CN108629191A - The method that cross-system based on shiro and redis forces user offline - Google Patents
The method that cross-system based on shiro and redis forces user offline Download PDFInfo
- Publication number
- CN108629191A CN108629191A CN201810287258.2A CN201810287258A CN108629191A CN 108629191 A CN108629191 A CN 108629191A CN 201810287258 A CN201810287258 A CN 201810287258A CN 108629191 A CN108629191 A CN 108629191A
- Authority
- CN
- China
- Prior art keywords
- user
- redis
- offline
- shiro
- forces
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Automation & Control Theory (AREA)
- Storage Device Security (AREA)
Abstract
The method that the cross-system that the invention discloses a kind of based on shiro and redis forces user offline, including step:S1. the user identifier uid of abnormal user is obtained by managing end system;S2. using the user identifier uid obtained, freeze the abnormal user by managing end system;S3. the user right state with user identifier uid in persistent storage database is set as frozen state by management end system, and lower line will be forced to be stored in Redis databases;S4. when user terminal system receives user and sends out resource access request, line under the pressure for whether having the user in Redis databases is inquired, is executed if having and forces offline operation, otherwise respond the request that the user sends out.The present invention can be operated directly in management end system, made the abnormal user of user terminal system offline in time and freezed account, to enable a system to more safely and reliably run.
Description
Technical field
The present invention relates to technical field of system security, more particularly to the cross-system based on shiro and redis is forced under user
The method of line.
Background technology
Currently, almost all of system is owned by a rights management part, for providing, user logs in and judgement is stepped on
The function of record state.But some malicious users are inevitably had, system is abnormally used, such as one is propagated after login system
A little illegal information.This when, webmaster just needed to freeze the account of the user, and allowed it that cannot continue in time
Any operation.
It is traditional that freeze user in management end be the permission for changing user, user must when logging in next time just meeting system
User right information being read again, to capture information on hold so that the user no longer has frozen permission,
Although it also means that malicious user can still continue malice in the case where currently logging in environment uses the system.
It is by the way that User Status is recorded in session or is recorded in interim that another kind, which forces offline operation,
In depositing, is corresponded to when user right changes and read the current limiting operation of user, to realize offline operation, this mode
Efficiency is not high enough, realizes difficulty bigger.
In addition, when for the case where user terminal and management end are same systems, realizes that pressure is offline and be easier, but
It is that user terminal and management end are placed on a system, the difficulty that exploitation is safeguarded can be increased.Therefore, for management end and user terminal
The system for separating development deployment, cross-system force user offline to become the another problem that current Web system development is faced.One
The offline mechanism of the simple and efficient pressure of kind realization method becomes a urgent problem to be solved of cross-system development field.
Invention content
It is insufficient in above-mentioned background technology the purpose of the present invention is overcoming, the cross-system based on shiro and redis is provided and is forced
The method of user offline can be operated directly in management end system, make the abnormal user of user terminal system offline in time
And freeze account, to enable a system to more safely and reliably run, reduce the influence that other are used with the system user.
In order to reach above-mentioned technique effect, the present invention takes following technical scheme:
The method that cross-system based on shiro and redis forces user offline, specifically comprises the steps of:
S1. the user identifier uid of abnormal user is obtained by managing end system;
S2. using the user identifier uid obtained, freeze the abnormal user by managing end system;
S3. the user right state with user identifier uid in persistent storage database is set as by management end system
Frozen state, and lower line will be forced to be stored in Redis databases;
S4. whether when user terminal system receives user and sends out resource access request, inquiring in Redis databases has the use
Line under the pressure at family forces offline operation otherwise to respond the request that the user sends out if so, then executing.
Further, the Redis databases are to carry out data by the way of key-value data distribution formulas caching to deposit
Storage, wherein key is in the data structure of line under being forced in the step S3:Force user offline instruction+user identifier
Uid, value true.
Further, the step S4 is specially:
S41. when user terminal system receives user and sends out resource access request, persistence is inquired according to user identifier uid
Whether the rights state for storing the user in database is frozen state;
If S42. frozen state, then refuse the request of the user and terminate this secondary response, otherwise, by the way that user will be forced
Lower line is spliced into line key under the pressure of active user and enters step S43 with user identifier uid;
S43. the corresponding value values of line key under the pressure are searched in Redis databases, if finding value values
Then being executed for true forces offline operation otherwise to respond the request that the user sends out.
