SessionManager

2026-05-15 04:52:09 +08:00 · 2022-04-29 14:59:30 +08:00
parent 5f0f1fa7e0
commit 69aa4f27ad
11 changed files with 91 additions and 59 deletions
--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/AbstractSessionManager.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/AbstractSessionManager.java
@@ -37,6 +37,8 @@ public class AbstractSessionManager  implements SessionManager{
 	
 	protected JdbcTemplate jdbcTemplate;
 	
+	protected int validitySeconds = 60 * 30; //default 30 minutes.
+	
 	private static final String DEFAULT_DEFAULT_SELECT_STATEMENT = 
 			"select id,sessionid,userId,username,displayname,logintime from mxk_history_login where sessionstatus = 1";
 	
--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/InMemorySessionManager.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/InMemorySessionManager.java
@@ -34,13 +34,19 @@ public class InMemorySessionManager extends AbstractSessionManager{

 	protected  static  Cache<String, Session> sessionStore = 
        	        Caffeine.newBuilder()
-        	            .expireAfterWrite(30, TimeUnit.MINUTES)
-        	            .maximumSize(200000)
+        	            .expireAfterWrite(10, TimeUnit.MINUTES)
+        	            .maximumSize(2000000)
        	            .build();
 	
-	public InMemorySessionManager(JdbcTemplate jdbcTemplate) {
+	public InMemorySessionManager(JdbcTemplate jdbcTemplate,int validitySeconds) {
        super();
        this.jdbcTemplate = jdbcTemplate;
+        sessionStore = 
+                Caffeine.newBuilder()
+                    .expireAfterWrite(validitySeconds, TimeUnit.SECONDS)
+                    .maximumSize(2000000)
+                    .build();
+        
    }

    @Override
@@ -65,7 +71,7 @@ public class InMemorySessionManager extends AbstractSessionManager{
    public void setValiditySeconds(int validitySeconds) {
    	sessionStore = 
                Caffeine.newBuilder()
-                    .expireAfterWrite(validitySeconds/60, TimeUnit.MINUTES)
+                    .expireAfterWrite(validitySeconds, TimeUnit.SECONDS)
                    .maximumSize(200000)
                    .build();
        
--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/RedisSessionManager.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/RedisSessionManager.java
@@ -30,8 +30,6 @@ import org.springframework.jdbc.core.JdbcTemplate;
 public class RedisSessionManager extends AbstractSessionManager {
    private static final Logger _logger = LoggerFactory.getLogger(RedisSessionManager.class);
 	
-	protected int serviceTicketValiditySeconds = 60 * 30; //default 30 minutes.
-	
 	RedisConnectionFactory connectionFactory;
 	
 	public static String PREFIX="REDIS_SESSION_";
@@ -40,10 +38,11 @@ public class RedisSessionManager extends AbstractSessionManager {
 	 */
 	public RedisSessionManager(
 			RedisConnectionFactory connectionFactory,
-			JdbcTemplate jdbcTemplate) {
+			JdbcTemplate jdbcTemplate,int validitySeconds) {
 		super();
 		this.connectionFactory = connectionFactory;
 		this.jdbcTemplate = jdbcTemplate;
+		this.validitySeconds = validitySeconds;
 	}
 	
 	/**
@@ -58,9 +57,9 @@ public class RedisSessionManager extends AbstractSessionManager {
 	}

 	@Override
-	public void create(String sessionId, Session ticket) {
+	public void create(String sessionId, Session session) {
 		RedisConnection conn = connectionFactory.getConnection();
-		conn.setexObject(PREFIX + sessionId, serviceTicketValiditySeconds, ticket);
+		conn.setexObject(PREFIX + sessionId, validitySeconds, session);
 		conn.close();
 	}

@@ -81,13 +80,16 @@ public class RedisSessionManager extends AbstractSessionManager {
        return session;
    }

