RedisSessionManager.class); - protected int serviceTicketValiditySeconds = 60 * 30; //default 30 minutes. - RedisConnectionFactory connectionFactory; public static String PREFIX="REDIS_SESSION_"; @@ -40,10 +38,11 @@ public class RedisSessionManager extends AbstractSessionManager { */ public RedisSessionManager( RedisConnectionFactory connectionFactory, - JdbcTemplate jdbcTemplate) { + JdbcTemplate jdbcTemplate,int validitySeconds) { super(); this.connectionFactory = connectionFactory; this.jdbcTemplate = jdbcTemplate; + this.validitySeconds = validitySeconds; } /** @@ -58,9 +57,9 @@ public class RedisSessionManager extends AbstractSessionManager { } @Override - public void create(String sessionId, Session ticket) { + public void create(String sessionId, Session session) { RedisConnection conn = connectionFactory.getConnection(); - conn.setexObject(PREFIX + sessionId, serviceTicketValiditySeconds, ticket); + conn.setexObject(PREFIX + sessionId, validitySeconds, session); conn.close(); } @@ -81,13 +80,16 @@ public class RedisSessionManager extends AbstractSessionManager { return session; } - @Override - public void setValiditySeconds(int validitySeconds) { - this.serviceTicketValiditySeconds = validitySeconds; - - } + + public int getValiditySeconds() { + return validitySeconds; + } - @Override + public void setValiditySeconds(int validitySeconds) { + this.validitySeconds = validitySeconds; + } + + @Override public void refresh(String sessionId,LocalTime refreshTime) { Session session = get(sessionId); session.setLastAccessTime(refreshTime); diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/SessionManagerFactory.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/SessionManagerFactory.java index 4005ddc9b..7dedc3e23 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/SessionManagerFactory.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/SessionManagerFactory.java @@ -1,5 +1,5 @@ /* - * Copyright [2021] [MaxKey of copyright http://www.maxkey.top] + * Copyright [2022] [MaxKey of copyright http://www.maxkey.top] * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -30,17 +30,18 @@ public class SessionManagerFactory { public SessionManager getManager( int persistence, JdbcTemplate jdbcTemplate, - RedisConnectionFactory redisConnFactory){ - + RedisConnectionFactory redisConnFactory, + int validitySeconds){ SessionManager sessionService = null; if (persistence == ConstsPersistence.INMEMORY) { - sessionService = new InMemorySessionManager(jdbcTemplate); - _logger.debug("InMemorySessionService"); + sessionService = new InMemorySessionManager(jdbcTemplate,validitySeconds); + _logger.debug("InMemorySessionManager"); } else if (persistence == ConstsPersistence.JDBC) { _logger.debug("JdbcSessionService not support "); } else if (persistence == ConstsPersistence.REDIS) { - sessionService = new RedisSessionManager(redisConnFactory,jdbcTemplate); - _logger.debug("RedisSessionService"); + sessionService = new RedisSessionManager( + redisConnFactory,jdbcTemplate,validitySeconds); + _logger.debug("RedisSessionManager"); } return sessionService; diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/AbstractRemeberMeService.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/AbstractRemeberMeService.java index f3ba83d82..91cf85198 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/AbstractRemeberMeService.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/AbstractRemeberMeService.java @@ -89,8 +89,8 @@ public abstract class AbstractRemeberMeService { return true; } - public RemeberMe resolve(String rememberMeToken) throws ParseException { - JWTClaimsSet claims = authJwtService.resolve(rememberMeToken); + public RemeberMe resolve(String rememberMeJwt) throws ParseException { + JWTClaimsSet claims = authJwtService.resolve(rememberMeJwt); RemeberMe remeberMe = new RemeberMe(); remeberMe.setId(claims.getJWTID()); remeberMe.setUsername(claims.getSubject()); @@ -117,7 +117,9 @@ public abstract class AbstractRemeberMeService { } public void setValidity(Integer validity) { - this.validity = validity; + if(validity != 0 ) { + this.validity = validity; + } } diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/JdbcRemeberMeService.