Java：APIJSONBoot 和 MultiDataSource 代理接口解决前端有时发送不了 Cookie 导致登录鉴权失败等问题

Author: TommyLemon

APIJSON-Java-Server/APIJSONBoot-MultiDataSource/pom.xml

@@ -4,9 +4,9 @@
 	<modelVersion>4.0.0</modelVersion>
 
 	<groupId>apijson.boot</groupId>
-	<artifactId>apijson-boot-multi-datasource</artifactId>
-	<version>4.7.2</version>
-	<packaging>jar</packaging>
+	<artifactId>apijson-boot</artifactId>
+	<version>4.8.0</version>
+	<!-- <packaging>jar</packaging> -->
 
 	<name>APIJSONBoot-MultiDataSource</name>
 	<description>Demo project for APIJSON Server based on SpringBoot</description>

APIJSON-Java-Server/APIJSONBoot-MultiDataSource/src/main/java/apijson/boot/DemoApplication.java

@@ -21,7 +21,6 @@
 
 import javax.naming.Context;
 
-import apijson.framework.APIJSONParser;
 import org.springframework.beans.BeansException;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
@@ -48,6 +47,7 @@
 import apijson.demo.DemoVerifier;
 import apijson.framework.APIJSONApplication;
 import apijson.framework.APIJSONCreator;
+import apijson.framework.APIJSONParser;
 import apijson.orm.AbstractVerifier;
 import apijson.orm.FunctionParser;
 import apijson.orm.Parser;
@@ -278,6 +278,7 @@ public void addCorsMappings(CorsRegistry registry) {
 				.allowedOriginPatterns("*")  
 				.allowedMethods("*")
 				.allowCredentials(true)
+				.exposedHeaders(DemoController.APIJSON_DELEGATE_ID)  // Cookie 和 Set-Cookie 怎么设置都没用 ,Cookie,Set-Cookie")   // .exposedHeaders("*")
 				.maxAge(3600);  
 			}
 		};

APIJSON-Java-Server/APIJSONBoot-MultiDataSource/src/main/java/apijson/boot/DemoController.java

@@ -65,6 +65,7 @@
 import org.springframework.web.client.RestTemplate;
 
 import com.alibaba.fastjson.JSONObject;
+import com.fasterxml.jackson.databind.util.LRUMap;
 
 import apijson.JSON;
 import apijson.JSONResponse;
@@ -714,6 +715,8 @@ public JSONObject login(@RequestBody String request, HttpSession session) {
 	@PostMapping("logout")
 	@Override
 	public JSONObject logout(HttpSession session) {
+		SESSION_MAP.remove(session.getId());
+
 		long userId;
 		try {
 			userId = DemoVerifier.getVisitorId(session);//必须在session.invalidate();前！
@@ -1074,10 +1077,24 @@ public JSONObject putBalance(@RequestBody String request, HttpSession session) {
 
 
 	// 为 APIAuto 提供的代理接口(解决跨域问题) 和 导入第三方文档的测试接口 https://github.com/TommyLemon/APIAuto  <<<<<<<<<<<<<<<<<<<<<<<<<<<
+	
+	public static class SessionMap extends LRUMap<String, HttpSession> {
+		public SessionMap() {
+			super(16, 1000000);
+		}
+		public void remove(String key) {
+			_map.remove(key);
+		}
+	}
+	
+	public static final SessionMap SESSION_MAP;
 
 	public static final String ADD_COOKIE = "Add-Cookie";
+	public static final String APIJSON_DELEGATE_ID = "APIJSON-DELEGATE-ID";
 	public static final List<String> EXCEPT_HEADER_LIST;
 	static {
+		SESSION_MAP = new SessionMap();
+		
 		EXCEPT_HEADER_LIST = Arrays.asList(  //accept-encoding 在某些情况下导致乱码，origin 和 sec-fetch-mode 等 CORS 信息导致服务器代理失败
 				"accept-encoding", "accept-language", // "accept", "connection"
 				"host", "origin", "referer", "user-agent", "sec-fetch-mode", "sec-fetch-site", "sec-fetch-dest", "sec-fetch-user"
@@ -1100,16 +1117,18 @@ public JSONObject putBalance(@RequestBody String request, HttpSession session) {
 	@SuppressWarnings("unchecked")
 	@RequestMapping(value = "delegate")
 	public String delegate(
+			@RequestParam("$_delegate_url") String url, 
 			@RequestParam(value = "$_type", required = false) String type,
 			@RequestParam(value = "$_except_headers", required = false) String exceptHeaders,
-			@RequestParam("$_delegate_url") String url, 
+			@RequestParam(value = "$_delegate_id", required = false) String sessionId, 
 			@RequestBody(required = false) String body, 
 			HttpMethod method, HttpSession session
 			) {
 
