使用Shiro開(kāi)發(fā)免登錄功能

1.什么是免登錄功能

當(dāng)我們的應(yīng)用需要集成到第三方平臺(tái)時(shí)(比如微信),第三方平臺(tái)的賬戶和我們應(yīng)用必然不是同一個(gè)励七,為了方便用戶使用崇裁,我們不可能每次在微信打開(kāi)我們的H5頁(yè)面時(shí),都需要進(jìn)行登錄蜻底。我們需要做的是骄崩,把微信賬號(hào)和我們應(yīng)用內(nèi)的賬號(hào)進(jìn)行綁定,綁定過(guò)后薄辅,進(jìn)入應(yīng)用就不需要在登錄了要拂。并且修改密碼不影響這個(gè)免登功能。

2.怎么實(shí)現(xiàn)免登功能

在講什么實(shí)現(xiàn)之前长搀,先思考一下宇弛,為什么需要登錄這個(gè)操作,如何保持登錄狀態(tài)
登錄操作源请,通過(guò)驗(yàn)證用戶名和密碼枪芒,讓系統(tǒng)承認(rèn)你是對(duì)應(yīng)用戶信息的擁有人,并授權(quán)做一些操作谁尸,簡(jiǎn)單來(lái)講舅踪,登錄就是拿到你自己的id,用這個(gè)id你可以做一些和自己有關(guān)的事情

如何保持登錄狀態(tài)則利用到了Cookie(Cookie不是必須的,也可以用其他方式實(shí)現(xiàn)良蛮,如Header)和Session
Cookie存在于客戶端抽碌,用來(lái)找到對(duì)應(yīng)的Session
Session存在于服務(wù)端,用來(lái)維持用戶登錄狀態(tài),內(nèi)部具體保存內(nèi)容货徙,見(jiàn)下一節(jié)
用戶在訪問(wèn)頁(yè)面后就會(huì)生成session以及cookie左权,但是這個(gè)session可以和用戶無(wú)關(guān),用戶執(zhí)行登錄操作后痴颊,會(huì)綁定用戶信息到session中去
session和cookie缺少一者赏迟,都需要重新登錄

接上文,在與第三方綁定過(guò)后蠢棱,一般會(huì)直接進(jìn)入應(yīng)用锌杀,對(duì)應(yīng)服務(wù)器會(huì)生成Session,客戶端會(huì)生成cookie泻仙,但是隨著時(shí)間流逝史翘,要么session會(huì)失效(服務(wù)器重啟什么的),要么cookie會(huì)失效(本地清除緩存)箩退,但是我們的需求是梨熙,只要綁定過(guò)后沃琅,從第三方進(jìn)入應(yīng)用,就是不需要登錄的究抓。
最關(guān)鍵的一點(diǎn)浮出水面了蒿柳,你知道我們應(yīng)該做什么事情嗎?漩蟆?
那就是重建Session(跳過(guò)登錄操作,綁定用戶信息到Session)


i流程圖

解釋下上面的流程圖

  1. 請(qǐng)求應(yīng)用頁(yè)的時(shí)候妓蛮,會(huì)帶上本地的cookie發(fā)送到服務(wù)器來(lái)校驗(yàn)對(duì)應(yīng)session是否存在以及有效怠李,如果有效,正常訪問(wèn)應(yīng)用頁(yè)蛤克,不需要進(jìn)行登錄或綁定
  2. 在第1步失敗的情況下捺癞,會(huì)跳轉(zhuǎn)到綁定頁(yè)面,首先從上下文中拿到第三方userid构挤,請(qǐng)求服務(wù)器接口判斷是否存在對(duì)應(yīng)用戶信息髓介,如果存在,把用戶信息綁定到當(dāng)前session,跳轉(zhuǎn)到目標(biāo)頁(yè)筋现。(session在訪問(wèn)綁定頁(yè)的時(shí)候會(huì)生成一個(gè))
  3. 如果第2步找不到用戶信息唐础,那么不進(jìn)行任何跳轉(zhuǎn),讓用戶進(jìn)行綁定操作