Further, following login authentication step is specifically carried out when user sends out the request of login user end system:
The first step, user terminal system is according to the user information of the username and password received, in perdurable data library
The user information that verification obtains whether there is and inquire user right state simultaneously;
Second step, if the user information of the user is not verified or user right state is frozen state, in user
End system returns to login failure or prompt in frozen state to user and refuses the login of the user;Otherwise, one is created
User session corresponding with user identifier uid is simultaneously stored in Redis databases, and user session can be arranged one
A automatic expired time, right rear line return to the prompt logined successfully.
In the method for the invention, the basic principle that shiro and redis carries out rights management is mainly utilized, passes through
Offline logic is forced user terminal is newly-increased, when accessing a resource due to user, shiro all can to the login situation of the user and
Permission is checked, then can be updated to the session in Redis databases, therefore, the technical scheme is that adopting
The logon rights inspection of user is carried out with to the session in Redis databases with offline logic will be forced to be inserted in shiro
Between update, then after completing login status and scope check, then the user identifier uid of active user is obtained, then will forced
User offline instructs and uid is spliced, and forms the pressure user offline instruction of the user, and this spliced instruction is made
For key, it is offline to illustrate that active user is not forced, normally holds if not inquiring corresponding data for inquiry Redis databases
Row next update session operation just needs to force active user offline, direct tune if inquiring data
It can be completed with the logout of shiro, user cannot carry out needing what is logged in various to operate at this time.
Further, after user logs in, in other resources of each successful access system of user, user terminal system meeting
Update operation is executed to the user session in Redis databases first, and updates user's session expired times simultaneously.
Further, after logging off when the user clicks, user terminal system can delete preserved in Redis databases it is corresponding
User session.
Further, when management end system will force lower line to be stored in Redis databases in the step S3 simultaneously
The expired time that line under the pressure is arranged is corresponding user session expired times, and user's session expired times are
One user does not carry out any operation within this time, will can give back system in this way by the offline control time of system
Resource, therefore, it is corresponding user session expired times to force the expired time of lower line, then if in this time
Interior, abnormal user initiates request, then can user terminal be forced lower line force it is offline, can if not initiating to ask
It is automatically offline by session expired times, once and abnormal user it is offline, just can not again log in, except non-administrator thaw, this
If when the abnormal user be not logged in, need to read user's frozen state in perdurable data library due to logging in, so the user
It cannot normally log in.
Further, specific to carry out following operation when needing defrosting user:
Step 1 obtains the user identifier uid for the user that need to thaw by managing end system;
Step 2, by the user right state with user identifier uid in persistent storage database by frozen state
It is revised as normal;
Step 3 deletes line under the corresponding pressures of user identifier uid preserved in Redis databases.
Further, the persistent storage database is MySQL database.
Compared with prior art, the present invention having advantageous effect below:
Technical scheme of the present invention realizes cross-system operation user by more shirtsleeve operation and forces offline purpose,
And have the characteristics that efficient, processing speed is fast, applied widely, it is equal for the separated Web system of management end and user terminal
This mode can be used, to avoid malicious user from continuing to damage system.
Description of the drawings
Fig. 1 is the schematic diagram that the cross-system based on shiro and redis of the present invention forces the method for user offline.
Fig. 2 be the present invention method in user terminal force offline flow diagram.
Fig. 3 be the present invention method in management end freeze user's flow diagram.
Fig. 4 be the present invention method in management end defrosting user's flow diagram.
Reference numeral:101- abnormal users, 102- user terminal systems, 103- persistent storage databases, 104-Redis numbers
According to library, 105- manages end system, 106- administrators
Specific implementation mode
With reference to the embodiment of the present invention, the invention will be further elaborated.
Embodiment:
Technical solution in order to better illustrate the present invention is introduced and carries out rights management using shiro and redis first
Basic principle.
Redis databases are a memory databases, and due to the use of memory rather than hard disk preserves data, therefore it has very
Highland access speed is adapted to frequently access as needs and requires the data repository of inquiry velocity quickly.
Which employs the modes of key-value to carry out data storage, preserves data and is passed to key and value, the data of preservation
One automatic expired time can be set, this data can be automatically deleted to this time, if set again when not out of date
This expired time is set, old expired time can be made capped, update the data incoming key and new value;It is inquired by key
Data can return to the value of value;And delete data be passed to key when can also delete specified data.