 		if (Log.DEBUG == false) {
 			return DemoParser.newErrorResult(new IllegalAccessException("非 DEBUG 模式下不允许使用服务器代理！")).toJSONString();
 		}
+		
 
 		if ("GRPC".equals(type)) {
 			int index = url.indexOf("://");
@@ -1145,6 +1164,7 @@ public String delegate(
 
 			List<String> setCookie = null;
 			List<String> addCookie = null;
+			List<String> apijsonDelegateId = null;
 
 			while (names.hasMoreElements()) {
 				name = names.nextElement();
@@ -1156,15 +1176,29 @@ public String delegate(
 					else if (ADD_COOKIE.toLowerCase().equals(name.toLowerCase())) {
 						addCookie = Arrays.asList(request.getHeader(name));
 					}
+					else if (APIJSON_DELEGATE_ID.toLowerCase().equals(name.toLowerCase())) {
+						apijsonDelegateId = Arrays.asList(request.getHeader(name));
+					}
 					else {
 						headers.add(name, request.getHeader(name));
 					}
 				}
 			}
+			
+			if (sessionId == null) {
+				sessionId = apijsonDelegateId == null || apijsonDelegateId.isEmpty() ? null : apijsonDelegateId.get(0);
+			}
+			if (sessionId != null) {
+				HttpSession s = SESSION_MAP.get(sessionId);
+				if (s != null) {
+					s = session;
+				}
+			}
 
 			if (setCookie == null && session != null) {
 				setCookie = (List<String>) session.getAttribute(COOKIE);
 			}
+			
 			if (addCookie != null && addCookie.isEmpty() == false) {
 				if (setCookie == null) {
 					setCookie = addCookie;
@@ -1223,6 +1257,10 @@ else if (ADD_COOKIE.toLowerCase().equals(name.toLowerCase())) {
 				session.setAttribute(COOKIE, cookie);
 			}
 		}
+		
+		SESSION_MAP.put(session.getId(), session);
+		response.setHeader(APIJSON_DELEGATE_ID, session.getId());
+		
 		return entity.getBody();
 	}
 

APIJSON-Java-Server/APIJSONBoot/src/main/java/apijson/boot/DemoApplication.java

@@ -21,7 +21,6 @@
 
 import javax.naming.Context;
 
-import apijson.framework.APIJSONParser;
 import org.springframework.beans.BeansException;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
@@ -48,6 +47,7 @@
 import apijson.demo.DemoVerifier;
 import apijson.framework.APIJSONApplication;
 import apijson.framework.APIJSONCreator;
+import apijson.framework.APIJSONParser;
 import apijson.orm.AbstractVerifier;
 import apijson.orm.FunctionParser;
 import apijson.orm.Parser;
@@ -278,6 +278,7 @@ public void addCorsMappings(CorsRegistry registry) {
 				.allowedOriginPatterns("*")  
 				.allowedMethods("*")
 				.allowCredentials(true)
+				.exposedHeaders(DemoController.APIJSON_DELEGATE_ID)  // Cookie 和 Set-Cookie 怎么设置都没用 ,Cookie,Set-Cookie")   // .exposedHeaders("*")
 				.maxAge(3600);  
 			}
 		};

APIJSON-Java-Server/APIJSONBoot/src/main/java/apijson/boot/DemoController.java

@@ -65,6 +65,7 @@
 import org.springframework.web.client.RestTemplate;
 
 import com.alibaba.fastjson.JSONObject;
+import com.fasterxml.jackson.databind.util.LRUMap;
 
 import apijson.JSON;
 import apijson.JSONResponse;
@@ -714,6 +715,8 @@ public JSONObject login(@RequestBody String request, HttpSession session) {
 	@PostMapping("logout")
 	@Override
 	public JSONObject logout(HttpSession session) {
+		SESSION_MAP.remove(session.getId());
+
 		long userId;
 		try {
 			userId = DemoVerifier.getVisitorId(session);//必须在session.invalidate();前！
@@ -1074,10 +1077,24 @@ public JSONObject putBalance(@RequestBody String request, HttpSession session) {
 