綁定操作矾飞,主要是把第三方用戶id和我們應(yīng)用內(nèi)用戶id以及其他信息綁定

下面開(kāi)始源碼分析一膨,我們應(yīng)該如何重建Session,看源碼還是有好處的洒沦,Shiro沒(méi)有特別來(lái)講這個(gè)東西豹绪。

3. Shiro源碼分析

3.1 Shiro對(duì)session的抽象

session接口

看下Session接口能讓我們對(duì)Session的理解更加深刻點(diǎn),主要講下其中幾個(gè)屬性
id:用來(lái)和cookie保存的用戶憑證匹配
touch:用來(lái)刷新session
stop:用來(lái)停止session
attribute: 我們的用戶詳細(xì)信息就保存在這里

3.2 Session的獲取與創(chuàng)建

3.2.1 Session的創(chuàng)建

Session的創(chuàng)建由DefaultSessionManager的doCreateSession方法實(shí)現(xiàn)

protected Session doCreateSession(SessionContext context) {
        Session s = newSessionInstance(context);
        if (log.isTraceEnabled()) {
            log.trace("Creating session for host {}", s.getHost());
        }
        create(s);
        return s;
    }

newSessionInstance方法中使用SessionFactory的createSession創(chuàng)建初始Session

public Session createSession(SessionContext initData) {
        if (initData != null) {
            String host = initData.getHost();
            if (host != null) {
                return new SimpleSession(host);
            }
        }
        return new SimpleSession();
    }

注意到其實(shí)只放了host申眼,sessionID在doCreateSession里的create方法里賦值

protected void create(Session session) {
        if (log.isDebugEnabled()) {
            log.debug("Creating new EIS record for new session instance [" + session + "]");
        }
        sessionDAO.create(session);
    }

可以看到create方法里使用sessionDAO.create(session)對(duì)session進(jìn)行里處理瞒津,我們看下框架提供的AbstractSessionDAO

public Serializable create(Session session) {
        Serializable sessionId = doCreate(session);
        verifySessionId(sessionId);
        return sessionId;
    }

這邊有個(gè)doCreate會(huì)返回sessionID蝉衣,也就是說(shuō)里面會(huì)對(duì)session構(gòu)建sessionid,與此同時(shí)巷蚪,sessionDAO本身的功能病毡,保存session到第三方存儲(chǔ)也在這里面實(shí)現(xiàn),我們看下MemorySessionDAO的實(shí)現(xiàn)

protected Serializable doCreate(Session session) {
        Serializable sessionId = generateSessionId(session);
        assignSessionId(session, sessionId);
        storeSession(sessionId, session);
        return sessionId;
    }

3.2.2 Session的獲取

Shiro獲取Session的邏輯在DefaultSessionManager的resolveSession方法中钓辆,過(guò)程分為兩步

protected Session retrieveSession(SessionKey sessionKey) throws UnknownSessionException {
        Serializable sessionId = getSessionId(sessionKey);//1
        if (sessionId == null) {
            log.debug("Unable to resolve session ID from SessionKey [{}].  Returning null to indicate a " +
                    "session could not be found.", sessionKey);
            return null;
        }
        Session s = retrieveSessionFromDataSource(sessionId);//2
        if (s == null) {
            //session ID was provided, meaning one is expected to be found, but we couldn't find one:
            String msg = "Could not find session with ID [" + sessionId + "]";
            throw new UnknownSessionException(msg);
        }
        return s;
    }
  1. 獲取sessionID

獲取SessionID由DefaultWebSessionManager的getSessionId方法實(shí)現(xiàn)

protected Serializable getSessionId(ServletRequest request, ServletResponse response) {
        return getReferencedSessionId(request, response);
    }

再來(lái)看下getReferencedSessionId的具體邏輯

private Serializable getReferencedSessionId(ServletRequest request, ServletResponse response) {