Shiro is that popular rights management frame is developed in a rear end Java, in order to realize rear end distributed deployment, warp
It often needs to use itself and redis collocation, the session of shiro is stored in Redis databases, in this way in a node
After login, next time accesses other nodes, can also inquire the session information of active user.
Specific implementation is to inherit CachingSessionDAO classes, rewrites its doCreate, doDelete,
DoUpdate, doReadSession method make them to preserving in the corresponding Redis databases of the operation of session
session.These methods are indicated to change the additions and deletions of session respectively and be looked into.Then shiro frames are configured
CachingSessionDAO oneself realizes for us.The basic procedure of shiro work is described below.
When user initiates logging request, user terminal will receive the username and password of request, and user terminal system can be held
The login methods of row shiro, inquiry perdurable data library obtain the information of user, are verified and examine in username and password
It is that can create a user data after not freezing in memory, and call doSave methods, preserve current to look into user's frozen state
An automatic expired time can be arranged in session to the Redis databases of user, the session.
After user successfully logs in and when other resources of successful access system every time, user terminal system can be right first
Session in Redis databases calls doUpdate methods, executes update operation, while can update expired time.
After user clicks and logs off, user terminal system can execute the logout methods of shiro, delete user in memory
Data, and doDelete methods are executed, delete the user session preserved in Redis databases.
It is a kind of method that the cross-system based on shiro and redis forces user offline as shown in Figures 1 and 3, it is specific to wrap
Containing following steps:
S1. administrator 106 obtains the user identifier uid of abnormal user 101 by managing end system 105;
S2. using the user identifier uid obtained, administrator freezes the abnormal user by managing end system 105;
S3. administrator will have user identifier uid's by managing end system 105 in persistent storage database 103
User right state is set as frozen state, and will force lower line deposit Redis databases 104;
S4. when user terminal system 102 receives user and sends out resource access request, whether having in Redis databases inquired
Line under the pressure of the user forces offline operation otherwise to respond the request that the user sends out if so, then executing.
When administrator has found some abnormal user, the user for obtaining this user first by managing end system is marked
Know uid, the frozen state that user inside MySQL database is updated by uid is to freeze, and be written one to Redis databases
Item forces the user offline director data, and key is " forcing user offline instruction+user identifier uid ", value in this data
For true.This key-value is stored in redis databases, and it is session expired times that its expired time, which is arranged,.
Then when user accesses a resource, shiro first can check the login situation and permission of the user.
Therefore, force offline logic to be placed on this position user to find whether user has been forced in time offline.
The offline logic of the pressure includes specifically the following contents:
After completing login status and scope check, the doUpdate methods of shiro are changed, are most being started plus following behaviour
Make, obtain the user identifier uid of active user, then " will force user offline instruction+uid " forms key, is inquired by key
Redis databases obtain value, if the value of value is empty or is not true, it is offline to illustrate that active user is not forced,
Normally execute next update session operations;If the value of value is true, just need to force active user
It is offline, the logout methods of shiro are directly invoked, and an exception of dishing out, this request is prevented to continue to execute.User at this time
Just it has been forced offline, and cannot have logged in again.
Specifically as shown in Fig. 2, when user terminal system receives user and sends out resource access request, marked first according to the user
Whether the rights state for knowing the user in uid inquiry persistent storage databases is frozen state;If frozen state is then refused
The request of the user simultaneously terminates this secondary response, otherwise, by the way that user offline instruction will be forced to be spliced into currently with user identifier uid
Line key under the pressure of user;Then the corresponding value of line key under the pressure are searched in Redis databases again
Value executes if finding value values and being true and offline operation is forced otherwise to respond the request that the user sends out.
Wherein, specific to carry out following operation as shown in figure 4, when management end freezes abnormal user:
Step 1, administrator obtain the user identifier uid for the user that need to thaw by managing end system;
Step 2, administrator is by the user right state with user identifier uid in persistent storage database by freezing
It is normal to tie status modifier;
Step 3, administrator delete line under the corresponding pressures of user identifier uid preserved in Redis databases.
User can normally log at this time.
It is understood that the principle that embodiment of above is intended to be merely illustrative of the present and the exemplary implementation that uses
Mode, however the present invention is not limited thereto.For those skilled in the art, in the essence for not departing from the present invention
In the case of refreshing and essence, various changes and modifications can be made therein, these variations and modifications are also considered as protection scope of the present invention.
