馃崙鏃犺鏄崟绯荤粺杩樻槸鍒嗗竷寮忕郴缁燂紝閮戒細娑夊強鍒扮敤鎴风櫥褰曘€佽璇侊紙鎺堟潈銆侀壌鏉冿級銆侀€€鍑虹瓑鍩烘湰鍔熻兘銆備笉鍚屾灦鏋勯噰鐢ㄧ殑鐧诲綍璁よ瘉鏂规鍚勪笉鐩稿悓锛屽父鐢ㄧ殑鏈塩ookie-session銆乼oken銆丣WT绛夈€備竴涓叏鏂扮殑璇锋眰锛屾湇鍔″櫒涓嶇煡閬撳鎴风鐨勫巻鍙茶姹傝褰曪紱Session鍜孋ookie鐨勪富瑕佺洰鐨勬槸涓轰簡寮ヨˉHTTP鐨勬棤鐘舵€佹€с€係ession鏄竴绉嶄紶缁熺殑璁板綍鏈嶅姟鍣ㄥ拰瀹㈡埛绔細璇濈姸鎬佺殑鏈哄埗銆係ession鏄熀浜巆ookie瀹炵幇鐨勩€係ession淇濆瓨鍦ㄦ湇鍔″櫒绔紝sessionId浼氫繚瀛樺湪瀹㈡埛绔殑cookie涓€係ession浼氳瘽涓嶈兘璺ㄨ妭鐐瑰拰鍩熷叡浜€傞渶瑕乺edis绛変腑闂翠欢杈呭姪鍏变韩session鐘舵€侌煃噒okenAccesssToken璁块棶璧勬簮鎺ュ彛锛圓PI锛夋墍闇€鐨勮祫婧愬嚟璇乻impletoken鐨勭粍鎴愶細uid锛堢敤鎴风殑鍞竴鏍囪瘑锛夛紝time锛堝綋鍓嶇殑鏃堕棿鎴筹級time),sign(Signature,token鐨勫墠鍑犱綅閫氳繃鍝堝笇绠楁硶鍘嬬缉鎴愪竴瀹氶暱搴︾殑鍗佸叚杩涘埗瀛楃涓?鍩轰簬Token鐨勭敤鎴疯璇佹槸鏈嶅姟绔殑涓€绉嶆棤鐘舵€佽璇佹柟寮忥紝鏈嶅姟绔笉闇€瑕佸瓨鍌ㄤ护鐗屾暟鎹€傜敤瑙f瀽token鐨勮绠楁椂闂存崲鍙杝ession鐨勫瓨鍌ㄧ┖闂达紝鍑忚交鏈嶅姟鍣ㄥ帇鍔涳紝鍑忓皯棰戠箒鏌ヨ鏁版嵁搴撱€俽efreshtoken鍒锋柊浠ょ墝鏄笓鐢ㄤ簬鍒锋柊璁块棶浠ょ墝鐨勪护鐗屻€傚鏋滄病鏈塺efreshtoken锛宎ccesstoken涔熷彲浠ュ埛鏂帮紝浣嗘槸姣忔鍒锋柊鐢ㄦ埛閮借杈撳叆鐧诲綍鐢ㄦ埛鍚嶅拰瀵嗙爜锛屼細寰堥夯鐑︺€傛湁浜唕efreshtoken灏卞彲浠ュ噺灏戣繖涓夯鐑︼紝瀹㈡埛绔洿鎺ヤ娇鐢╮efreshtoken鏉ユ洿鏂癮ccesstoken锛屼笉闇€瑕佺敤鎴烽澶栨搷浣溿€侫ccessToken鐨勬湁鏁堟湡姣旇緝鐭€傚綋AccesssToken杩囨湡澶辨晥鏃讹紝鍙互閫氳繃RefreshToken鑾峰彇鏂扮殑Token銆傚鏋淩efreshToken涔熷け鏁堬紝鐢ㄦ埛鍙兘閲嶆柊鐧诲綍銆俁efreshToken鍙婂叾杩囨湡鏃堕棿淇濆瓨鍦ㄦ湇鍔″櫒鐨勬暟鎹簱涓紝鍙湁鍦ㄧ敵璇锋柊鐨凙ccesssToken鏃舵墠浼氳繘琛岄獙璇侊紝涓嶄細褰卞搷涓氬姟鎺ュ彛鐨勫搷搴旀椂闂达紝涓嶉渶瑕佸儚浼氳瘽澶勭悊澶ч噺璇㈤棶銆傪煃岼WTJsonWebToken鐨勭缉鍐欐槸JWT锛岄€氬父鍙互绉颁负Jsontoken銆傚畠鏄疪FC7519涓畾涔夌殑涓€绉嶅舰寮忥紝鐢ㄤ簬灏嗕俊鎭綔涓篔son瀵硅薄瀹夊叏鍦颁紶杈撱€傚瓨鍌ㄥ湪JWT涓殑淇℃伅缁忚繃鏁板瓧绛惧悕锛屽洜姝ゅ彲浠ヤ俊浠诲拰鐞嗚В銆傚彲浠ヤ娇鐢℉MAC绠楁硶鎴栦娇鐢≧SA/ECDSA鐨勫叕閽?