springboot集成shiro后,shiro將封裝java web session,實現(xiàn)了自己的session管理機(jī)制,要使得session達(dá)到集群下的共享功能,就需要將session進(jìn)行統(tǒng)一管理,這里我們可以使用redis緩存數(shù)據(jù)庫實現(xiàn)session的存儲
實現(xiàn)思路:
1、RedisSessionDao繼承EnterpriseCacheSessionDAO,完成session的底層CRUD數(shù)據(jù)庫操作,說白了,就是在redis緩存中對session的增刪改查操作
2、ShiroConfig中注入redisSessionDao
具體實現(xiàn):
1. RedisSessionDao
package com.sj.vip.shiro;
import java.io.Serializable;
import java.util.Collection;
import java.util.concurrent.TimeUnit;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.stereotype.Component;
import com.sj.vip.utils.LoggerUtil;
/**
* redis實現(xiàn)session共享
* @author Administrator
*
*/
@Component
public class RedisSessionDao extends EnterpriseCacheSessionDAO{
//session在redis中的過期時間:30分鐘 30*60s
private static final int expireTime = 1800;
//redis中session名稱前綴
private static String prefix = "sessionId:";
@Autowired
private RedisTemplate<Object, Object> redisTemplate;
// 創(chuàng)建session,保存到數(shù)據(jù)庫
@Override
protected Serializable doCreate(Session session) {
Serializable sessionId = super.doCreate(session);
LoggerUtil.info(getClass(), "創(chuàng)建session:"+session.getId());
redisTemplate.opsForValue().set(prefix + sessionId.toString(), session);
return sessionId;
}
// 獲取session
@Override
protected Session doReadSession(Serializable sessionId) {
LoggerUtil.info(getClass(), "讀取session:"+sessionId);
// 先從緩存中獲取session,如果沒有再去數(shù)據(jù)庫中獲取
Session session = super.doReadSession(sessionId);
if(session == null){
session = (Session) redisTemplate.opsForValue().get(prefix + sessionId.toString());
}
return session;
}
// 更新session的最后一次訪問時間
@Override
protected void doUpdate(Session session) {
super.doUpdate(session);
LoggerUtil.info(getClass(), "更新session:"+session.getId());
String key = prefix + session.getId().toString();
if (!redisTemplate.hasKey(key)) {
redisTemplate.opsForValue().set(key, session);
}
redisTemplate.expire(key, expireTime, TimeUnit.SECONDS);
}
//刪除session
@Override
protected void doDelete(Session session) {
LoggerUtil.info(getClass(), "刪除session:"+session.getId());
super.doDelete(session);
redisTemplate.delete(prefix + session.getId().toString());
}
//獲取當(dāng)前活動的session
@Override
public Collection<Session> getActiveSessions() {
return super.getActiveSessions();
}
}
2. ShiroConfig
package com.sj.vip.shiro;
import java.util.LinkedHashMap;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class ShiroConfig {
@Autowired
RedisSessionDao sessionDao;
@Bean
public SessionManager sessionManager() {
DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
sessionManager.setSessionDAO(sessionDao);
// sessionManager.setGlobalSessionTimeout(1800);
// SecurityUtils.getSubject().getSession().setTimeout(-1000l);
return sessionManager;
}
//配置核心安全事務(wù)管理器
@Bean
public DefaultWebSecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(authRealm());
securityManager.setSessionManager(sessionManager());
return securityManager;
}
@Bean
public ShiroFilterFactoryBean shiroFilter(@Qualifier("securityManager") SecurityManager manager){
MyShiroFilterFactoryBean bean = new MyShiroFilterFactoryBean();
bean.setSecurityManager(manager);
//LoginUrl是用戶首次進(jìn)入時的登陸頁面
//SuccessUrl是登陸成功后自動跳轉(zhuǎn)的頁面
//authc是需要用戶登陸才能訪問的頁面
//anon是不需要登陸就能直接訪問的頁面
bean.setLoginUrl("/login");
bean.setUnauthorizedUrl("/403");
//配置訪問權(quán)限 攔截器
LinkedHashMap<String, String> filterChainDefinitionMap=new LinkedHashMap<String, String>();
filterChainDefinitionMap.put("/static/**", "anon");//表示可以匿名訪問
filterChainDefinitionMap.put("/", "anon");
filterChainDefinitionMap.put("/index", "anon");
filterChainDefinitionMap.put("/login", "anon");
filterChainDefinitionMap.put("/logout", "anon");
filterChainDefinitionMap.put("/register","anon");
filterChainDefinitionMap.put("/checkUsernameExists","anon");
filterChainDefinitionMap.put("/403","anon");
filterChainDefinitionMap.put("/qqLogin", "anon");
filterChainDefinitionMap.put("/qqCallback", "anon");
filterChainDefinitionMap.put("/wxLogin", "anon");
filterChainDefinitionMap.put("/wxCallback", "anon");
filterChainDefinitionMap.put("/*", "authc");//表示需要認(rèn)證才可以訪問
bean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return bean;
}
//身份認(rèn)證
@Bean
public AuthRealm authRealm() {
AuthRealm authRealm = new AuthRealm();
return authRealm;
}
// //配置自定義的權(quán)限登錄器
// @Bean(name="authRealm")
// public AuthRealm authRealm(@Qualifier("credentialsMatcher") CredentialsMatcher matcher) {
// AuthRealm authRealm=new AuthRealm();
// authRealm.setCredentialsMatcher(matcher);
// return authRealm;
// }
}