        String id = getSessionIdCookieValue(request, response);//1
        if (id != null) {
            request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE,
                    ShiroHttpServletRequest.COOKIE_SESSION_ID_SOURCE);
        } else {
            //not in a cookie, or cookie is disabled - try the request URI as a fallback (i.e. due to URL rewriting):

            //try the URI path segment parameters first:
            id = getUriPathSegmentParamValue(request, ShiroHttpSession.DEFAULT_SESSION_ID_NAME);//2

            if (id == null) {
                //not a URI path segment parameter, try the query parameters:
                String name = getSessionIdName();
                id = request.getParameter(name);//3
                if (id == null) {
                    //try lowercase:
                    id = request.getParameter(name.toLowerCase());//4
                }
            }
            if (id != null) {
                request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE,
                        ShiroHttpServletRequest.URL_SESSION_ID_SOURCE);
            }
        }
        if (id != null) {
            request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, id);
            //automatically mark it valid here.  If it is invalid, the
            //onUnknownSession method below will be invoked and we'll remove the attribute at that time.
            request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE);
        }
        return id;
    }

邏輯如下

  1. 通過(guò)getSessionIdCookieValue從cookie去獲取剪验,獲取不到,進(jìn)入下一步
  2. 調(diào)用getUriPathSegmentParamValue從url的Segement片段獲取前联,獲取不到功戚,進(jìn)入下一步
  3. 調(diào)用request.getParameter從url帶的參數(shù)中獲取,獲取不到似嗤,進(jìn)入下一步
  4. 調(diào)用request.getParameter從url帶的參數(shù)中獲取啸臀,但是對(duì)傳入的參數(shù)轉(zhuǎn)換為小寫

Segement片段,這部分不看源碼還真不知道有這東西,在URL中的位置如下烁落,
protocol://host:port/path;segement?param=value

2.獲取Session
在拿到SessionId之后就要通過(guò)SessionDao獲取Session了,先看下retrieveSessionFromDataSource方法

 protected Session retrieveSessionFromDataSource(Serializable sessionId) throws UnknownSessionException {
        return sessionDAO.readSession(sessionId);
    }

委托給了sessionDAO做處理乘粒,SessionDAO的主要作用是做Session的持久化存儲(chǔ)


SessionDAO

SessionDAO默認(rèn)實(shí)現(xiàn)為MemorySessionDAO,但是我們?yōu)榱酥С旨翰渴穑枰远x實(shí)現(xiàn)伤塌,一般使用Redis來(lái)擴(kuò)展

3.3session中用戶信息的設(shè)置和獲取

上面講了session的創(chuàng)建和獲取灯萍,其實(shí)都不是本文關(guān)鍵點(diǎn),我最關(guān)注的是Session里的用戶信息是怎么設(shè)置進(jìn)去的每聪,需要設(shè)置哪些內(nèi)容
用戶信息的設(shè)置旦棉,很明顯是登陸過(guò)后,我們看下登陸的方法做了什么
入口在DelegatingSubject的login方法

public void login(AuthenticationToken token) throws AuthenticationException {
        clearRunAsIdentitiesInternal();
        Subject subject = securityManager.login(this, token);

        PrincipalCollection principals;

        String host = null;

        if (subject instanceof DelegatingSubject) {
            DelegatingSubject delegating = (DelegatingSubject) subject;
            //we have to do this in case there are assumed identities - we don't want to lose the 'real' principals:
            principals = delegating.principals;
            host = delegating.host;
        } else {
            principals = subject.getPrincipals();
        }

        if (principals == null || principals.isEmpty()) {
            String msg = "Principals returned from securityManager.login( token ) returned a null or " +
                    "empty value.  This value must be non null and populated with one or more elements.";
            throw new IllegalStateException(msg);
        }
        this.principals = principals;
        this.authenticated = true;
        if (token instanceof HostAuthenticationToken) {
            host = ((HostAuthenticationToken) token).getHost();
        }
        if (host != null) {
            this.host = host;
        }
        Session session = subject.getSession(false);
        if (session != null) {
            this.session = decorate(session);
        } else {
            this.session = null;
        }
    }

