springboot+redis管理shiro session實現(xiàn)session集群

springboot集成shiro后,shiro將封裝java web session,實現(xiàn)了自己的session管理機(jī)制,要使得session達(dá)到集群下的共享功能,就需要將session進(jìn)行統(tǒng)一管理,這里我們可以使用redis緩存數(shù)據(jù)庫實現(xiàn)session的存儲

實現(xiàn)思路:
1、RedisSessionDao繼承EnterpriseCacheSessionDAO,完成session的底層CRUD數(shù)據(jù)庫操作,說白了,就是在redis緩存中對session的增刪改查操作
2、ShiroConfig中注入redisSessionDao

具體實現(xiàn):

1. RedisSessionDao

package com.sj.vip.shiro;

import java.io.Serializable;
import java.util.Collection;
import java.util.concurrent.TimeUnit;

import org.apache.shiro.session.Session;
import org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.stereotype.Component;

import com.sj.vip.utils.LoggerUtil;

/**
 * redis實現(xiàn)session共享
 * @author Administrator
 *
 */
@Component
public class RedisSessionDao extends EnterpriseCacheSessionDAO{

    //session在redis中的過期時間:30分鐘 30*60s
    private static final int expireTime = 1800;
    
    //redis中session名稱前綴
    private static String prefix = "sessionId:";
    
    @Autowired
    private RedisTemplate<Object, Object> redisTemplate;
    
    // 創(chuàng)建session,保存到數(shù)據(jù)庫
    @Override
    protected Serializable doCreate(Session session) {
        Serializable sessionId = super.doCreate(session);
        LoggerUtil.info(getClass(), "創(chuàng)建session:"+session.getId());
        redisTemplate.opsForValue().set(prefix + sessionId.toString(), session);
        return sessionId;
    }
    
    // 獲取session
    @Override
    protected Session doReadSession(Serializable sessionId) {
        LoggerUtil.info(getClass(), "讀取session:"+sessionId);
        // 先從緩存中獲取session,如果沒有再去數(shù)據(jù)庫中獲取
        Session session = super.doReadSession(sessionId);
        if(session == null){
            session = (Session) redisTemplate.opsForValue().get(prefix + sessionId.toString());
        }
        return session;
    }

    // 更新session的最后一次訪問時間
    @Override
    protected void doUpdate(Session session) {
        super.doUpdate(session);
        LoggerUtil.info(getClass(), "更新session:"+session.getId());
        String key = prefix + session.getId().toString();
        if (!redisTemplate.hasKey(key)) {
            redisTemplate.opsForValue().set(key, session);
        }
        redisTemplate.expire(key, expireTime, TimeUnit.SECONDS);
    }

    //刪除session
    @Override
    protected void doDelete(Session session) {
        LoggerUtil.info(getClass(), "刪除session:"+session.getId());
        super.doDelete(session);
        redisTemplate.delete(prefix + session.getId().toString());
    }
    
    //獲取當(dāng)前活動的session
    @Override
    public Collection<Session> getActiveSessions() {
        return super.getActiveSessions();
    }
    
}

2. ShiroConfig

package com.sj.vip.shiro;

import java.util.LinkedHashMap;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class ShiroConfig {
    
    @Autowired
    RedisSessionDao sessionDao;
    
    @Bean
    public SessionManager sessionManager() {
        DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
        sessionManager.setSessionDAO(sessionDao);
//        sessionManager.setGlobalSessionTimeout(1800);
//        SecurityUtils.getSubject().getSession().setTimeout(-1000l);
        return sessionManager;
    }
    
    //配置核心安全事務(wù)管理器
    @Bean
    public DefaultWebSecurityManager securityManager() {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(authRealm());
        securityManager.setSessionManager(sessionManager());
        return securityManager;
    }
    
    @Bean
    public ShiroFilterFactoryBean shiroFilter(@Qualifier("securityManager") SecurityManager manager){
        MyShiroFilterFactoryBean bean = new MyShiroFilterFactoryBean();
        bean.setSecurityManager(manager);
        //LoginUrl是用戶首次進(jìn)入時的登陸頁面
        //SuccessUrl是登陸成功后自動跳轉(zhuǎn)的頁面
        //authc是需要用戶登陸才能訪問的頁面
        //anon是不需要登陸就能直接訪問的頁面
        bean.setLoginUrl("/login");
        bean.setUnauthorizedUrl("/403");
        //配置訪問權(quán)限 攔截器
        LinkedHashMap<String, String> filterChainDefinitionMap=new LinkedHashMap<String, String>();
        filterChainDefinitionMap.put("/static/**", "anon");//表示可以匿名訪問
        filterChainDefinitionMap.put("/", "anon"); 
        filterChainDefinitionMap.put("/index", "anon"); 
        filterChainDefinitionMap.put("/login", "anon"); 
        filterChainDefinitionMap.put("/logout", "anon");
        filterChainDefinitionMap.put("/register","anon");
        filterChainDefinitionMap.put("/checkUsernameExists","anon");
        filterChainDefinitionMap.put("/403","anon");
        filterChainDefinitionMap.put("/qqLogin", "anon");
        filterChainDefinitionMap.put("/qqCallback", "anon");
        filterChainDefinitionMap.put("/wxLogin", "anon"); 
        filterChainDefinitionMap.put("/wxCallback", "anon");
        filterChainDefinitionMap.put("/*", "authc");//表示需要認(rèn)證才可以訪問
        bean.setFilterChainDefinitionMap(filterChainDefinitionMap);
        return bean;
    }
    
    //身份認(rèn)證
    @Bean
    public AuthRealm authRealm() {
        AuthRealm authRealm = new AuthRealm();
        return authRealm;
    }
    
//    //配置自定義的權(quán)限登錄器
//    @Bean(name="authRealm")
//    public AuthRealm authRealm(@Qualifier("credentialsMatcher") CredentialsMatcher matcher) {
//        AuthRealm authRealm=new AuthRealm();
//        authRealm.setCredentialsMatcher(matcher);
//        return authRealm;
//    }
    
}
最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
平臺聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點,簡書系信息發(fā)布平臺,僅提供信息存儲服務(wù)。

推薦閱讀更多精彩內(nèi)容