-    @Override
-    public void setValiditySeconds(int validitySeconds) {
-       this.serviceTicketValiditySeconds = validitySeconds;
-        
-    }
+   
+    public int getValiditySeconds() {
+		return validitySeconds;
+	}

-    @Override
+	public void setValiditySeconds(int validitySeconds) {
+		this.validitySeconds = validitySeconds;
+	}
+
+	@Override
    public void refresh(String sessionId,LocalTime refreshTime) {
        Session session = get(sessionId);
        session.setLastAccessTime(refreshTime);
--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/SessionManagerFactory.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/SessionManagerFactory.java
@@ -1,5 +1,5 @@
 /*
- * Copyright [2021] [MaxKey of copyright http://www.maxkey.top]
+ * Copyright [2022] [MaxKey of copyright http://www.maxkey.top]
 * 
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -30,17 +30,18 @@ public class SessionManagerFactory {
 	 public SessionManager getManager(
 			 	int persistence,
 			 	JdbcTemplate jdbcTemplate,
-	            RedisConnectionFactory redisConnFactory){
-		 
+	            RedisConnectionFactory redisConnFactory,
+	            int validitySeconds){
 		 SessionManager sessionService = null;
 		if (persistence == ConstsPersistence.INMEMORY) {
-			sessionService = new InMemorySessionManager(jdbcTemplate);
-		    _logger.debug("InMemorySessionService");
+			sessionService = new InMemorySessionManager(jdbcTemplate,validitySeconds);
+		    _logger.debug("InMemorySessionManager");
 		} else if (persistence == ConstsPersistence.JDBC) {
 		    _logger.debug("JdbcSessionService not support "); 
 		} else if (persistence == ConstsPersistence.REDIS) {
-			sessionService = new RedisSessionManager(redisConnFactory,jdbcTemplate);
-		    _logger.debug("RedisSessionService");
+			sessionService = new RedisSessionManager(
+						redisConnFactory,jdbcTemplate,validitySeconds);
+		    _logger.debug("RedisSessionManager");
 		}
 		
 		return sessionService;
--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/AbstractRemeberMeService.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/AbstractRemeberMeService.java
@@ -89,8 +89,8 @@ public abstract class AbstractRemeberMeService {
        return true;
    }
    
-    public RemeberMe resolve(String rememberMeToken) throws ParseException {
-    	JWTClaimsSet claims = authJwtService.resolve(rememberMeToken);
+    public RemeberMe resolve(String rememberMeJwt) throws ParseException {
+    	JWTClaimsSet claims = authJwtService.resolve(rememberMeJwt);
    	RemeberMe remeberMe = new RemeberMe();
 		remeberMe.setId(claims.getJWTID());
 		remeberMe.setUsername(claims.getSubject());
@@ -117,7 +117,9 @@ public abstract class AbstractRemeberMeService {
 	}

 	public void setValidity(Integer validity) {
-		this.validity = validity;
+		if(validity != 0 ) {
+			this.validity = validity;
+		}
 	}
    

--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/JdbcRemeberMeService.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/JdbcRemeberMeService.java
@@ -50,10 +50,14 @@ public class JdbcRemeberMeService extends AbstractRemeberMeService {
    public JdbcRemeberMeService(
    			JdbcTemplate jdbcTemplate,
    			ApplicationConfig applicationConfig,
-    			AuthJwtService authJwtService) {
+    			AuthJwtService authJwtService,
+    			int validity) {
        this.jdbcTemplate = jdbcTemplate;
        this.applicationConfig = applicationConfig;
        this.authJwtService = authJwtService;
+        if(validity != 0) {
+        	this.validity = validity;
+        }
    }

    @Override
--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/AuthenticationAutoConfiguration.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/AuthenticationAutoConfiguration.java
@@ -70,7 +70,7 @@ public class AuthenticationAutoConfiguration  implements InitializingBean {
        return new SavedRequestAwareAuthenticationSuccessHandler();
    }
    
