在SpringSession中使用sessionid获取认证对象

问题描述 投票:0回答:1

在具有基本身份验证的 springboot 应用程序中,我尝试授权从格式为“;jsessionid=xxx”的 url 获取 sessionID 的请求 我知道将会话放入 URI 中并不是一个好的做法,但这是一个要求。

我正在使用 Spring-session-jdbc。

我尝试制作一个名为 JSessionIDFilter 的过滤器

 http
      .addFilterBefore(new JSessionIDFilter(), UsernamePasswordAuthenticationFilter.class)

在过滤器中:

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
            throws ServletException, IOException {
            
            // Get sessionID from URI
            String requestURI = request.getRequestURI();
            String sessionID = "";
            int index = requestURI.indexOf(";jsessionid=");
            if (index >= 0)
            {
                sessionID = requestURI.substring(index+12);
                
                //If session ID is valid I would like to retrive the Authentication by sessionid and associate to the current request
                Authentication authentication = ....
                SecurityContextHolder.getContext().setAuthentication(authentication);
            }
    }
spring-boot spring-session jsessionid
1个回答
0
投票

经过一番研究,我找到了解决我的问题的方法,我将分享:

我没有使用过滤器,但我在 SpringBoot 配置中创建了一个不同的自定义 HttpSessionIdResolver:

@Bean
public HttpSessionIdResolver httpSessionIdResolver() {
    return new CustomCookieAndHeaderHttpSessionIdResolver();
}

这是新课程:

public class CustomCookieAndHeaderHttpSessionIdResolver implements HttpSessionIdResolver {

    CookieHttpSessionIdResolver cookieHttpSessionIdResolver = new CookieHttpSessionIdResolver();
    
    @Override
    public List<String> resolveSessionIds(HttpServletRequest request) {

        List<String> myList = cookieHttpSessionIdResolver.resolveSessionIds(request);
        String requestURI = request.getRequestURI();

        String sessionFromUri = "";
        if(myList.size() == 0)
        {
            int index = requestURI.indexOf(";jsessionid=");
            if (index >= 0)
            {   
                sessionFromUri = requestURI.substring(index+12);
                byte[] decodedBytes = Base64.getDecoder().decode(sessionFromUri);
                String sessionFromUri_Guid = new String(decodedBytes);
                myList.add(sessionFromUri_Guid);
            }
        }

        return myList;
    }

    @Override
    public void setSessionId(HttpServletRequest request, HttpServletResponse response, String sessionId) {
        this.cookieHttpSessionIdResolver.setSessionId(request, response, sessionId);
    }

    @Override
    public void expireSession(HttpServletRequest request, HttpServletResponse response) {
        this.cookieHttpSessionIdResolver.expireSession(request, response);
    }
}
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.