這邊并沒(méi)有明顯的對(duì)session的操作药薯,但是我們可以發(fā)現(xiàn)

Subject subject = securityManager.login(this, token);

這句代碼生成了一個(gè)subject绑洛,并且后面的代碼,會(huì)把這個(gè)subject的內(nèi)容替換給當(dāng)前的subject童本,比如

Session session = subject.getSession(false);

那么對(duì)session設(shè)置用戶信息的代碼肯定在securityManager.login里面

public Subject login(Subject subject, AuthenticationToken token) throws AuthenticationException {
        AuthenticationInfo info;
        try {
            info = authenticate(token);
        } catch (AuthenticationException ae) {
            try {
                onFailedLogin(token, ae, subject);
            } catch (Exception e) {
                if (log.isInfoEnabled()) {
                    log.info("onFailedLogin method threw an " +
                            "exception.  Logging and propagating original AuthenticationException.", e);
                }
            }
            throw ae; //propagate
        }

        Subject loggedIn = createSubject(token, info, subject);

        onSuccessfulLogin(token, info, loggedIn);

        return loggedIn;
    }

在這個(gè)方法里面真屯,通過(guò)createSubject生成了subject,再次進(jìn)入

protected Subject createSubject(AuthenticationToken token, AuthenticationInfo info, Subject existing) {
        SubjectContext context = createSubjectContext();
        context.setAuthenticated(true);
        context.setAuthenticationToken(token);
        context.setAuthenticationInfo(info);
        if (existing != null) {
            context.setSubject(existing);
        }
        return createSubject(context);
    }

使用入?yún)?chuàng)建了上下文,然后調(diào)用上下文為參數(shù)的重載方法createSubject(context)
查看DefaultSecurityManager的createSubject(context)方法

 public Subject createSubject(SubjectContext subjectContext) {
        //create a copy so we don't modify the argument's backing map:
        SubjectContext context = copy(subjectContext);

        //ensure that the context has a SecurityManager instance, and if not, add one:
        context = ensureSecurityManager(context);

        //Resolve an associated Session (usually based on a referenced session ID), and place it in the context before
        //sending to the SubjectFactory.  The SubjectFactory should not need to know how to acquire sessions as the
        //process is often environment specific - better to shield the SF from these details:
        context = resolveSession(context);

        //Similarly, the SubjectFactory should not require any concept of RememberMe - translate that here first
        //if possible before handing off to the SubjectFactory:
        context = resolvePrincipals(context);

        Subject subject = doCreateSubject(context);

        //save this subject for future reference if necessary:
        //(this is needed here in case rememberMe principals were resolved and they need to be stored in the
        //session, so we don't constantly rehydrate the rememberMe PrincipalCollection on every operation).
        //Added in 1.2:
        save(subject);

        return subject;
    }

前面的代碼都是設(shè)置上下文穷娱,創(chuàng)建subject绑蔫,我們需要的邏輯在save方法里

protected void save(Subject subject) {
        this.subjectDAO.save(subject);
    }

public Subject save(Subject subject) {
        if (isSessionStorageEnabled(subject)) {
            saveToSession(subject);
        } else {
            log.trace("Session storage of subject state for Subject [{}] has been disabled: identity and " +
                    "authentication state are expected to be initialized on every request or invocation.", subject);
        }

        return subject;
    }

 protected void saveToSession(Subject subject) {
        //performs merge logic, only updating the Subject's session if it does not match the current state:
        mergePrincipals(subject);
        mergeAuthenticationState(subject);
    }

終于找到這個(gè)看起來(lái)很像的saveToSession方法
很明顯在mergePrincipals方法里,繼續(xù)

protected void mergePrincipals(Subject subject) {
        //merge PrincipalCollection state:

        PrincipalCollection currentPrincipals = null;