-    @Bean(name = "authenticationProvider")
+    @Bean
    public AbstractAuthenticationProvider authenticationProvider(
    		AbstractAuthenticationProvider normalAuthenticationProvider,
    		AbstractAuthenticationProvider mobileAuthenticationProvider,
@@ -100,7 +100,7 @@ public class AuthenticationAutoConfiguration  implements InitializingBean {
        	);
    }
    
-    @Bean(name = "mobileAuthenticationProvider")
+    @Bean
    public AbstractAuthenticationProvider mobileAuthenticationProvider(
    		AbstractAuthenticationRealm authenticationRealm,
    		ApplicationConfig applicationConfig,
@@ -116,7 +116,7 @@ public class AuthenticationAutoConfiguration  implements InitializingBean {
        	);
    }

-    @Bean(name = "trustedAuthenticationProvider")
+    @Bean
    public AbstractAuthenticationProvider trustedAuthenticationProvider(
    		AbstractAuthenticationRealm authenticationRealm,
    		ApplicationConfig applicationConfig,
@@ -130,7 +130,7 @@ public class AuthenticationAutoConfiguration  implements InitializingBean {
        	);
    }
    
-    @Bean(name = "authJwtService")
+    @Bean
    public AuthJwtService authJwtService(
    		AuthJwkConfig authJwkConfig,
    		RedisConnectionFactory redisConnFactory,
@@ -162,23 +162,22 @@ public class AuthenticationAutoConfiguration  implements InitializingBean {
            otpAuthnService.setRedisOptTokenStore(redisOptTokenStore);
        }
        
-        
        _logger.debug("OneTimePasswordService {} inited." , 
        				persistence == ConstsPersistence.REDIS ? "Redis" : "InMemory");
        return otpAuthnService;
    }
    
-    @Bean(name = "passwordPolicyValidator")
+    @Bean
    public PasswordPolicyValidator passwordPolicyValidator(JdbcTemplate jdbcTemplate,MessageSource messageSource) {
        return new PasswordPolicyValidator(jdbcTemplate,messageSource);
    }
    
-    @Bean(name = "loginRepository")
+    @Bean
    public LoginRepository loginRepository(JdbcTemplate jdbcTemplate) {
        return new LoginRepository(jdbcTemplate);
    }
-    @Bean(name = "loginHistoryRepository")
-    public LoginHistoryRepository LoginHistoryRepository(JdbcTemplate jdbcTemplate) {
+    @Bean
+    public LoginHistoryRepository loginHistoryRepository(JdbcTemplate jdbcTemplate) {
        return new LoginHistoryRepository(jdbcTemplate);
    }
    
@@ -188,12 +187,12 @@ public class AuthenticationAutoConfiguration  implements InitializingBean {
            @Value("${maxkey.server.persistence}") int persistence,
            JdbcTemplate jdbcTemplate,
            RedisConnectionFactory redisConnFactory,
-            @Value("${server.servlet.session.timeout:1800}") int timeout
+            @Value("${maxkey.session.timeout:1800}") int timeout
            ) {
+    	_logger.trace("session timeout " + timeout);
        SessionManager  sessionManager  = 
-                new SessionManagerFactory().getManager(persistence, jdbcTemplate, redisConnFactory);
-        sessionManager.setValiditySeconds(timeout);
-        _logger.trace("onlineTicket timeout " + timeout);
+                new SessionManagerFactory().getManager(
+                		persistence, jdbcTemplate, redisConnFactory,timeout);
        return sessionManager;
    }
    
@@ -209,7 +208,9 @@ public class AuthenticationAutoConfiguration  implements InitializingBean {
            ApplicationConfig applicationConfig,
            AuthJwtService authJwtService,
            JdbcTemplate jdbcTemplate) {
-        return new  JdbcRemeberMeService(jdbcTemplate,applicationConfig,authJwtService);
+    	_logger.trace("init remeberMeService , validity {}." , validity);
+        return new  JdbcRemeberMeService(
+        		jdbcTemplate,applicationConfig,authJwtService,validity);
    }
    
    @Bean