与Redis数据库共享Spring会话

问题描述 投票:0回答:1

以下情况:

DESCRIPTION:

我用Spring开发了两个微服务。一种服务是身份验证服务,它会生成会话。另一个服务是ui服务,它需要知道发出请求的客户端是否被授权。经过一番阅读后,我发现与redis共享会话似乎是一个很好的解决方案。 (如果有更好的方法,请纠正我)对于编码,我遵循示例here

现状:我的身份验证服务可以正常工作并在redis中生成一个会话:

例如:

127.0.0.1:6379> keys *
1) "spring:session:sessions:a4c11990-94a4-4b99-bc77-33f2084e5e8f"
2) "spring:session:sessions:expires:a4c11990-94a4-4b99-bc77-33f2084e5e8f"
3) "spring:session:sessions:26f24541-74dd-4410-84ac-d051a64d1263"
4) "spring:session:index:org.springframework.session.FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME:userA"
5) "spring:session:expirations:1557314160000"
6) "spring:session:sessions:expires:26f24541-74dd-4410-84ac-d051a64d1263"

现在,我想调用ui服务的测试端点。如果会话有效,则此调用应该成功;如果没有有效的会话,则拒绝访问。Atm我的ui服务中总是出现拒绝访问错误。

代码:我的身份验证服务:

application.properties

spring.session.store-type=redis
spring.session.redis.flush-mode=on-save
spring.session.redis.namespace=spring:session
spring.redis.host=localhost
spring.redis.port=6379

pom.xml

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-redis</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.session</groupId>
            <artifactId>spring-session-data-redis</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.session</groupId>
            <artifactId>spring-session</artifactId>
            <version>1.3.5.RELEASE</version>
        </dependency>

SessionConfig

@Configuration
@EnableRedisHttpSession
public class SessionConfig extends AbstractHttpSessionApplicationInitializer {
      @Bean
        public JedisConnectionFactory jedisConnectionFactory() {
            return new JedisConnectionFactory();
        }
@Bean
public HttpSessionIdResolver httpSessionIdResolver() {
    CookieHttpSessionIdResolver resolver = new CookieHttpSessionIdResolver();
    DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer();
    cookieSerializer.setUseBase64Encoding(false);
    resolver.setCookieSerializer(cookieSerializer);
    return resolver; 
}

并且在我的主要课堂上,我做了

@EnableRedisHttpSession

并且在我的UI服务中:

pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.1.4.RELEASE</version>
        <relativePath /> <!-- lookup parent from repository -->
    </parent>
    <groupId>com.test</groupId>
    <artifactId>Redistest</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>Redistest</name>
    <description>Microservice for Data Management</description>

    <properties>
        <java.version>1.8</java.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>


                <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-redis</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.session</groupId>
            <artifactId>spring-session-data-redis</artifactId>
        </dependency>

            <dependency>
            <groupId>org.springframework.session</groupId>
            <artifactId>spring-session</artifactId>
            <version>1.3.5.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>redis.clients</groupId>
            <artifactId>jedis</artifactId>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>

</project>

main:

@EnableWebSecurity
@SpringBootApplication
public class RedistestApplication {

    public static void main(String[] args) {
        SpringApplication.run(RedistestApplication.class, args);
    }

SessionConfig:

@Configuration
@EnableRedisHttpSession
public class SessionConfig extends AbstractHttpSessionApplicationInitializer {
      @Bean
        public JedisConnectionFactory jedisConnectionFactory() {
            return new JedisConnectionFactory();
            }
 @Bean
    public HttpSessionIdResolver httpSessionIdResolver() {
        return HeaderHttpSessionIdResolver.xAuthToken(); 
    }

WebSecurity:

@Configuration
public class WebSecurity extends WebSecurityConfigurerAdapter{

     @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                .authorizeRequests()
                    .anyRequest().authenticated();
        }
}

}

控制器

@RestController
public class TestController {

    @GetMapping("/name")
    public String getName() {
        return "Hallo From Test";
    }

}

问题:我的服务没有任何错误。看来我只是无法使用reddis的会话。在本教程中,作者说cookie中session-id的base64编码可能有问题。我想这可能是问题所在。您对我的实施有任何建议或发现任何错误吗?我是否必须彻底禁用HttpSession?感谢您的帮助/提示。

编辑:我刚刚意识到,在我的浏览器Inspect(Firefox)中,我没有任何“ x-auth”字段。我的意图是将身份验证ID(会话ID)保存在标头中,而不是保存为Cookie。因此,我希望我的身份验证服务应在标题中将sessionid设置为x-auth字段。那是对的吗?因此错误似乎来自auth服务?

java spring redis
1个回答
0
投票

在SessionConfig类中尝试,将cookieSerializer.setUseBase64Encoding(false)设置为true。 spring-boot应用程序中的会话必须进行编码。

© www.soinside.com 2019 - 2024. All rights reserved.