        //SHIRO-380: added if/else block - need to retain original (source) principals
        //This technique (reflection) is only temporary - a proper long term solution needs to be found,
        //but this technique allowed an immediate fix that is API point-version forwards and backwards compatible
        //
        //A more comprehensive review / cleaning of runAs should be performed for Shiro 1.3 / 2.0 +
        if (subject.isRunAs() && subject instanceof DelegatingSubject) {
            try {
                Field field = DelegatingSubject.class.getDeclaredField("principals");
                field.setAccessible(true);
                currentPrincipals = (PrincipalCollection)field.get(subject);
            } catch (Exception e) {
                throw new IllegalStateException("Unable to access DelegatingSubject principals property.", e);
            }
        }
        if (currentPrincipals == null || currentPrincipals.isEmpty()) {
            currentPrincipals = subject.getPrincipals();
        }

        Session session = subject.getSession(false);

        if (session == null) {
            if (!isEmpty(currentPrincipals)) {
                session = subject.getSession();
                session.setAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY, currentPrincipals);
            }
            // otherwise no session and no principals - nothing to save
        } else {
            PrincipalCollection existingPrincipals =
                    (PrincipalCollection) session.getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);

            if (isEmpty(currentPrincipals)) {
                if (!isEmpty(existingPrincipals)) {
                    session.removeAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);
                }
                // otherwise both are null or empty - no need to update the session
            } else {
                if (!currentPrincipals.equals(existingPrincipals)) {
                    session.setAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY, currentPrincipals);
                }
                // otherwise they're the same - no need to update the session
            }
        }
    }

可以觀察到用戶信息被設(shè)置到session的attribute里鄙煤,key為DefaultSubjectContext.PRINCIPALS_SESSION_KEY

當(dāng)然mergeAuthenticationState也是必須的

protected void mergeAuthenticationState(Subject subject) {

        Session session = subject.getSession(false);

        if (session == null) {
            if (subject.isAuthenticated()) {
                session = subject.getSession();
                session.setAttribute(DefaultSubjectContext.AUTHENTICATED_SESSION_KEY, Boolean.TRUE);
            }
            //otherwise no session and not authenticated - nothing to save
        } else {
            Boolean existingAuthc = (Boolean) session.getAttribute(DefaultSubjectContext.AUTHENTICATED_SESSION_KEY);

            if (subject.isAuthenticated()) {
                if (existingAuthc == null || !existingAuthc) {
                    session.setAttribute(DefaultSubjectContext.AUTHENTICATED_SESSION_KEY, Boolean.TRUE);
                }
                //otherwise authc state matches - no need to update the session
            } else {
                if (existingAuthc != null) {
                    //existing doesn't match the current state - remove it:
                    session.removeAttribute(DefaultSubjectContext.AUTHENTICATED_SESSION_KEY);
                }
                //otherwise not in the session and not authenticated - no need to update the session
            }
        }
    }

他會(huì)在session里面設(shè)置DefaultSubjectContext.AUTHENTICATED_SESSION_KEY晾匠,值為true是表示session內(nèi)的用戶信息是驗(yàn)證過(guò)后的,有效的

那么我們的問(wèn)題也解決了梯刚,我們只需要把第三方id和用戶信息綁定關(guān)系存下來(lái)凉馆,然后在綁定頁(yè)面渲染之前判斷當(dāng)前第三方id是否綁定了用戶信息,如果有,直接在當(dāng)前session對(duì)象塞入這2個(gè)內(nèi)容澜共,并且返回true給前端向叉,讓前端執(zhí)行重定向。重定向到其他子系統(tǒng)的時(shí)候嗦董,shiro框架會(huì)重新根據(jù)sessionid去查詢session是否有效母谎,此時(shí)session已經(jīng)有效了,能正常訪問(wèn)子系統(tǒng)頁(yè)面

目標(biāo)頁(yè)的系統(tǒng)也集成了我單點(diǎn)登陸的shiro配置京革,所以會(huì)在shirofilter里面校驗(yàn)session是否存在并且有效奇唤,然后進(jìn)入系統(tǒng),而不是跳轉(zhuǎn)到單點(diǎn)登陸