Claims (9)
1. the method that the cross-system based on shiro and redis forces user offline, which is characterized in that specifically comprise the steps of:
S1. the user identifier uid of abnormal user is obtained by managing end system;
S2. using the user identifier uid obtained, freeze the abnormal user by managing end system;
S3. the user right state with user identifier uid in persistent storage database is set as freezing by management end system
State, and lower line will be forced to be stored in Redis databases;
S4. whether when user terminal system receives user and sends out resource access request, inquiring in Redis databases has the user's
Lower line is forced, forces offline operation otherwise to respond the request that the user sends out if so, then executing.
2. the method that the cross-system according to claim 1 based on shiro and redis forces user offline, feature exist
In the Redis databases are to carry out data storage by the way of key-value data distribution formulas caching, wherein the step
Key is in the data structure of line under being forced in rapid S3:Force user offline instruction+user identifier uid, value true.
3. the method that the cross-system according to claim 2 based on shiro and redis forces user offline, feature exist
In the step S4 is specially:
S41. when user terminal system receives user and sends out resource access request, persistent storage is inquired according to user identifier uid
Whether the rights state of the user is frozen state in database;
If S42. frozen state, then refuse the request of the user and terminate this secondary response, otherwise, by the way that user offline will be forced
Instruction is spliced into line key under the pressure of active user and enters step S43 with user identifier uid;
S43. the corresponding value values of line key under the pressure are searched in Redis databases, are if finding value values
True, which is then executed, forces offline operation otherwise to respond the request that the user sends out.
4. the method that the cross-system according to claim 1 based on shiro and redis forces user offline, feature exist
In, when user send out login user end system request when specifically carry out following login authentication step:
The first step, user terminal system are verified according to the user information of the username and password received in perdurable data library
The user information of acquisition whether there is and inquire user right state simultaneously;
Second step, if the user information of the user is not verified or user right state is frozen state, in user terminal system
It unites the login for returning to login failure or prompt in frozen state to user and refusing the user;Otherwise, it creates one and is somebody's turn to do
The corresponding user session of user identifier uid are simultaneously stored in Redis databases, and user session can be arranged one certainly
Dynamic expired time, right rear line return to the prompt logined successfully.
5. the method that the cross-system according to claim 4 based on shiro and redis forces user offline, feature exist
In after user logs in, in other resources of each successful access system of user, user terminal system can be first to Redis numbers
Update operation is executed according to the user session in library, and updates user's session expired times simultaneously.
6. the method that the cross-system according to claim 4 based on shiro and redis forces user offline, feature exist
In after logging off when the user clicks, user terminal system can delete the corresponding user session preserved in Redis databases.
7. the method that the cross-system according to claim 4 based on shiro and redis forces user offline, feature exist
In, manage in the step S3 end system will force the pressure is arranged simultaneously when lower line deposit Redis databases it is offline
The expired time of instruction is corresponding user session expired times.
8. the method that the cross-system according to claim 1 based on shiro and redis forces user offline, feature exist
In specific to carry out following operation when needing defrosting user:
Step 1 obtains the user identifier uid for the user that need to thaw by managing end system;
Step 2 is changed the user right state with user identifier uid in persistent storage database by frozen state
It is normal;
Step 3 deletes line under the corresponding pressures of user identifier uid preserved in Redis databases.