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/JdbcRemeberMeService.java index a0eaf8764..60b4b7b66 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/JdbcRemeberMeService.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/JdbcRemeberMeService.java @@ -50,10 +50,14 @@ public class JdbcRemeberMeService extends AbstractRemeberMeService { public JdbcRemeberMeService( JdbcTemplate jdbcTemplate, ApplicationConfig applicationConfig, - AuthJwtService authJwtService) { + AuthJwtService authJwtService, + int validity) { this.jdbcTemplate = jdbcTemplate; this.applicationConfig = applicationConfig; this.authJwtService = authJwtService; + if(validity != 0) { + this.validity = validity; + } } @Override diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/AuthenticationAutoConfiguration.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/AuthenticationAutoConfiguration.java index 13b791503..4c714cff6 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/AuthenticationAutoConfiguration.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/AuthenticationAutoConfiguration.java @@ -70,7 +70,7 @@ public class AuthenticationAutoConfiguration implements InitializingBean { return new SavedRequestAwareAuthenticationSuccessHandler(); } - @Bean(name = "authenticationProvider") + @Bean public AbstractAuthenticationProvider authenticationProvider( AbstractAuthenticationProvider normalAuthenticationProvider, AbstractAuthenticationProvider mobileAuthenticationProvider, @@ -100,7 +100,7 @@ public class AuthenticationAutoConfiguration implements InitializingBean { ); } - @Bean(name = "mobileAuthenticationProvider") + @Bean public AbstractAuthenticationProvider mobileAuthenticationProvider( AbstractAuthenticationRealm authenticationRealm, ApplicationConfig applicationConfig, @@ -116,7 +116,7 @@ public class AuthenticationAutoConfiguration implements InitializingBean { ); } - @Bean(name = "trustedAuthenticationProvider") + @Bean public AbstractAuthenticationProvider trustedAuthenticationProvider( AbstractAuthenticationRealm authenticationRealm, ApplicationConfig applicationConfig, @@ -130,7 +130,7 @@ public class AuthenticationAutoConfiguration implements InitializingBean { ); } - @Bean(name = "authJwtService") + @Bean public AuthJwtService authJwtService( AuthJwkConfig authJwkConfig, RedisConnectionFactory redisConnFactory, @@ -162,23 +162,22 @@ public class AuthenticationAutoConfiguration implements InitializingBean { otpAuthnService.setRedisOptTokenStore(redisOptTokenStore); } - _logger.debug("OneTimePasswordService {} inited." , persistence == ConstsPersistence.REDIS ? "Redis" : "InMemory"); return otpAuthnService; } - @Bean(name = "passwordPolicyValidator") + @Bean public PasswordPolicyValidator passwordPolicyValidator(JdbcTemplate jdbcTemplate,MessageSource messageSource) { return new PasswordPolicyValidator(jdbcTemplate,messageSource); } - @Bean(name = "loginRepository") + @Bean public LoginRepository loginRepository(JdbcTemplate jdbcTemplate) { return new LoginRepository(jdbcTemplate); } - @Bean(name = "loginHistoryRepository") - public LoginHistoryRepository LoginHistoryRepository(JdbcTemplate jdbcTemplate) { + @Bean + public LoginHistoryRepository loginHistoryRepository(JdbcTemplate jdbcTemplate) { return new LoginHistoryRepository(jdbcTemplate); } @@ -188,12 +187,12 @@ public class AuthenticationAutoConfiguration implements InitializingBean { @Value("${maxkey.server.persistence}") int persistence, JdbcTemplate jdbcTemplate, RedisConnectionFactory redisConnFactory, - @Value("${server.servlet.session.timeout:1800}") int timeout + @Value("${maxkey.session.timeout:1800}") int