在我Demo中也模擬了這個(gè)免登陸功能
查詢用戶是否綁定接口代碼如下

@GetMapping("/isUserBind")
    @ResponseBody
    public WebResult isUserBind(@RequestParam("thirdUserId")String thirdUserId){
        if(!UserBindInfoCache.containsKey(thirdUserId)){
            return new WebResult(null,false);
        }
        Subject subject =SecurityUtils.getSubject();
        Session session = subject.getSession(false);
        SessionKey sessionKey = new DefaultSessionKey(session.getId());
        Principal principal = UserBindInfoCache.get(thirdUserId);
        SimplePrincipalCollection simplePrincipalCollection = new SimplePrincipalCollection(principal, AuthenticationRealm.class.getName());
        sessionManager.setAttribute(sessionKey, DefaultSubjectContext.PRINCIPALS_SESSION_KEY,simplePrincipalCollection);
        sessionManager.setAttribute(sessionKey, DefaultSubjectContext.AUTHENTICATED_SESSION_KEY,true);
        return new WebResult(null,true);


    }

前端邏輯代碼如下

    <script>
        //模擬第三方環(huán)境
        var thirdUserId ="abcd1234";

        $(function () {

            $.get("/isUserBind",{
                thirdUserId:thirdUserId
            },function (result) {
                if(result.flag==true){
                    window.location.href = $('#redirectUrl').val();
                }else{
                    $('#bindPage').removeClass('hidden')
                }
            },"json")

            $('#loginButton').click(function (event) {
                event.preventDefault()
                var username = $('#username').val();
                var password = $('#password').val();
                var redirectUrl = $('#redirectUrl').val();
                $.post("/bind",{
                    username:username,
                    password:password,
                    thirdUserId:thirdUserId
                },function (result) {
                    console.log(JSON.stringify(result));
                    if(result.flag==true){
                        window.location.href=redirectUrl;
                    }
                },"json")
            })
        })
    </script>

