Shulou(Shulou.com)06/02 Report--

In this issue, the editor will bring you about how to analyze Session sharing and single sign-on based on SpringBoot+Redis. The article is rich in content and analyzes and narrates it from a professional point of view. I hope you can get something after reading this article.

Preface

Using Redis to achieve Session sharing, in fact, there are many examples online, this is to ensure that the most typical redis usage scenario in cluster deployment. In a SpringBoot project, you can simply add dependencies and a line of comments without having to write one line of running code (configuration information is still required, of course).

Then simply deploy the project to different tomcat, such as different ports (A, B), but the project access path is the same. Using the set method in An and the get method in B, you can find that you can get the content set in An in B.

But it would be wrong to say that the deployment of such a project in multiple tomcat implements single sign-on.

The so-called single sign-on means that in different projects, only any one project is required to log in, and other projects do not need to log in.

Also in the above example, we put the set and get methods into two projects (set and get), and deploy both projects to servers An and B in a cluster manner, and then access server A's set and server B's get, respectively, and you will find that you can't get the results you want at all.

Set/get in the same project

Forget about dependency addition, just use the easiest way.

@ SpringBootApplication@EnableRedisHttpSession@RestControllerpublic class SessionShareApplication {public static void main (String [] args) {

SpringApplication.run (SessionShareApplication.class, args)

} @ Autowired HttpSession session

@ Autowired HttpServletRequest req

@ GetMapping ("/ set") public Object set () {session.setAttribute ("state", "state was setted.")

Map map = new TreeMap ()

Map.put ("msg", session.getAttribute ("state"))

Map.put ("serverPort", req.getLocalPort ())

Return map;}

@ GetMapping ("/ get") public Object get () {Map map = new TreeMap ()

Map.put ("msg", session.getAttribute ("state"))

Map.put ("serverPort", req.getLocalPort ())

Return map;}}

Package the project into war, deploy it in tomcatA (port 8080) and tomcatB (port 8081), then set session through the tomcatA/set method, and then use the tomcatB/get method to get the value of session. But this only implements the sharing of the session of the same project. It's not single sign-on.

To verify, we don't split the set/get method into two projects.

Split set/get into two projects

Get project

@ SpringBootApplication@EnableRedisHttpSession@RestControllerpublic class SetApplication {public static void main (String [] args) {

SpringApplication.run (SetApplication.class, args);}

@ Autowired HttpSession session

@ Autowired HttpServletRequest req

GetMapping ("/") public Object set () {

Session.setAttribute ("state", "state was setted.")

Map map = new TreeMap ()

Map.put ("msg", session.getAttribute ("state"))

Map.put ("serverPort", req.getLocalPort ())

Return map;}}

Package the project as set.war

Set project

@ SpringBootApplication@EnableRedisHttpSession@RestControllerpublic class GetApplication {

Public static void main (String [] args) {

SpringApplication.run (GetApplication.class, args);}

@ Autowired HttpSession session

@ Autowired HttpServletRequest req

GetMapping ("/") public Object get () {

Map map = new TreeMap ()

Map.put ("msg", session.getAttribute ("state"))

Map.put ("serverPort", req.getLocalPort ())

Return map;}}

Package the project as get.war

Then deploy set.war,get.war to tomcatA and tomcatB respectively, set session content through tomcatA/set, and then find that the value of session cannot be obtained through tomcatB/get.

Analysis of problems

Although the path we use is the same, it is actually two projects, which are completely different from the previous project. The problem is that session and cookie are related to the project path by default. In the case of the same project, the project path that the two methods need to rely on by cookie is the same, so it is no problem to get the value of session, but in the latter case, the path of cookie belongs to different projects. So the second project cannot get the session content set in the first project.

Solution method

The solution is actually very simple in the springboot project. Now that the cookie path has changed, we'll just let it be configured with the same path. Add a configuration class to each sub-project or set the path of cookie directly. If there is a domain name, you can also set the domain name limit, such as set.xxx.com and get.xxx.com. In the case of set.xxx.com and get.xxx.com, we need to set the domain name of cookie to xxx.com to ensure that the cookie value under the domain name xxx.com cannot be obtained under any project. This ensures that you can get the shared session value properly.

@ Configurationpublic class CookieConfig {

@ Bean public static DefaultCookieSerializer defaultCookieSerializer () {

DefaultCookieSerializer serializer = new DefaultCookieSerializer ()

Serializer.setCookiePath (/)

/ / serializer.setDomainName ("xxx.com")

/ / if domain name access is used, it is recommended to set return serializer;}} for this sentence.

The above is how to parse SpringBoot+Redis-based Session sharing and single sign-on. If you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.