绉侀挜瀵笿WT杩涜绛惧悕銆侸WT鍦ㄧ嚎鐢熸垚Session锛孞WT銆乀oken閫夋嫨SessionCookies鍙兘鍦ㄥ崟涓妭鐐圭殑鍩熸垨鍏跺瓙鍩熶腑浣跨敤銆傚鏋滀粬浠瘯鍥鹃€氳繃绗笁鏂硅妭鐐硅闂紝浠栦滑灏嗚绂佹銆傚浜庡彧闇€瑕佺櫥褰曠敤鎴峰苟璁块棶瀛樺偍鍦ㄧ珯鐐规暟鎹簱涓殑涓€浜涗俊鎭殑涓皬鍨嬬綉绔欙紝SessionCookies閫氬父灏辫冻澶熶簡銆俿ession-jwt閫夋嫨JWT锛歍oken鍜孭ayload鍔犲瘑淇濆瓨鍦ㄥ鎴风銆傛湇鍔$鍙渶瑕佷娇鐢ㄥ瘑閽ヨВ瀵嗛獙璇佸嵆鍙紙楠岃瘉涔熸槸JWT鑷繁瀹炵幇鐨勶級銆傛棤闇€鏌ヨ鎴栧噺灏戞煡璇㈡暟鎹簱锛屽洜涓篔WT鑷甫鐢ㄦ埛淇℃伅鍜屽姞瀵嗘暟鎹€俆oken鍜孞WT鐨勫尯鍒細鏈嶅姟绔湪楠岃瘉瀹㈡埛绔彂閫佺殑Token鏃讹紝杩橀渶瑕佹煡璇㈡暟鎹簱鑾峰彇鐢ㄦ埛淇℃伅锛岀劧鍚庨獙璇乀oken鏄惁鏈夋晥銆侸WT鑷甫鐢ㄦ埛淇℃伅鍜屽姞瀵嗘暟瀛楋紝涓嶉渶瑕佹牎楠屻€傚鏋滄偍鏈変紒涓氱骇绔欑偣銆佸簲鐢ㄧ▼搴忔垨闄勮繎鐨勭珯鐐广€佺Щ鍔ㄨ澶囩瓑锛涜€屼綘闇€瑕佸鐞嗗ぇ閲忕殑璇锋眰锛屽挨鍏舵槸绗笁鏂规垨鑰呭緢澶氱涓夋柟锛堝寘鎷綅浜庝笉鍚屽煙鐨凙PI锛夛紝JWT鍜孴oken鏄剧劧鏇撮€傚悎鐞嗚В鏇村馃崒Session鏈夋晥鎬ц缃敱浜庡叧闂祻瑙堝櫒涓嶄細瀵艰嚧session瑕佸垹闄わ紝鏈嶅姟鍣ㄥ繀椤讳负浼氳瘽璁剧疆涓€涓繃鏈熸椂闂淬€傚綋瀹㈡埛绔渶鍚庝竴娆′娇鐢╯ession鐨勬椂闂磋秴杩囦簡杩欎釜杩囨湡鏃堕棿锛屾湇鍔″櫒灏辫涓哄鎴风宸茬粡鍋滄浜嗭紝鍙湁鍦ㄦ病鏈塧ctivity鐨勬儏鍐典笅鎵嶄細鍒犻櫎session锛屼互鑺傜渷瀛樺偍绌洪棿銆傪煃妔pring-sessionSpringSession鎻愪緵浜嗗redis銆乵ongodb銆乵ysql绛夊父鐢ㄥ瓨鍌ㄥ簱鐨勬敮鎸併€係pringSession鎻愪緵浜嗕笌HttpSession鐨勯€忔槑闆嗘垚锛岃繖鎰忓懗鐫€寮€鍙戣€呭彲浠ュ皢HttpSession鐨勫疄鐜颁笌SpringSession鏀寔鐨勫疄鐜拌繘琛屽垏鎹€係pringSession澧炲姞浜嗕竴涓猄essionRepositoryFilter杩囨护鍣ㄦ潵淇敼灏佽璇锋眰鍜屽搷搴斻€傛墦鍖呰姹備负SessionRepositoryRequestWrapper銆傚湪璋冪敤getSession()鏂规硶鏃讹紝瀹為檯涓婃槸鍦ㄨ皟鐢⊿pringSession瀹炵幇鐨勪細璇濄€俿pring-session-sampleSessionRepositoryFilterConfiguration@Configuration(proxyBeanMethods=false)@ConditionalOnBean(SessionRepositoryFilter.class)@EnableConfigurationProperties(SessionProperties.class)绫籗essionRepositoryFilterConfiguration{@BeanFilterRegistrationBean