4.代碼分享

地址

最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
  • 序言:七十年代末匹摇,一起剝皮案震驚了整個(gè)濱河市咬扇,隨后出現(xiàn)的幾起案子,更是在濱河造成了極大的恐慌廊勃,老刑警劉巖懈贺,帶你破解...
    沈念sama閱讀 211,817評(píng)論 6 492
  • 序言:濱河連續(xù)發(fā)生了三起死亡事件,死亡現(xiàn)場(chǎng)離奇詭異坡垫,居然都是意外死亡梭灿,警方通過(guò)查閱死者的電腦和手機(jī),發(fā)現(xiàn)死者居然都...
    沈念sama閱讀 90,329評(píng)論 3 385
  • 文/潘曉璐 我一進(jìn)店門冰悠,熙熙樓的掌柜王于貴愁眉苦臉地迎上來(lái)堡妒,“玉大人,你說(shuō)我怎么就攤上這事溉卓√樵椋” “怎么了?”我有些...
    開(kāi)封第一講書(shū)人閱讀 157,354評(píng)論 0 348
  • 文/不壞的土叔 我叫張陵的诵,是天一觀的道長(zhǎng)。 經(jīng)常有香客問(wèn)我佑钾,道長(zhǎng)西疤,這世上最難降的妖魔是什么? 我笑而不...
    開(kāi)封第一講書(shū)人閱讀 56,498評(píng)論 1 284
  • 正文 為了忘掉前任休溶,我火速辦了婚禮代赁,結(jié)果婚禮上,老公的妹妹穿的比我還像新娘兽掰。我一直安慰自己芭碍,他們只是感情好,可當(dāng)我...
    茶點(diǎn)故事閱讀 65,600評(píng)論 6 386
  • 文/花漫 我一把揭開(kāi)白布孽尽。 她就那樣靜靜地躺著窖壕,像睡著了一般。 火紅的嫁衣襯著肌膚如雪。 梳的紋絲不亂的頭發(fā)上瞻讽,一...
    開(kāi)封第一講書(shū)人閱讀 49,829評(píng)論 1 290
  • 那天鸳吸,我揣著相機(jī)與錄音,去河邊找鬼速勇。 笑死晌砾,一個(gè)胖子當(dāng)著我的面吹牛,可吹牛的內(nèi)容都是我干的烦磁。 我是一名探鬼主播养匈,決...
    沈念sama閱讀 38,979評(píng)論 3 408
  • 文/蒼蘭香墨 我猛地睜開(kāi)眼,長(zhǎng)吁一口氣:“原來(lái)是場(chǎng)噩夢(mèng)啊……” “哼都伪!你這毒婦竟也來(lái)了呕乎?” 一聲冷哼從身側(cè)響起,我...
    開(kāi)封第一講書(shū)人閱讀 37,722評(píng)論 0 266
  • 序言:老撾萬(wàn)榮一對(duì)情侶失蹤院溺,失蹤者是張志新(化名)和其女友劉穎楣嘁,沒(méi)想到半個(gè)月后,有當(dāng)?shù)厝嗽跇?shù)林里發(fā)現(xiàn)了一具尸體珍逸,經(jīng)...
    沈念sama閱讀 44,189評(píng)論 1 303
  • 正文 獨(dú)居荒郊野嶺守林人離奇死亡逐虚,尸身上長(zhǎng)有42處帶血的膿包…… 初始之章·張勛 以下內(nèi)容為張勛視角 年9月15日...
    茶點(diǎn)故事閱讀 36,519評(píng)論 2 327
  • 正文 我和宋清朗相戀三年,在試婚紗的時(shí)候發(fā)現(xiàn)自己被綠了谆膳。 大學(xué)時(shí)的朋友給我發(fā)了我未婚夫和他白月光在一起吃飯的照片叭爱。...
    茶點(diǎn)故事閱讀 38,654評(píng)論 1 340
  • 序言:一個(gè)原本活蹦亂跳的男人離奇死亡,死狀恐怖漱病,靈堂內(nèi)的尸體忽然破棺而出买雾,到底是詐尸還是另有隱情,我是刑警寧澤杨帽,帶...
    沈念sama閱讀 34,329評(píng)論 4 330
  • 正文 年R本政府宣布漓穿,位于F島的核電站,受9級(jí)特大地震影響注盈,放射性物質(zhì)發(fā)生泄漏晃危。R本人自食惡果不足惜,卻給世界環(huán)境...
    茶點(diǎn)故事閱讀 39,940評(píng)論 3 313
  • 文/蒙蒙 一老客、第九天 我趴在偏房一處隱蔽的房頂上張望僚饭。 院中可真熱鬧,春花似錦胧砰、人聲如沸鳍鸵。這莊子的主人今日做“春日...
    開(kāi)封第一講書(shū)人閱讀 30,762評(píng)論 0 21
  • 文/蒼蘭香墨 我抬頭看了看天上的太陽(yáng)偿乖。三九已至击罪,卻和暖如春,著一層夾襖步出監(jiān)牢的瞬間汹想,已是汗流浹背外邓。 一陣腳步聲響...
    開(kāi)封第一講書(shū)人閱讀 31,993評(píng)論 1 266
  • 我被黑心中介騙來(lái)泰國(guó)打工, 沒(méi)想到剛下飛機(jī)就差點(diǎn)兒被人妖公主榨干…… 1. 我叫王不留古掏,地道東北人损话。 一個(gè)月前我還...
    沈念sama閱讀 46,382評(píng)論 2 360
  • 正文 我出身青樓,卻偏偏與公主長(zhǎng)得像槽唾,于是被迫代替她去往敵國(guó)和親丧枪。 傳聞我的和親對(duì)象是個(gè)殘疾皇子,可洞房花燭夜當(dāng)晚...
    茶點(diǎn)故事閱讀 43,543評(píng)論 2 349

推薦閱讀更多精彩內(nèi)容