9. according to the method that any cross-system based on shiro and redis forces user offline in claim 1 to 8,
It is characterized in that, the persistent storage database is MySQL database.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810287258.2A CN108629191A (en) | 2018-03-30 | 2018-03-30 | The method that cross-system based on shiro and redis forces user offline |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810287258.2A CN108629191A (en) | 2018-03-30 | 2018-03-30 | The method that cross-system based on shiro and redis forces user offline |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108629191A true CN108629191A (en) | 2018-10-09 |
Family
ID=63696573
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810287258.2A Pending CN108629191A (en) | 2018-03-30 | 2018-03-30 | The method that cross-system based on shiro and redis forces user offline |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108629191A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109995880A (en) * | 2019-04-15 | 2019-07-09 | 苏州浪潮智能科技有限公司 | Processing method, device and the relevant device of data access request |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105578454A (en) * | 2014-10-17 | 2016-05-11 | 任子行网络技术股份有限公司 | Method and device for forcing WLAN user into disconnection |
| CN106487744A (en) * | 2015-08-25 | 2017-03-08 | 北京京东尚科信息技术有限公司 | A kind of Shiro verification method based on Redis storage |
-
2018
- 2018-03-30 CN CN201810287258.2A patent/CN108629191A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105578454A (en) * | 2014-10-17 | 2016-05-11 | 任子行网络技术股份有限公司 | Method and device for forcing WLAN user into disconnection |
| CN106487744A (en) * | 2015-08-25 | 2017-03-08 | 北京京东尚科信息技术有限公司 | A kind of Shiro verification method based on Redis storage |
Non-Patent Citations (5)
| Title |
|---|
| 十步杀一人-千里不留行: "Spring Security 强制退出指定用户", 《HTTPS://BLOG.CSDN.NET/M0_37609579/ARTICLE/DETAILS/80013991?UTM_MEDIUM=DISTRIBUTE.PC_RELEVANT.NONE-TASK-BLOG-BLOGCOMMENDFROMBAIDU-8.CONTROL&DIST_REQUEST_ID=&DEPTH_1-UTM_SOURCE=DISTRIBUTE.PC_RELEVANT.NONE-TASK-BLOG-BLOGCOMMENDFROMBAIDU-8.CONTROL 》 * |
| 圣斗士MORTY: "Web应用安全————账号冻结与 Session 实时失效", 《HTTPS://BLOG.CSDN.NET/U014745069/ARTICLE/DETAILS/101099988》 * |
| 犁叔: "Spring security实现指定用户session过期", 《HTTPS://BLOG.CSDN.NET/U012739535/ARTICLE/DETAILS/46448307?UTM_SOURCE=BLOGKPCL5》 * |
| 礼拜天001: "基于Redis的在线用户列表解决方案", 《HTTPS://WWW.CNBLOGS.COM/LIBAOTING/P/4106390.HTML》 * |
| 翁云翔: "Java安全框架Shiro在Web中的研究与应用", 《中国优秀硕士学位论文全文数据库信息科技辑(月刊)》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109995880A (en) * | 2019-04-15 | 2019-07-09 | 苏州浪潮智能科技有限公司 | Processing method, device and the relevant device of data access request |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US5737523A (en) | Methods and apparatus for providing dynamic network file system client authentication | |
| EP2649750B1 (en) | Providing transparent failover in a file system | |
| EP2195749B1 (en) | Efficient file hash identifier computation | |
| US10848563B2 (en) | On-device, application-specific compliance enforcement | |
| US8806494B2 (en) | Managed control of processes including privilege escalation | |
| US7975302B2 (en) | System for real-time detection of computer system files intrusion | |
| US7664725B2 (en) | Method and apparatus for transparently mapping a request to open a data file | |
| US8584196B2 (en) | Technique for efficiently evaluating a security policy | |
| US8578449B2 (en) | Replicating selected secrets to local domain controllers | |
| US11461267B2 (en) | Method, device and computer readable medium for accessing files | |
| US10346320B2 (en) | Restricting applications and users that can make persistent changes to artifacts | |
| CN112544054B (en) | Automatically generating threat remediation steps through crowd-sourced security solutions | |
| US6988280B2 (en) | System and method for enhancing authorization request in a computing device | |
| US20180026986A1 (en) | Data loss prevention system and data loss prevention method | |
| WO2021121382A1 (en) | Security management of an autonomous vehicle | |
| US9465752B2 (en) | Systems and/or methods for policy-based access to data in memory tiers | |
| US8230116B2 (en) | Resumption of execution of a requested function command | |
| CN108629191A (en) | The method that cross-system based on shiro and redis forces user offline | |
| KR100692999B1 (en) | Key cache management through multiple localities | |
| US20160085779A1 (en) | Systems and methods for dynamically intercepting and adjusting persistence behaviors via runtime configuration | |
| KR20030086722A (en) | System for detecting a kernel backdoor, method for detecting a kernel backdoor and method for recovering a kernel data using the same | |
| CN107665312A (en) | Data guard method, client and system | |
| US10831916B2 (en) | Method for blocking access of malicious application and storage device implementing the same | |
| CN111737771A (en) | Supervision place police service terminal system based on Android dual-system trusted operation framework | |
| US20240045602A1 (en) | Systems and methods for adaptive data partitioning within cluster systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181009 |