 
 	// 为 APIAuto 提供的代理接口(解决跨域问题) 和 导入第三方文档的测试接口 https://github.com/TommyLemon/APIAuto  <<<<<<<<<<<<<<<<<<<<<<<<<<<
+	
+	public static class SessionMap extends LRUMap<String, HttpSession> {
+		public SessionMap() {
+			super(16, 1000000);
+		}
+		public void remove(String key) {
+			_map.remove(key);
+		}
+	}
+	
+	public static final SessionMap SESSION_MAP;
 
 	public static final String ADD_COOKIE = "Add-Cookie";
+	public static final String APIJSON_DELEGATE_ID = "APIJSON-DELEGATE-ID";
 	public static final List<String> EXCEPT_HEADER_LIST;
 	static {
+		SESSION_MAP = new SessionMap();
+		
 		EXCEPT_HEADER_LIST = Arrays.asList(  //accept-encoding 在某些情况下导致乱码，origin 和 sec-fetch-mode 等 CORS 信息导致服务器代理失败
 				"accept-encoding", "accept-language", // "accept", "connection"
 				"host", "origin", "referer", "user-agent", "sec-fetch-mode", "sec-fetch-site", "sec-fetch-dest", "sec-fetch-user"
@@ -1100,16 +1117,18 @@ public JSONObject putBalance(@RequestBody String request, HttpSession session) {
 	@SuppressWarnings("unchecked")
 	@RequestMapping(value = "delegate")
 	public String delegate(
+			@RequestParam("$_delegate_url") String url, 
 			@RequestParam(value = "$_type", required = false) String type,
 			@RequestParam(value = "$_except_headers", required = false) String exceptHeaders,
-			@RequestParam("$_delegate_url") String url, 
+			@RequestParam(value = "$_delegate_id", required = false) String sessionId, 
 			@RequestBody(required = false) String body, 
 			HttpMethod method, HttpSession session
 			) {
 
 		if (Log.DEBUG == false) {
 			return DemoParser.newErrorResult(new IllegalAccessException("非 DEBUG 模式下不允许使用服务器代理！")).toJSONString();
 		}
+		
 
 		if ("GRPC".equals(type)) {
 			int index = url.indexOf("://");
@@ -1145,6 +1164,7 @@ public String delegate(
 
 			List<String> setCookie = null;
 			List<String> addCookie = null;
+			List<String> apijsonDelegateId = null;
 
 			while (names.hasMoreElements()) {
 				name = names.nextElement();
@@ -1156,15 +1176,29 @@ public String delegate(
 					else if (ADD_COOKIE.toLowerCase().equals(name.toLowerCase())) {
 						addCookie = Arrays.asList(request.getHeader(name));
 					}
+					else if (APIJSON_DELEGATE_ID.toLowerCase().equals(name.toLowerCase())) {
+						apijsonDelegateId = Arrays.asList(request.getHeader(name));
+					}
 					else {
 						headers.add(name, request.getHeader(name));
 					}
 				}
 			}
+			
+			if (sessionId == null) {
+				sessionId = apijsonDelegateId == null || apijsonDelegateId.isEmpty() ? null : apijsonDelegateId.get(0);
+			}
+			if (sessionId != null) {
+				HttpSession s = SESSION_MAP.get(sessionId);
+				if (s != null) {
+					s = session;
+				}
+			}
 
 			if (setCookie == null && session != null) {
 				setCookie = (List<String>) session.getAttribute(COOKIE);
 			}
+			
 			if (addCookie != null && addCookie.isEmpty() == false) {
 				if (setCookie == null) {
 					setCookie = addCookie;
@@ -1223,6 +1257,10 @@ else if (ADD_COOKIE.toLowerCase().equals(name.toLowerCase())) {
 				session.setAttribute(COOKIE, cookie);
 			}
 		}
+		
+		SESSION_MAP.put(session.getId(), session);
+		response.setHeader(APIJSON_DELEGATE_ID, session.getId());
+		
 		return entity.getBody();
 	}