timeout ) { + _logger.trace("session timeout " + timeout); SessionManager sessionManager = - new SessionManagerFactory().getManager(persistence, jdbcTemplate, redisConnFactory); - sessionManager.setValiditySeconds(timeout); - _logger.trace("onlineTicket timeout " + timeout); + new SessionManagerFactory().getManager( + persistence, jdbcTemplate, redisConnFactory,timeout); return sessionManager; } @@ -209,7 +208,9 @@ public class AuthenticationAutoConfiguration implements InitializingBean { ApplicationConfig applicationConfig, AuthJwtService authJwtService, JdbcTemplate jdbcTemplate) { - return new JdbcRemeberMeService(jdbcTemplate,applicationConfig,authJwtService); + _logger.trace("init remeberMeService , validity {}." , validity); + return new JdbcRemeberMeService( + jdbcTemplate,applicationConfig,authJwtService,validity); } @Bean diff --git a/maxkey-core/src/main/java/org/maxkey/configuration/AuthJwkConfig.java b/maxkey-core/src/main/java/org/maxkey/configuration/AuthJwkConfig.java index 2f71f10bb..9dcbecd32 100644 --- a/maxkey-core/src/main/java/org/maxkey/configuration/AuthJwkConfig.java +++ b/maxkey-core/src/main/java/org/maxkey/configuration/AuthJwkConfig.java @@ -33,6 +33,12 @@ public class AuthJwkConfig { @Value("${maxkey.auth.jwt.secret}") String secret; + + @Value("${maxkey.session.timeout}") + String refreshExpire; + + @Value("${maxkey.auth.jwt.refresh.secret}") + String refreshSecret; public AuthJwkConfig() { super(); diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/LoginEntryPoint.java b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/LoginEntryPoint.java index ddab5b502..803859831 100644 --- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/LoginEntryPoint.java +++ b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/LoginEntryPoint.java @@ -108,13 +108,13 @@ public class LoginEntryPoint { @Operation(summary = "登录接口", description = "用户登录地址",method="GET") @RequestMapping(value={"/get"}, produces = {MediaType.APPLICATION_JSON_VALUE}) public ResponseEntity get( - @RequestParam(value = "remember_me", required = false) String rememberMeToken) { + @RequestParam(value = "remember_me", required = false) String rememberMeJwt) { _logger.debug("/get."); //Remember Me - if(StringUtils.isNotBlank(rememberMeToken) - && authJwtService.validateJwtToken(rememberMeToken)) { + if(StringUtils.isNotBlank(rememberMeJwt) + && authJwtService.validateJwtToken(rememberMeJwt)) { try { - RemeberMe remeberMe = remeberMeService.resolve(rememberMeToken); + RemeberMe remeberMe = remeberMeService.resolve(rememberMeJwt); if(remeberMe != null) { LoginCredential credential = new LoginCredential(); String remeberMeJwt = remeberMeService.updateRemeberMe(remeberMe); @@ -209,9 +209,9 @@ public class LoginEntryPoint { * @return */ @RequestMapping(value={"/congress"}, produces = {MediaType.APPLICATION_JSON_VALUE}) - public ResponseEntity congress( @RequestBody LoginCredential loginCredential) { - if(StringUtils.isNotBlank(loginCredential.getCongress())){ - AuthJwt authJwt = authJwtService.consumeCongress(loginCredential.getCongress()); + public ResponseEntity congress( @RequestBody LoginCredential credential) { + if(StringUtils.isNotBlank(credential.getCongress())){ + AuthJwt authJwt = authJwtService.consumeCongress(credential.getCongress()); if(authJwt != null) { return new Message(authJwt).buildResponse(); } diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/resources/application-http.properties b/maxkey-webs/maxkey-web-maxkey/src/main/resources/application-http.properties index bc8b01b06..4372a6a73 100644 --- a/maxkey-webs/maxkey-web-maxkey/src/main/resources/application-http.properties +++ b/maxkey-webs/maxkey-web-maxkey/src/main/resources/application-http.properties @@ -17,10 +17,12 @@ ############################################################################ #server port server.port =${SERVER_PORT:8080} -#session default 1800 -#1800s =30m -#28800s=8h -server.servlet.session.timeout =${SERVER_SESSION_TIMEOUT:1800} +#session default 600 +#600s =10m +#1800s =30m +#3600s =1h +#28800s =8h +server.servlet.session.timeout =${SERVLET_SESSION_TIMEOUT:600} #server context path server.servlet.context-path =/maxkey #nacos discovery @@ -49,11 +51,12 @@ maxkey.server.persistence =${SERVER_PERSISTENCE:0} maxkey.server.message.queue =${SERVER_MESSAGE_QUEUE:none} #issuer name maxkey.app.issuer =CN=ConSec,CN=COM,CN=SH +#must > jwt expire * 2 +maxkey.session.timeout =${SERVER_SESSION_TIMEOUT:1800} maxkey.auth.jwt.issuer =${maxkey.server.uri} -maxkey.auth.jwt.expire =86400 +maxkey.auth.jwt.expire =600 maxkey.auth.jwt.secret =7heM-14BtxjyKPuH3ITIm7q2-ps5MuBirWCsrrdbzzSAOuSPrbQYiaJ54AeA0uH2XdkYy3hHAkTFIsieGkyqxOJZ_dQzrCbaYISH9rhUZAKYx8tUY0wkE4ArOC6LqHDJarR6UIcMsARakK9U4dhoOPO1cj74XytemI-w6ACYfzRUn_Rn4e-CQMcnD1C56oNEukwalf06xVgXl41h6K8IBEzLVod58y_VfvFn-NGWpNG0fy_Qxng6dg8Dgva2DobvzMN2eejHGLGB-x809MvC4zbG7CKNVlcrzMYDt2Gt2sOVDrt2l9YqJNfgaLFjrOEVw5cuXemGkX1MvHj6TAsbLg -maxkey.auth.jwt.refresh.expire =86400 maxkey.auth.jwt.refresh.secret =7heM-14BtxjyKPuH3ITIm7q2-ps5MuBirWCsrrdbzzSAOuSPrbQYiaJ54AeA0uH2XdkYy3hHAkTFIsieGkyqxOJZ_dQzrCbaYISH9rhUZAKYx8tUY0wkE4ArOC6LqHDJarR6UIcMsARakK9U4dhoOPO1cj74XytemI-w6ACYfzRUn_Rn4e-CQMcnD1C56oNEukwalf06xVgXl41h6K8IBEzLVod58y_VfvFn-NGWpNG0fy_Qxng6dg8Dgva2DobvzMN2eejHGLGB-x809MvC4zbG7CKNVlcrzMYDt2Gt2sOVDrt2l9YqJNfgaLFjrOEVw5cuXemGkX1MvHj6TAsbLg ############################################################################ #Login configuration # @@ -72,7 +75,7 @@ maxkey.login.kerberos =false maxkey.login.wsfederation =false #remeberme maxkey.login.remeberme =${LOGIN_REMEBERME:true} -#validity +#validity day maxkey.login.remeberme.validity =0 #JWT support maxkey.login.jwt =${LOGIN_JWT:true} diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/resources/application-https.properties b/maxkey-webs/maxkey-web-maxkey/src/main/resources/application-https.properties index 5ffc058b6..a57b9fcc5 100644 --- a/maxkey-webs/maxkey-web-maxkey/src/main/resources/application-https.properties +++ b/maxkey-webs/maxkey-web-maxkey/src/main/resources/application-https.properties @@ -17,10 +17,12 @@ ############################################################################ #server port server.port =${SERVER_PORT:443} -#session default 1800 -#1800s =30m -#28800s=8h -server.servlet.session.timeout =${SERVER_SESSION_TIMEOUT:1800} +#session default 600 +#600s =10m +#1800s =30m +#3600s =1h +#28800s =8h +server.servlet.session.timeout =${SERVLET_SESSION_TIMEOUT:600} #server context path server.servlet.context-path =/maxkey #nacos discovery @@ -45,10 +47,13 @@ maxkey.server.persistence =${SERVER_PERSISTENCE:0} maxkey.server.message.queue =${SERVER_MESSAGE_QUEUE:none} #issuer name maxkey.app.issuer =CN=ConSec,CN=COM,CN=SH +#must > jwt expire * 2 +maxkey.session.timeout =${SERVER_SESSION_TIMEOUT:1800} -maxkey.auth.jwt.expire =86400 maxkey.auth.jwt.issuer =${maxkey.server.uri} +maxkey.auth.jwt.expire =600 maxkey.auth.jwt.secret =7heM-14BtxjyKPuH3ITIm7q2-ps5MuBirWCsrrdbzzSAOuSPrbQYiaJ54AeA0uH2XdkYy3hHAkTFIsieGkyqxOJZ_dQzrCbaYISH9rhUZAKYx8tUY0wkE4ArOC6LqHDJarR6UIcMsARakK9U4dhoOPO1cj74XytemI-w6ACYfzRUn_Rn4e-CQMcnD1C56oNEukwalf06xVgXl41h6K8IBEzLVod58y_VfvFn-NGWpNG0fy_Qxng6dg8Dgva2DobvzMN2eejHGLGB-x809MvC4zbG7CKNVlcrzMYDt2Gt2sOVDrt2l9YqJNfgaLFjrOEVw5cuXemGkX1MvHj6TAsbLg +maxkey.auth.jwt.refresh.secret =7heM-14BtxjyKPuH3ITIm7q2-ps5MuBirWCsrrdbzzSAOuSPrbQYiaJ54AeA0uH2XdkYy3hHAkTFIsieGkyqxOJZ_dQzrCbaYISH9rhUZAKYx8tUY0wkE4ArOC6LqHDJarR6UIcMsARakK9U4dhoOPO1cj74XytemI-w6ACYfzRUn_Rn4e-CQMcnD1C56oNEukwalf06xVgXl41h6K8IBEzLVod58y_VfvFn-NGWpNG0fy_Qxng6dg8Dgva2DobvzMN2eejHGLGB-x809MvC4zbG7CKNVlcrzMYDt2Gt2sOVDrt2l9YqJNfgaLFjrOEVw5cuXemGkX1MvHj6TAsbLg ############################################################################ #Login configuration # ############################################################################